☁️🔒 Welcome to the Cloud Security Resources ☁️🔒

🔍 In this repository, you'll find a collection of my recommended links and resources for staying updated on the latest trends, best practices, and tools in cloud security. Feel free to explore and utilize these resources to enhance your knowledge and practices.

🔍 My main goal for selecting these links is collecting tools that get updates regularly, we do not want to use old ones. As you know, we need to follow the latest best practices and trends in cloud security.

🧠 Cloud Security Posture Management (CSPM)

Resource Name	Description
CloudSploit	CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: AWS, Microsoft Azure, GCP, OCI, and GitHub.
cartography	Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view.
cloud-custodian	Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources.
Cloudquery	Use as an open source CSPM solution to monitor and enforce security policies across your cloud infrastructure for AWS, GCP, Azure and many more.
ElectricEye	ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring
Magpie	A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
Prowler	Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.
ScoutSuite	Multi-Cloud Security Auditing Tool
steampipe-mod-aws-compliance	Individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts
Komiser	Open-source cloud-environment inspector.
ZeusCloud	Discover, prioritize, and remediate your risks in the cloud.

🕵️‍♀️ Cloud Pentesting Tools

Resource Name	Description
Cloudfox	Automating situational awareness for cloud penetration tests.
hackingthe.cloud	An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
cloud_enum	Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
pacu	The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
CloudBrute	Awesome cloud enumerator.
TBD	TBD

✍🏻 Cloud Pentesting Labs

Resource Name	Description
AWSGoat	AWSGoat : A Damn Vulnerable AWS Infrastructure
Big IAM Challenge by Wiz	Test Your Cloud Security Skills
iam-vulnerable	Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
cloudgoat	CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool.

👁 Cloud Asset Management & Activity Monitoring

Resource Name	Description
aws-list-resources	List your AWS resources in a given AWS account and region(s).
aws-summarize-account-activity	Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.

🦾 Infrastructure as Code (IaC) Security

Resource Name	Description
Checkov	Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code
cdk-nag	Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code
kics	Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
terrascan	Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
tfsec	Security scanner for your Terraform code