GitHub - T0mmykn1fe/devsecops_aws_tools: A set of tools for performing devsecops pentesting hacking on AWS

Defensive (Hardening, Security Assessment, Inventory)

ScoutSuite: https://github.com/nccgroup/ScoutSuite - Multi-Cloud Security auditing tool for AWS, Google Cloud and Azure environments (Python)
Prowler: https://github.com/toniblyx/prowler - CIS benchmarks and additional checks for security best practices in AWS (Shell Script)
CloudSploit: https://github.com/cloudsploit/scans - AWS security scanning checks (NodeJS)
CloudMapper: https://github.com/duo-labs/cloudmapper - helps you analyze your AWS environments (Python)
CloudTracker: https://github.com/duo-labs/cloudtracker - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)
AWS Security Benchmarks: https://github.com/awslabs/aws-security-benchmark - scrips and templates guidance related to the AWS CIS Foundation framework (Python)
AWS Public IPs: https://github.com/arkadiyt/aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)
PMapper: https://github.com/nccgroup/PMapper - Advanced and Automated AWS IAM Evaluation (Python)
AWS-Inventory: https://github.com/nccgroup/aws-inventory - Make a inventory of all your resources across regions (Python)
Resource Counter: https://github.com/disruptops/resource-counter - Counts number of resources in categories across regions
ICE: https://github.com/Teevity/ice - Ice provides insights from a usage and cost perspective, with high detail dashboards.
SkyArk: https://github.com/cyberark/SkyArk - SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS.
Trailblazer AWS: https://github.com/willbengtson/trailblazer-aws - Trailblazer AWS, determine what AWS API calls are logged by CloudTrail and what they are logged as. You can also use TrailBlazer as an attack simulation framework.
Lunar: https://github.com/lateralblast/lunar - Security auditing tool based on several security frameworks (it does some AWS checks)
Cloud-reports: https://github.com/tensult/cloud-reports - Scans your AWS cloud resources and generates reports
Pacbot: https://github.com/tmobile/pacbot - Platform for continuous compliance monitoring, compliance reporting and security automation for the cloud
cs-suite: https://github.com/SecurityFTW/cs-suite - Integrates tools like Scout2 and Prowler among others
aws-key-disabler: https://github.com/te-papa/aws-key-disabler - A small lambda script that will disable access keys older than a given amount of days
Antiope: https://github.com/turnerlabs/antiope/ - AWS Inventory and Compliance Framework
FunctionShield: https://www.puresec.io/function-shield A free AWS Lambda security library for developers, providing runtime protection such as: outbound network blocking, disable shell processes, /tmp/ disk I/O operations and prevents leakage of the handler's source code.
Cloud Reports: https://github.com/tensult/cloud-reports Scans your AWS cloud resources and generates reports, includes security best practices.
Terraform AWS Secure Baseline: https://github.com/nozaq/terraform-aws-secure-baseline Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations.
Cartography: https://github.com/lyft/cartography - Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
TrailScraper: https://github.com/flosell/trailscraper - A command-line tool to get valuable information out of AWS CloudTrail
LambdaGuard: https://github.com/Skyscanner/LambdaGuard - An AWS Lambda auditing tool designed to create asset visibility and provide actionable results.
Komiser: https://github.com/mlabouardy/komiser - Cloud Environment Inspector, nalyze and manage cloud cost, usage, security, and governance in one place.
Perimeterator: https://github.com/darkarnium/perimeterator - AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services

Offensive:

weirdALL: https://github.com/carnal0wnage/weirdAAL - AWS Attack Library
Pacu: https://github.com/RhinoSecurityLabs/pacu - AWS penetration testing toolkit
Cred Scanner: https://github.com/disruptops/cred_scanner
AWS PWN: https://github.com/dagrz/aws_pwn
Cloudfrunt: https://github.com/MindPointGroup/cloudfrunt
Cloudjack: https://github.com/prevade/cloudjack
Nimbostratus: https://github.com/andresriancho/nimbostratus
GitLeaks: https://github.com/zricethezav/gitleaks - Audit git repos for secrets
TruffleHog: https://github.com/dxa4481/truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
DumpsterDiver: https://github.com/securing/DumpsterDiver - Tool to search secrets in various filetypes, like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords.
Mad-King: https://github.com/ThreatResponse/mad-king - Proof of Concept Zappa Based AWS Persistence and Attack Platform
Cloud-Nuke: https://github.com/gruntwork-io/cloud-nuke - A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it
MozDef: The Mozilla Defense Platform https://github.com/mozilla/MozDef - The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.
Lambdashell: http://www.lambdashell.com/ - This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands.
Lambda-Proxy: [https://github.com/puresec/lambda-proxy/] - A bridge between SQLMap and AWS Lambda, which lets you use SQLMap to natively test AWS Lambda functions for SQL Injection vulnerabilities.
CloudCopy: https://github.com/Static-Flow/CloudCopy - Cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapshot permission
enumerate-iam: https://github.com/andresriancho/enumerate-iam - Enumerate the permissions associated with AWS credential set

Continuous Security Auditing:

Security Monkey: https://github.com/Netflix/security_monkey
Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus
Cloud Inquisitor: https://github.com/RiotGames/cloud-inquisitor
CloudCustodian: https://github.com/capitalone/cloud-custodian
Disable keys after X days: https://github.com/te-papa/aws-key-disabler
Repokid Least Privilege: https://github.com/Netflix/repokid
Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html
Hammer: https://github.com/dowjones/hammer
Streamalert: https://github.com/airbnb/streamalert
Billing Alerts CFN templates: https://github.com/btkrausen/AWS/tree/master/CloudFormation/Billing%20Alerts
Watchmen: https://github.com/iagcl/watchmen - AWS account compliance using centrally managed Config Rules

DFIR:

AWS IR: https://github.com/ThreatResponse/aws_ir - AWS specific Incident Response and Forensics Tool
Margaritashotgun: https://github.com/ThreatResponse/margaritashotgun - Linux memory remote acquisition tool
LiMEaide: https://kd8bny.github.io/LiMEaide/ - Linux memory remote acquisition tool
Diffy: https://github.com/Netflix-Skunkworks/diffy - Triage tool used during cloud-centric security incidents
AWS Security Automation: https://github.com/awslabs/aws-security-automation - AWS scripts and resources for DevSecOps and automated incident response
GDPatrol: https://github.com/ansorren/GDPatrol - Automated Incident Response based off AWS GuardDuty findings
AWSlog: https://github.com/jaksi/awslog - Show the history and changes between configuration versions of AWS resources using AWS Config
AWS_Responder https://github.com/prolsen/aws_responder - AWS Digital Forensic and Incident Response (DFIR) Response Python Scripts
SSM-Acquire: https://github.com/mozilla/ssm-acquire - A python module for orchestrating content acquisitions and analysis via Amazon SSM

Development Security:

CFN NAG: https://github.com/stelligent/cfn_nag - CloudFormation security test (Ruby)
Git-secrets: https://github.com/awslabs/git-secrets
Repository of sample Custom Rules for AWS Config: https://github.com/awslabs/aws-config-rules
asecure.cloud: https://asecure.cloud - A repository of cutomizable AWS security configurations (Cloudformation and CLI templates)
CFripper: https://github.com/Skyscanner/cfripper/ - Lambda function to "rip apart" a CloudFormation template and check it for security compliance.
Assume: https://github.com/SanderKnape/assume - A simple CLI utility that makes it easier to switch between different AWS roles
Terrascan: https://github.com/cesar-rodriguez/terrascan - A collection of security and best practice tests for static code analysis of terraform templates using terraform_validate
tfsec: https://github.com/liamg/tfsec - Provides static analysis of your terraform templates to spot potential security issues
pytest-services: https://github.com/mozilla-services/pytest-services - Unit testing framework for test driven security of AWS configurations and more
IAM Least-Privileged Role Generator: https://github.com/puresec/serverless-puresec-cli - A Serverless framework plugin that statically analyzes AWS Lambda function code and automagically generates least-privileged IAM roles.
AWS Vault: https://github.com/99designs/aws-vault - A vault for securely storing and accessing AWS credentials in development environments
AWS Service Control Policies: https://github.com/jchrisfarris/aws-service-control-policies - Collection of semi-useful Service Control Policies and scripts to manage them
Half-Life: https://github.com/Skyscanner/halflife - AWS Lambda auditing tool that provides a meaningful overview in terms of statistical analysis, AWS service dependencies and configuration checks from the security perspective

S3 Buckets Auditing:

Training:

http://flaws.cloud/ - flAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS
flaws2.cloud - flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened.
https://github.com/RhinoSecurityLabs/cloudgoat - Vulnerable by Design AWS infrastructure setup tool
https://github.com/m6a-UdS/dvca - Damn Vulnerable Cloud Application more info
https://github.com/sonofagl1tch/AWSDetonationLab - Scripts and templates to generate some basic detections of the AWS security services
OWASP ServerlessGoat - OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository.

Honey-token:

Others:

https://github.com/nagwww/s3-leaks - a list of some biggest leaks recorded
Model Risk AWS https://magoo.github.io/model-risk-aws/ - POC about probabilistic risk model for AWS
asecure.cloud https://asecure.cloud/ - a great place for security resources regarding AWS Security.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

About

Releases

Packages

T0mmykn1fe/devsecops_aws_tools

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages