Defensive (Hardening, Security Assessment, Inventory)
Scout2: https://github.com/nccgroup/Scout2 - Security auditing tool for AWS environments (Python) Prowler: https://github.com/toniblyx/prowler - CIS benchmarks and additional checks for security best practices in AWS (Shell Script) Scans: https://github.com/cloudsploit/scans - AWS security scanning checks (NodeJS) CloudMapper: https://github.com/duo-labs/cloudmapper - helps you analyze your AWS environments (Python) CloudTracker: https://github.com/duo-labs/cloudtracker - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python) AWS Security Benchmarks: https://github.com/awslabs/aws-security-benchmark - scrips and templates guidance related to the AWS CIS Foundation framework (Python) AWS Public IPs: https://github.com/arkadiyt/aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby) PMapper: https://github.com/nccgroup/PMapper - Advanced and Automated AWS IAM Evaluation (Python) AWS-Inventory: https://github.com/nccgroup/aws-inventory - Make a inventory of all your resources across regions (Python) Resource Counter: https://github.com/disruptops/resource-counter - Counts number of resources in categories across regions ICE: https://github.com/Teevity/ice - Ice provides insights from a usage and cost perspective, with high detail dashboards. Offensive:
weirdALL: https://github.com/carnal0wnage/weirdAAL - AWS Attack Library Pacu: https://github.com/RhinoSecurityLabs/pacu - AWS penetration testing toolkit Cred Scanner: https://github.com/disruptops/cred_scanner AWS PWN: https://github.com/dagrz/aws_pwn Cloudfrunt: https://github.com/MindPointGroup/cloudfrunt Cloudjack: https://github.com/prevade/cloudjack Nimbostratus: https://github.com/andresriancho/nimbostratus Continuous Security Auditing:
Security Monkey: https://github.com/Netflix/security_monkey Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus Cloud Inquisitor: https://github.com/RiotGames/cloud-inquisitor CloudCustodian: https://github.com/capitalone/cloud-custodian Disable keys after X days: https://github.com/te-papa/aws-key-disabler Repokid Least Privilege: https://github.com/Netflix/repokid Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html DFIR:
AWS IR: https://github.com/ThreatResponse/aws_ir - AWS specific Incident Response and Forensics Tool Margaritashotgun: https://github.com/ThreatResponse/margaritashotgun - Linux memory remote acquisition tool LiMEaide: https://kd8bny.github.io/LiMEaide/ - Linux memory remote acquisition tool Diffy: https://github.com/Netflix-Skunkworks/diffy - Triage tool used during cloud-centric security incidents Development Security:
CFN NAG: https://github.com/stelligent/cfn_nag - CloudFormation security test (Ruby) Git-secrets: https://github.com/awslabs/git-secrets Repository of sample Custom Rules for AWS Config: https://github.com/awslabs/aws-config-rules S3 Buckets Auditing:
https://github.com/Parasimpaticki/sandcastle https://github.com/smiegles/mass3 https://github.com/koenrh/s3enum https://github.com/tomdev/teh_s3_bucketeers/ https://github.com/eth0izzle/bucket-stream https://github.com/gwen001/s3-buckets-finder https://github.com/aaparmeggiani/s3find https://github.com/bbb31/slurp https://github.com/random-robbie/slurp https://github.com/kromtech/s3-inspector https://github.com/petermbenjamin/s3-fuzzer https://github.com/jordanpotti/AWSBucketDump https://github.com/bear/s3scan https://github.com/sa7mon/S3Scanner https://github.com/magisterquis/s3finder https://github.com/abhn/S3Scan https://breachinsider.com/honey-buckets/ https://www.buckhacker.com | https://www.thebuckhacker.com/ [Currently Offline] https://buckets.grayhatwarfare.com/ Training:
http://flaws.cloud/ Others:
https://github.com/nagwww/s3-leaks - a list of some biggest leaks recorded