Defensive (Hardening, Security Assessment, Inventory)
- ScoutSuite: https://github.com/nccgroup/ScoutSuite - Security auditing tool for AWS environments (Python)
- Prowler: https://github.com/toniblyx/prowler - CIS benchmarks and additional checks for security best practices in AWS (Shell Script)
- Scans: https://github.com/cloudsploit/scans - AWS security scanning checks (NodeJS)
- CloudMapper: https://github.com/duo-labs/cloudmapper - helps you analyze your AWS environments (Python)
- CloudTracker: https://github.com/duo-labs/cloudtracker - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)
- AWS Security Benchmarks: https://github.com/awslabs/aws-security-benchmark - scrips and templates guidance related to the AWS CIS Foundation framework (Python)
- AWS Public IPs: https://github.com/arkadiyt/aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)
- PMapper: https://github.com/nccgroup/PMapper - Advanced and Automated AWS IAM Evaluation (Python)
- AWS-Inventory: https://github.com/nccgroup/aws-inventory - Make a inventory of all your resources across regions (Python)
- Resource Counter: https://github.com/disruptops/resource-counter - Counts number of resources in categories across regions
- Checkov: https://github.com/bridgecrewio/checkov - Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform and detects security and compliance misconfigurations.
- CloudQuery https://github.com/cloudquery/cloudquery - Asset Inventory
Offensive:
- weirdALL: https://github.com/carnal0wnage/weirdAAL - AWS Attack Library
- Pacu: https://github.com/RhinoSecurityLabs/pacu - AWS penetration testing toolkit
- Cred Scanner: https://github.com/disruptops/cred_scanner
- AWS PWN: https://github.com/dagrz/aws_pwn
- Cloudfrunt: https://github.com/MindPointGroup/cloudfrunt
- Cloudjack: https://github.com/prevade/cloudjack
- Nimbostratus: https://github.com/andresriancho/nimbostratus
- EndGame [https://github.com/salesforce/endgame] (https://github.com/salesforce/endgame) - AWS PenTest Tool from Salesforce/Kinnaird
Continuous Security Auditing:
- hammer https://github.com/dowjones/hammer
- PacBot https://github.com/tmobile/pacbot
- Security Monkey: https://github.com/Netflix/security_monkey
- Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus
- Cloud Inquisitor: https://github.com/RiotGames/cloud-inquisitor
- CloudCustodian: https://github.com/capitalone/cloud-custodian
- Disable keys after X days: https://github.com/te-papa/aws-key-disabler
- Repokid Least Privilege: https://github.com/Netflix/repokid
- Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html
- Detect Credential Compromise https://github.com/jchrisfarris/detect-credential-compromise
- Barq https://github.com/Voulnet/barq - post exploitation tool
- smogcloud https://github.com/BishopFox/smogcloud - Find cloud assets that no one wants exposed
DFIR:
- AWS IR: https://github.com/ThreatResponse/aws_ir - AWS specific Incident Response and Forensics Tool
- Margaritashotgun: https://github.com/ThreatResponse/margaritashotgun - Linux memory remote acquisition tool
- LiMEaide: https://kd8bny.github.io/LiMEaide/ - Linux memory remote acquisition tool
- Diffy: https://github.com/Netflix-Skunkworks/diffy - Triage tool used during cloud-centric security incidents
Development Security:
- CFN NAG: https://github.com/stelligent/cfn_nag - CloudFormation security test (Ruby)
- Git-secrets: https://github.com/awslabs/git-secrets
- Repository of sample Custom Rules for AWS Config: https://github.com/awslabs/aws-config-rules
S3 Buckets Auditing:
- https://github.com/Parasimpaticki/sandcastle
- https://github.com/smiegles/mass3
- https://github.com/koenrh/s3enum
- https://github.com/tomdev/teh_s3_bucketeers/
- https://github.com/eth0izzle/bucket-stream
- https://github.com/gwen001/s3-buckets-finder
- https://github.com/aaparmeggiani/s3find
- https://github.com/bbb31/slurp
- https://github.com/random-robbie/slurp
- https://github.com/kromtech/s3-inspector
- https://github.com/petermbenjamin/s3-fuzzer
- https://github.com/jordanpotti/AWSBucketDump
- https://github.com/bear/s3scan
- https://github.com/sa7mon/S3Scanner
- https://github.com/magisterquis/s3finder
- https://github.com/abhn/S3Scan
- https://breachinsider.com/honey-buckets/
- https://www.buckhacker.com | https://www.thebuckhacker.com/ [Currently Offline]
- https://buckets.grayhatwarfare.com/
Training:
- Flaws http://flaws.cloud/
- Flaws2 http://flaws2.cloud/
- Cloudgoat https://github.com/RhinoSecurityLabs/cloudgoat
Others:
- StreamAlert https://github.com/airbnb/streamalert - data analytics
- https://github.com/nagwww/s3-leaks - a list of some biggest leaks recorded
- Rhino Labs Research https://github.com/RhinoSecurityLabs/Cloud-Security-Research
- Dufflebag https://github.com/bishopfox/dufflebag - Search exposed EBS volumes for secrets
- CloudENum https://github.com/initstring/cloud_enum
- Domain-Protect https://github.com/ovotech/domain-protect - protect from sub-domain takeovers
IAM:
- AirIAM https://github.com/bridgecrewio/AirIAM
- IAM Reference https://github.com/rvedotrc/aws-iam-reference
- PMapper https://github.com/nccgroup/PMapper
- CloudSplaining https://github.com/salesforce/cloudsplaining
- PolicySentry https://github.com/salesforce/policy_sentry
Honeypots
- Spacecrab https://bitbucket.org/asecurityteam/spacecrab
- https://breachinsider.com/honey-buckets/
- honeyLambda https://github.com/0x4D31/honeyLambda
- Thinkst Canary https://github.com/thinkst/canarytokens-docker
Serverless & Lambda:
- https://github.com/Skyscanner/LambdaGuard - LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results.
CloudFormation and Terraform