Convert Figma logo to code with AI

toniblyx logomy-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

8,936
1,512
8,936
3

Top Related Projects

Multi-Cloud Security Auditing Tool

Cloud Security Posture Management (CSPM)

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

4,352

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

10,707

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Quick Overview

The "my-arsenal-of-aws-security-tools" repository is a curated list of open-source tools for AWS security, auditing, forensics, and incident response. It serves as a comprehensive resource for security professionals, DevOps engineers, and AWS administrators to enhance their cloud security posture and streamline security-related tasks on the AWS platform.

Pros

  • Extensive collection of tools covering various aspects of AWS security
  • Regularly updated with new tools and resources
  • Well-organized and categorized for easy navigation
  • Includes both official AWS tools and community-contributed projects

Cons

  • May be overwhelming for beginners due to the large number of tools listed
  • Some listed tools might become outdated or deprecated over time
  • Lacks detailed information on tool usage and implementation
  • Does not provide direct comparisons or recommendations between similar tools

Getting Started

As this is not a code library but a curated list of tools, there is no specific code or installation process. To get started:

  1. Visit the repository at https://github.com/toniblyx/my-arsenal-of-aws-security-tools
  2. Browse through the categories to find tools relevant to your needs
  3. Click on the tool links to access their respective repositories or documentation
  4. Follow the installation and usage instructions provided by each individual tool

Note: It's recommended to review the AWS documentation and best practices before implementing any security tools in your environment.

Competitor Comparisons

Multi-Cloud Security Auditing Tool

Pros of ScoutSuite

  • Comprehensive multi-cloud security auditing tool supporting AWS, Azure, GCP, and more
  • Provides an interactive HTML report for easy analysis of security findings
  • Actively maintained with regular updates and new features

Cons of ScoutSuite

  • Focuses solely on cloud security auditing, while my-arsenal-of-aws-security-tools offers a broader range of AWS security tools
  • Requires more setup and configuration compared to the curated list approach of my-arsenal-of-aws-security-tools
  • May have a steeper learning curve for users new to cloud security auditing

Code Comparison

ScoutSuite (Python):

from ScoutSuite.core.cli_parser import ScoutSuiteArgumentParser
from ScoutSuite.core.console_manager import ConsoleManager
from ScoutSuite.core.exceptions import ScoutException
from ScoutSuite.core.processingengine import ProcessingEngine
from ScoutSuite.core.ruleset import Ruleset

my-arsenal-of-aws-security-tools (Markdown):

## S3 Buckets Auditing
* [Amazon S3 Bucket Public Access Auditor](https://github.com/kromtech/s3-inspector) - A tool to check if your Amazon S3 buckets are public
* [S3 Inspector](https://github.com/kromtech/s3-inspector) - Tool to check AWS S3 bucket permissions
* [S3 Bucket Finder](https://github.com/gwen001/s3-buckets-finder) - Find AWS S3 buckets and dump their content

Cloud Security Posture Management (CSPM)

Pros of CloudSploit

  • Actively maintained and regularly updated
  • Supports multiple cloud providers (AWS, Azure, GCP, Oracle)
  • Provides a user-friendly web interface for easier management

Cons of CloudSploit

  • Focused primarily on cloud security, while my-arsenal-of-aws-security-tools covers a broader range of AWS tools
  • May require more setup and configuration compared to the curated list approach

Code Comparison

CloudSploit (JavaScript):

exports.run = function(cache, settings, callback) {
    const results = [];
    const source = {};
    const regions = helpers.regions(settings);

    async.each(regions.s3, function(region, rcb) {
        const listBuckets = helpers.addSource(cache, source,
            ['s3', 'listBuckets', region]);

        if (!listBuckets) return rcb();

        if (listBuckets.err || !listBuckets.data) {
            helpers.addResult(results, 3,
                'Unable to query for S3 buckets: ' + helpers.addError(listBuckets), region);
            return rcb();
        }

        if (!listBuckets.data.length) {
            helpers.addResult(results, 0, 'No S3 buckets found', region);
            return rcb();
        }

        listBuckets.data.forEach(function(bucket) {
            const resource = 'arn:aws:s3:::' + bucket.Name;
            helpers.addResult(results, 0, 'Bucket: ' + bucket.Name + ' is secure', region, resource);
        });

        rcb();
    }, function() {
        callback(null, results, source);
    });
};

my-arsenal-of-aws-security-tools (Markdown):

## S3
* [Amazon S3 Crypto](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) - Client-side encryption for S3 buckets
* [s3-inspector](https://github.com/kromtech/s3-inspector) - Tool to check AWS S3 bucket permissions
* [S3 Browser](https://s3browser.com) - Freeware Windows client for Amazon S3
* [S3Scanner](https://github.com/sa7mon/S3Scanner) - Scan for open S3 buckets and dump contents
* [S3 Bucket Finder](https://github.com/gwen001/s3-buckets-finder) - Find AWS S3 buckets and extract content

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Pros of CloudMapper

  • Provides visual representation of AWS environments, making it easier to understand complex infrastructures
  • Offers network mapping capabilities, allowing users to identify potential security risks in network configurations
  • Includes a web-based interface for easier interaction and exploration of AWS resources

Cons of CloudMapper

  • Focuses primarily on visualization and mapping, lacking the comprehensive security tool collection found in my-arsenal-of-aws-security-tools
  • May require more setup and configuration compared to the curated list of tools in my-arsenal-of-aws-security-tools
  • Limited to AWS environments, while my-arsenal-of-aws-security-tools covers a broader range of cloud security tools

Code Comparison

CloudMapper:

from cloudmapper.webserver import run_webserver
from cloudmapper.prepare import prepare

prepare()
run_webserver()

my-arsenal-of-aws-security-tools:

## S3 Buckets Auditing
* [Amazon S3 Bucket Public Access Auditor](https://github.com/kromtech/s3-inspector)
* [S3 bucket finder](https://github.com/gwen001/s3-buckets-finder)

CloudMapper provides Python code for running the tool, while my-arsenal-of-aws-security-tools is primarily a curated list of tools with links and descriptions.

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Pros of Cloudsplaining

  • Focused specifically on IAM policy analysis and visualization
  • Provides detailed HTML reports for easy sharing and interpretation
  • Actively maintained by Salesforce, a major cloud security player

Cons of Cloudsplaining

  • Limited to IAM policy analysis, while My Arsenal of AWS Security Tools covers a broader range of AWS security aspects
  • Requires more setup and configuration compared to the curated list approach of My Arsenal of AWS Security Tools
  • Less comprehensive in terms of overall AWS security tooling

Code Comparison

Cloudsplaining:

from cloudsplaining.scan.policy_document import PolicyDocument
policy = PolicyDocument(policy_dict)
print(policy.all_allowed_actions)

My Arsenal of AWS Security Tools:

# No specific code, as it's a curated list of tools
# Example usage of a tool from the list:
prowler aws --profile my-profile

The code comparison highlights the difference in approach: Cloudsplaining is a specific tool with its own API, while My Arsenal of AWS Security Tools is a collection of various tools, each with its own usage patterns.

4,352

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Pros of pacu

  • Comprehensive AWS exploitation framework with modular design
  • Active development and regular updates
  • Includes a command-line interface for easy interaction

Cons of pacu

  • Steeper learning curve due to its complexity
  • Focused solely on AWS, while my-arsenal-of-aws-security-tools covers multiple cloud platforms
  • Requires more setup and configuration

Code Comparison

pacu:

import boto3
from botocore.exceptions import ClientError

def get_caller_identity():
    try:
        return boto3.client('sts').get_caller_identity()
    except ClientError as error:
        print('Error getting caller identity: {}'.format(error))
        return None

my-arsenal-of-aws-security-tools:

#!/bin/bash
# This is a collection of tools, not a single codebase

# Example usage of AWS CLI for security checks
aws cloudtrail describe-trails
aws config describe-compliance-by-config-rule

The code comparison shows that pacu is a Python-based framework with built-in AWS interactions, while my-arsenal-of-aws-security-tools is primarily a curated list of tools and scripts, often utilizing AWS CLI commands for security checks.

10,707

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Pros of Prowler

  • Comprehensive AWS security assessment tool with over 240 checks
  • Regularly updated with new security checks and features
  • Supports multiple output formats (HTML, JSON, CSV) for easy integration

Cons of Prowler

  • Focused solely on AWS, while my-arsenal-of-aws-security-tools covers a broader range of tools
  • Requires more setup and configuration compared to a curated list of tools
  • May have a steeper learning curve for beginners

Code Comparison

Prowler (Python):

def check_security_group_open_ports(self):
    for sg in self.security_groups:
        for rule in sg.ip_permissions:
            if rule.get("IpProtocol") == "-1" and rule.get("IpRanges"):
                for ip_range in rule["IpRanges"]:
                    if ip_range.get("CidrIp") == "0.0.0.0/0":
                        self.add_issue(3, "Security group allows all traffic", sg)

my-arsenal-of-aws-security-tools (Markdown):

## Open Source Projects

- [AWS Security Automation](https://github.com/toniblyx/my-arsenal-of-aws-security-tools#aws-security-automation)
- [Offensive Security](https://github.com/toniblyx/my-arsenal-of-aws-security-tools#offensive-security)
- [Defensive Security](https://github.com/toniblyx/my-arsenal-of-aws-security-tools#defensive-security)

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Table of Contents

Contribute

Do you want to contribute to this list? Feel free to send a PR and make sure your tool is Open Source.

NameDescriptionPopularityMetadata
My Arsenal of AWS Security ToolsThis list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.starscontributors watchers last-commit open-issues closed-issues

Defensive: Hardening, Security Assessment and Inventory

NameDescriptionPopularityMetadata
ProwlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more. (Python)starscontributorswatcherslast-commit open-issues closed-issues
CloudMapperhelps you analyze your AWS environments (Python)starscontributorswatcherslast-commit open-issues closed-issues
ScoutSuiteMulti-Cloud Security auditing tool for AWS Google Cloud and Azure environments (python)starscontributorswatcherslast-commit open-issues closed-issues
CloudCustodianRules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resourcesstarscontributorswatcherslast-commit open-issues closed-issues
ICEIce provides insights from a usage and cost perspective with high detail dashboards.starscontributorswatcherslast-commit open-issues closed-issues
CloudSploit ScansAWS security scanning checks (NodeJS)starscontributorswatcherslast-commit open-issues closed-issues
AWS Network Access AnalyzerAutomation for Amazon VPC Network Access Analyzer to identify all possible Internet Gateway reachability for your resources across all your AWS accountsstarscontributorswatcherslast-commit open-issues closed-issues
CloudTrackerhelps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)starscontributorswatcherslast-commit open-issues closed-issues
AWS Security Benchmarksscripts and templates guidance related to the AWS CIS Foundation framework (Python)starscontributorswatcherslast-commit open-issues closed-issues
AWS Public IPsFetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6 Classic/VPC networking and across all AWS services (Ruby)starscontributorswatcherslast-commit open-issues closed-issues
PMapperAdvanced and Automated AWS IAM Evaluation (Python)starscontributorswatcherslast-commit open-issues closed-issues
nccgroup AWS-InventoryMake a inventory of all your resources across regions (Python)starscontributorswatcherslast-commit open-issues closed-issues
Resource CounterCounts number of resources in categories across regionsstarscontributorswatcherslast-commit open-issues closed-issues
SkyArkSkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS.starscontributorswatcherslast-commit open-issues closed-issues
findmytakeoverfind dangling domains in a multi cloud environmentstarscontributors watchers last-commit open-issues closed-issues
Trailblazer AWSTrailblazer AWS determine what AWS API calls are logged by CloudTrail and what they are logged as. You can also use TrailBlazer as an attack simulation framework.starscontributorswatcherslast-commit open-issues closed-issues
LunarSecurity auditing tool based on several security frameworks (it does some AWS checks)starscontributorswatcherslast-commit open-issues closed-issues
Cloud-reportsScans your AWS cloud resources and generates reportsstarscontributorswatcherslast-commit open-issues closed-issues
PacbotPlatform for continuous compliance monitoring compliance reporting and security automation for the cloudstarscontributorswatcherslast-commit open-issues closed-issues
cs-suiteIntegrates tools like Scout2 and Prowler among othersstarscontributorswatcherslast-commit open-issues closed-issues
aws-key-disablerA small lambda script that will disable access keys older than a given amount of daysstarscontributorswatcherslast-commit open-issues closed-issues
AntiopeAWS Inventory and Compliance Frameworkstarscontributorswatcherslast-commit open-issues closed-issues
Cloud ReportsScans your AWS cloud resources and generates reports and includes security best practices.starscontributorswatcherslast-commit open-issues closed-issues
Terraform AWS Secure BaselineTerraform module to set up your AWS account with the securestarscontributorswatcherslast-commit open-issues closed-issues
ZeusCloudDiscover, prioritize, and remediate security risks in your AWS cloud environments.starscontributors watchers last-commit open-issues closed-issues
CartographyCartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.starscontributorswatcherslast-commit open-issues closed-issues
TrailScraperA command-line tool to get valuable information out of AWS CloudTrailstarscontributorswatcherslast-commit open-issues closed-issues
KomiserCloud Environment Inspector analyze and manage cloud cost usage security and governance in one place.starscontributorswatcherslast-commit open-issues closed-issues
PerimeteratorAWS perimeter monitoring. Periodically scan internet facing AWS resources to detect misconfigured servicesstarscontributorswatcherslast-commit open-issues closed-issues
PolicySentryIAM Least Privilege Policy Generator auditor and analysis databasestarscontributorswatcherslast-commit open-issues closed-issues
ZeusAWS Auditing & Hardening Toolstarscontributorswatcherslast-commit open-issues closed-issues
janiko71 AWS-inventoryPython script for AWS resources inventorystarscontributorswatcherslast-commit open-issues closed-issues
awspxA graph-based tool for visualizing effective access and resource relationships in AWS environmentsstarscontributorswatcherslast-commit open-issues closed-issues
clinvDevSecOps command line asset inventory toolstarscontributorswatcherslast-commit open-issues closed-issues
aws-gateEnhanced AWS SSM Session manager CLI clientstarscontributors watchers last-commit open-issues closed-issues
Detecting Credential CompromiseDetecting of your compromised credential in AWSstarscontributorswatcherslast-commit open-issues closed-issues
AWS-Security-Toolbox (AST)AWS Security Toolbox (Docker Image) for Security Assessmentsstarscontributors watchers last-commit open-issues closed-issues
iam-lintGithub action for linting AWS IAM policy documents for correctness and possible security issuesstarscontributors watchers last-commit open-issues closed-issues
aws-security-vizA tool to visualize aws security groups.starscontributors watchers last-commit open-issues closed-issues
AirIAMLeast privilege AWS IAM using Terraformstarscontributors watchers last-commit open-issues closed-issues
CloudsplainingAWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.starscontributors watchers last-commit open-issues closed-issues
iam-policy-generatorA simple library to generate IAM policy statements with no need to remember all the actions APIsstarscontributors watchers last-commit open-issues closed-issues
SkyWrapperSkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWSstarscontributors watchers last-commit open-issues closed-issues
aws-reconMulti-threaded AWS inventory collection toolstarscontributors watchers last-commit open-issues closed-issues
iam-policies-cliA CLI tool for building simple to complex IAM policiesstarscontributors watchers last-commit open-issues closed-issues
AaiaAWS Identity and Access Management Visualizer and Anomaly Finderstarscontributors watchers last-commit open-issues closed-issues
iam-floydIAM policy statement generator with fluent interface - Available for Node.js, Python, .Net and Javastarscontributors watchers last-commit open-issues closed-issues
rpCheckupAWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.starscontributors watchers last-commit open-issues closed-issues
S3 Exif CleanerRemove EXIF data from all objects in an S3 bucketstarscontributorswatcherslast-commit open-issues closed-issues
SteampipeUse SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required. (SQL)starscontributorswatcherslast-commit open-issues closed-issues
access-undenied-awsParses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps.starscontributors watchers last-commit open-issues closed-issues
MetabadgerPrevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).starscontributorswatcherslast-commit open-issues closed-issues
AWS-Firewall FactoryDeploy, update, and stage your WAFs while managing them centrally via FMS (CDK)starscontributors watchers last-commit open-issues closed-issues
IAMSpyA library that utilises the Z3 prover to attempt to answer questions about AWS IAM.starscontributors watchers last-commit open-issues closed-issues
nuvolaDump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntaxstarscontributorswatcherslast-commit open-issues closed-issues
aws-security-architecturesArchitectures for AWS security. (Detect, Alarm, Macie, etc.) Many architectures will be added in the future.starscontributors watchers last-commit open-issues closed-issues
MetaHub for AWS Security HubMetaHub is the CLI utility for AWS Security Hub which provides you with extra functionality like grouping your findings by affected reources, executing MetaChecks and MetaTags directly in the affected resource for enriching your findings, filters on top of MetaChecks and MetaTags, different reports like CSV, JSON and HTML, bulk updates, and enriching your findings directly in AWS Security Hub.starscontributors watchers last-commit open-issues closed-issues
MatanoMatano is an open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS.starscontributors watchers last-commit open-issues closed-issues
aws-list-resourcesUses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s). Discovered resources are written to a JSON output file.starscontributors watchers last-commit open-issues closed-issues
aws-summarize-account-activityAnalyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made and regions that were used. The summary is written to a JSON output file and can optionally be visualized as PNG files.starscontributors watchers last-commit open-issues closed-issues
aws-lint-iam-policiesRuns IAM policy linting checks against either a single AWS account or all accounts of an AWS Organization. Reports on policies that violate security best practices or contain errors. Supports both identity-based and resource-based policies.starscontributors watchers last-commit open-issues closed-issues

Offensive

NameDescriptionPopularityMetadata
cloudfoxFind exploitable attack paths in cloud infrastructurestarscontributorswatcherslast-commit open-issues closed-issues
WeirdAALAWS Attack Librarystarscontributorswatcherslast-commit open-issues closed-issues
PacuAWS penetration testing toolkitstarscontributorswatcherslast-commit open-issues closed-issues
Cred ScannerA simple file-based scanner to look for potential AWS access and secret keys in filesstarscontributorswatcherslast-commit open-issues closed-issues
AWS PWNA collection of AWS penetration testing junkstarscontributorswatcherslast-commit open-issues closed-issues
CloudfruntA tool for identifying misconfigured CloudFront domainsstarscontributorswatcherslast-commit open-issues closed-issues
CloudjackRoute53/CloudFront Vulnerability Assessment Utilitystarscontributorswatcherslast-commit open-issues closed-issues
NimbostratusTools for fingerprinting and exploiting Amazon cloud infrastructuresstarscontributorswatcherslast-commit open-issues closed-issues
GitLeaksAudit git repos for secretsstarscontributorswatcherslast-commit open-issues closed-issues
TruffleHogSearches through git repositories for high entropy strings and secrets digging deep into commit historystarscontributorswatcherslast-commit open-issues closed-issues
DumpsterDiver"Tool to search secrets in various filetypes like keys (e.g. AWS Access Key Azure Share Key or SSH keys) or passwords."starscontributorswatcherslast-commit open-issues closed-issues
Mad-KingProof of Concept Zappa Based AWS Persistence and Attack Platformstarscontributorswatcherslast-commit open-issues closed-issues
Cloud-NukeA tool for cleaning up your cloud accounts by nuking (deleting) all resources within itstarscontributorswatcherslast-commit open-issues closed-issues
MozDef - The Mozilla Defense PlatformThe Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.starscontributorswatcherslast-commit open-issues closed-issues
Lambda-ProxyA bridge between SQLMap and AWS Lambda which lets you use SQLMap to natively test AWS Lambda functions for SQL Injection vulnerabilities.starscontributorswatcherslast-commit open-issues closed-issues
CloudCopyCloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapshot permissionstarscontributorswatcherslast-commit open-issues closed-issues
enumerate-iamEnumerate the permissions associated with AWS credential setstarscontributorswatcherslast-commit open-issues closed-issues
BarqA post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructurestarscontributorswatcherslast-commit open-issues closed-issues
CCATCloud Container Attack Tool (CCAT) is a tool for testing security of container environmentsstarscontributorswatcherslast-commit open-issues closed-issues
DufflebagSearch exposed EBS volumes for secretsstarscontributors watchers last-commit open-issues closed-issues
attack_rangeA tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunkstarscontributors watchers last-commit open-issues closed-issues
whispersIdentify hardcoded secrets and dangerous behavioursstarscontributors watchers last-commit open-issues closed-issues
RedbotoRed Team AWS Scriptsstarscontributors watchers last-commit open-issues closed-issues
CloudBruteA tool to find a company (target) infrastructure, files, and apps on the top cloud providersstarscontributors watchers last-commit open-issues closed-issues

Purple Teaming & Adversary Emulation

NameDescriptionPopularityMetadata
Stratus Red TeamGranular, Actionable Adversary Emulation for the Cloudstarscontributors watchers last-commit open-issues closed-issues
LeonidasAutomated Attack Simulation in the Cloud complete with detection use cases.starscontributors watchers last-commit open-issues closed-issues
Amazon Guardduty TesterThis script is used to generate some basic detections of the GuardDuty servicestarscontributors watchers last-commit open-issues closed-issues

Continuous Security Auditing

NameDescriptionPopularityMetadata
Security Monkeystarscontributorswatcherslast-commit open-issues closed-issues
Krampusstarscontributorswatcherslast-commit open-issues closed-issues
Cloud Inquisitorstarscontributorswatcherslast-commit open-issues closed-issues
Disable keys after X daysstarscontributorswatcherslast-commit open-issues closed-issues
Repokid Least Privilegestarscontributorswatcherslast-commit open-issues closed-issues
Wazuh CloudTrail modulestarscontributorswatcherslast-commit open-issues closed-issues
Hammerstarscontributorswatcherslast-commit open-issues closed-issues
Streamalertstarscontributorswatcherslast-commit open-issues closed-issues
Billing Alerts CFN templatesstarscontributorswatcherslast-commit open-issues closed-issues
WatchmenAWS account compliance using centrally managed Config Rulesstarscontributorswatcherslast-commit open-issues closed-issues
ElectricEyeContinuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availabilitystarscontributors watchers last-commit open-issues closed-issues
SyntheticSuna defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threatsstarscontributors watchers last-commit open-issues closed-issues
CloudQuerycloudquery exposes your cloud configuration and metadata as sql tables, providing powerful analysis and monitoring for compliance and securitystarscontributorswatcherslast-commit open-issues closed-issues
PrismXCloud Security Dashboard for AWS - based on ScoutSuitestarscontributors watchers last-commit open-issues closed-issues
FalcoThreat detection and response for containers, hosts, Kubernetes and the cloudstarscontributors watchers last-commit open-issues closed-issues

Digital Forensics and Incident Response

NameDescriptionPopularityMetadata
AWS IRAWS specific Incident Response and Forensics Toolstarscontributorswatcherslast-commit open-issues closed-issues
MargaritashotgunLinux memory remote acquisition toolstarscontributorswatcherslast-commit open-issues closed-issues
DiffyTriage tool used during cloud-centric security incidentsstarscontributorswatcherslast-commit open-issues closed-issues
AWS Security AutomationAWS scripts and resources for DevSecOps and automated incident responsestarscontributorswatcherslast-commit open-issues closed-issues
GDPatrolAutomated Incident Response based off AWS GuardDuty findingsstarscontributorswatcherslast-commit open-issues closed-issues
AWSlogShow the history and changes between configuration versions of AWS resources using AWS Configstarscontributorswatcherslast-commit open-issues closed-issues
DataCopAutomated IR process that mitigates vulnerable AWS S3 buckets that are defined by AWS Macie results.starscontributors watchers last-commit open-issues closed-issues
AWS_ResponderAWS Digital Forensic and Incident Response (DFIR) Response Python Scriptsstarscontributorswatcherslast-commit open-issues closed-issues
SSM-AcquireA python module for orchestrating content acquisitions and analysis via Amazon SSMstarscontributorswatcherslast-commit open-issues closed-issues
cloudtrail-partitionerThis project sets up partitioned Athena tables for your CloudTrail logs and updates the partitions nightly. Makes CloudTrail logs queries easier.starscontributorswatcherslast-commit open-issues closed-issues
fargate-irProof of concept incident response demo using SSM and AWS Fargate.starscontributors watchers last-commit open-issues closed-issues
aws-logsearchSearch AWS CloudWatch logs all at once on the command line.starscontributors watchers last-commit open-issues closed-issues
VarnaQuick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL)starscontributors watchers last-commit open-issues closed-issues
aws-auto-remediateOpen source application to instantly remediate common security issues through the use of AWS Configstarscontributors watchers last-commit open-issues closed-issues
panther-labsDetect threats with log data and improve cloud security posturestarscontributors watchers last-commit open-issues closed-issues
aws-incident-responseThis page is a collection of useful things to look for in CloudTrail using Athena for AWS incident responsestarscontributors watchers last-commit open-issues closed-issues
cloud-forensics-utilsPython library to carry out DFIR analysis on the Cloudstarscontributors watchers last-commit open-issues closed-issues
aws-fast-fixesScripts to quickly fix security and compliance issuesstarscontributors watchers last-commit open-issues closed-issues

Development Security

NameDescriptionPopularityMetadata
Automated Security Helper (ASH)ASH is a one stop shop for code security scans, and does not require any installation. It will identify the relevant frameworks, and download the relevant, up to date tools. ASH is running on isolated Docker containers, keeping the user environment clean, with a single aggregated report. The following frameworks are supported: Git, Python, Javascript, Cloudformation, Terraform and Jupyter notebook.starscontributorswatcherslast-commit open-issues closed-issues
CFN NAGCloudFormation security test (Ruby)starscontributorswatcherslast-commit open-issues closed-issues
Git-secretsstarscontributorswatcherslast-commit open-issues closed-issues
Repository of sample Custom Rules for AWS Configstarscontributorswatcherslast-commit open-issues closed-issues
CFripper"Lambda function to ""rip apart"" a CloudFormation template and check it for security compliance."starscontributorswatcherslast-commit open-issues closed-issues
AssumeA simple CLI utility that makes it easier to switch between different AWS rolesstarscontributorswatcherslast-commit open-issues closed-issues
TerrascanA collection of security and best practice tests for static code analysis of terraform templates using terraform_validatestarscontributorswatcherslast-commit open-issues closed-issues
tfsecProvides static analysis of your terraform templates to spot potential security issuesstarscontributorswatcherslast-commit open-issues closed-issues
CheckovTerraform, Cloudformation and Kubernetes static analysis written in pythonstarscontributorswatcherslast-commit open-issues closed-issues
YorAutomatically tag and trace infrastructure as code frameworks (Terraform, Cloudformation and Serverless)starscontributorswatcherslast-commit open-issues closed-issues
pytest-servicesUnit testing framework for test driven security of AWS configurations and morestarscontributorswatcherslast-commit open-issues closed-issues
IAM Least-Privileged Role GeneratorA Serverless framework plugin that statically analyzes AWS Lambda function code and automagically generates least-privileged IAM roles.starscontributorswatcherslast-commit open-issues closed-issues
AWS VaultA vault for securely storing and accessing AWS credentials in development environmentsstarscontributorswatcherslast-commit open-issues closed-issues
AWS Service Control PoliciesCollection of semi-useful Service Control Policies and scripts to manage themstarscontributorswatcherslast-commit open-issues closed-issues
Terraform-complianceA lightweight security focused BDD test framework against terraform (with helpful code for AWS)starscontributorswatcherslast-commit open-issues closed-issues
Get a List of AWS Managed Policiesa way to get a list of all AWS managed policiesstarscontributorswatcherslast-commit open-issues closed-issues
ParliamentAWS IAM linting librarystarscontributorswatchers last-commit open-issues closed-issues
AWS-ComplianceMachineDontStopProof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security Identity & Compliance Services to Support your AWS Account Security Posturestarscontributorswatcherslast-commit open-issues closed-issues
detect-secretsAn enterprise friendly way of detecting and preventing secrets in code.starscontributorswatcherslast-commit open-issues closed-issues
tf-parliamentRun Parliament AWS IAM Checker on Terraform Filesstarscontributors watchers last-commit open-issues closed-issues
aws-gateBetter AWS SSM Session manager CLI clientstarscontributors watchers last-commit open-issues closed-issues
iam-lintGithub action for linting AWS IAM policy documents for correctness and possible security issuesstarscontributors watchers last-commit open-issues closed-issues
RegulaRegula checks Terraform for AWS security and compliance using Open Policy Agent/Regostarscontributors watchers last-commit open-issues closed-issues
whispersIdentify hardcoded secrets and dangerous behavioursstarscontributors watchers last-commit open-issues closed-issues
cloudformation-guardA set of tools to check AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax.starscontributors watchers last-commit open-issues closed-issues
IAMFinderEnumerates and finds users and IAM roles in a target AWS accountstarscontributors watchers last-commit open-issues closed-issues
iamliveGenerate a basic IAM policy from AWS client-side monitoring (CSM)starscontributors watchers last-commit open-issues closed-issues
aws-allowlisterAutomatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.starscontributors watchers last-commit open-issues closed-issues
LeappCross-platform app for managing AWS credentials programmatically, based on Electronstarscontributorswatcherslast-commit open-issues closed-issues
KICSFind security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-codestarscontributorswatcherslast-commit open-issues closed-issues
SecurityHub CIS Compliance AutomatorAutomatically configure your AWS Account to meet 95% of the 200+ controls for CIS Compliance, PCI DSS Compliance and AWS Security Best Practicestarscontributorswatcherslast-commit open-issues closed-issues
SCPkitA SCP management tool that helps condense policiesstarscontributorswatcherslast-commit open-issues closed-issues

S3 Buckets Auditing

NameDescriptionPopularityMetadata
mass3enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threadingstarscontributorswatcherslast-commit open-issues closed-issues
teh_s3_bucketeersstarscontributorswatcherslast-commit open-issues closed-issues
bucket-streamFind interesting Amazon S3 Buckets by watching certificate transparency logsstarscontributorswatcherslast-commit open-issues closed-issues
s3-buckets-finderbrute force Amazon S3 bucketstarscontributorswatcherslast-commit open-issues closed-issues
s3findfind S3 public bucketsstarscontributorswatcherslast-commit open-issues closed-issues
slurp-robbieEnumerate S3 buckets via certstream, domain, or keywordsstarscontributorswatcherslast-commit open-issues closed-issues
s3-inspectorcheck AWS S3 bucket permissionsstarscontributorswatcherslast-commit open-issues closed-issues
s3-fuzzerstarscontributorswatcherslast-commit open-issues closed-issues
AWSBucketDumpLook For Interesting Files in S3 Bucketsstarscontributorswatcherslast-commit open-issues closed-issues
s3scanscan s3 buckets for security issuesstarscontributorswatcherslast-commit open-issues closed-issues
S3ScannerScan for open AWS S3 buckets and dump the contentsstarscontributorswatcherslast-commit open-issues closed-issues
s3finderopen S3 bucket finderstarscontributorswatcherslast-commit open-issues closed-issues
S3Scanspider a website and find publicly open S3 bucketsstarscontributorswatcherslast-commit open-issues closed-issues
s3-metaGather metadata about your S3 bucketsstarscontributorswatcherslast-commit open-issues closed-issues
s3-utilsUtilities and tools based around Amazon S3 to provide convenience APIs in a CLIstarscontributorswatcherslast-commit open-issues closed-issues
S3PublicBucketsCheckA lambda function that checks your account for Public buckets and emails you whenever a new public s3 bucket is createdstarscontributorswatcherslast-commit open-issues closed-issues
bucket_finderAmazon bucket brute force toolstarscontributorswatcherslast-commit open-issues closed-issues
inSp3ctorAWS S3 Bucket/Object Finderstarscontributorswatcherslast-commit open-issues closed-issues
bucketcatBrute-forces objects within a given bucket using Hashcat mask-like syntaxstarscontributorswatcherslast-commit open-issues closed-issues
aws-s3-data-finderAWS S3 Sensitive Data Searchstarscontributorswatcherslast-commit open-issues closed-issues
lazys3bruteforce AWS s3 buckets using different permutationsstarscontributorswatcherslast-commit open-issues closed-issues
BucketScannerTest objects' permissions in AWS bucketsstarscontributorswatcherslast-commit open-issues closed-issues
aws-externder-cliTest S3 buckets as well as Google Storage buckets and Azure Storage containers to find interesting filesstarscontributorswatcherslast-commit open-issues closed-issues
festinS3 bucket weakness discoverystarscontributors watchers last-commit open-issues closed-issues
S3Insightsa platform for efficiently deriving security insights about S3 data through metadata analysisstarscontributors watchers last-commit open-issues closed-issues
s3_objects_checkWhitebox evaluation of effective S3 object permissions, to identify publicly accessible files.starscontributors watchers last-commit open-issues closed-issues

Training

NameDescriptionPopularityMetadata
Flaws.cloudflAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS
Flaws2.cloudflAWS 2 has two paths this time Attacker and Defender! In the Attacker path you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path that target is now viewed as the victim and you'll work as an incident responder for that same app understanding how an attack happened
CloudGoatVulnerable by Design AWS infrastructure setup toolstarscontributorswatcherslast-commit open-issues closed-issues
dvcaDamn Vulnerable Cloud Application more infostarscontributorswatcherslast-commit open-issues closed-issues
AWSDetonationLabScripts and templates to generate some basic detections of the AWS security servicesstarscontributorswatcherslast-commit open-issues closed-issues
OWASPServerlessGoatOWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository.starscontributorswatcherslast-commit open-issues closed-issues
SadcloudA tool for spinning up insecure AWS infrastructure with Terraform. It supports approx. 84 misconfigurations across 22 AWS Services.starscontributorswatcherslast-commit open-issues closed-issues
BigOrange ActionsPaste your IAM Policy and get a list of Actions it can effectively perform
IncidentResponseGeneratorIncident response generator for training classesstarscontributorswatcherslast-commit open-issues closed-issues
Breaking and Pwning Apps and Servers on AWS and AzureCourse content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!starscontributorswatcherslast-commit open-issues closed-issues
terragoat"Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.starscontributors watchers last-commit open-issues closed-issues
cfngoat"Vulnerable by Design" cloudformation repository. CfnGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.starscontributors watchers last-commit open-issues closed-issues
CDKgoat"Vulnerable by Design" AWS CDK repository. CDKGoat is a learning and training project that demonstrates how common configuration errors can find their way into impartive IAC such as AWS CDK.starscontributors watchers last-commit open-issues closed-issues
aws_exposable_resourcesResource types that can be publicly exposed on AWSstarscontributors watchers last-commit open-issues closed-issues
IAM VulnerableUse Terraform to create your own vulnerable by design AWS IAM privilege escalation playgroundstarscontributors watchers last-commit open-issues closed-issues
PenTesting.CloudFree AWS Security Labs - CTF Style
AWSGoat : A Damn Vulnerable AWS InfrastructureAWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations.starscontributors watchers last-commit open-issues closed-issues

Other interesting tools/code

Honey-token:

More Resources: