Blogs/Research

Tools

S3 Buckets Finder

  • S3Scanner: Scan for open AWS S3 buckets and dump the contents
  • smiegles/mass3: Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading.
  • AWS-Scanner: Scans a list of websites for Cloudfront or S3 Buckets
  • goGetBucket: A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
  • s3-inspector: Tool to check AWS S3 bucket permissions
  • buckets.grayhatwarfare.com: Search for open buckets using online service
  • AWSBucketDump: Security Tool to Look For Interesting Files in S3 Buckets
  • bucket-stream: Find interesting Amazon S3 Buckets by watching certificate transparency logs.
  • CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
  • kicks3: S3 bucket finder from html,js and bucket misconfiguration testing tool.

DFIR

  • aws_ir: Python installable command line utiltity for mitigation of host and key compromises.
  • aws-security-automation: Collection of scripts and resources for DevSecOps and Automated Incident Response Security
  • GDPatrol: A Lambda-powered Security Orchestration framework for AWS GuardDuty
  • awslog: Show the history and changes between configuration versions of AWS resources
  • aws_responder: AWS Incident Response Kit (AIRK) - AWS Incident Response

Defensive

  • ScoutSuite: Multi-Cloud Security Auditing Tool
  • prowler: AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+90).
  • scans: AWS security scanning checks
  • cloudmapper: CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
  • cloudtracker: CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  • aws-security-benchmark: Open source demos, concept and guidance related to the AWS CIS Foundation framework.
  • aws_public_ips: Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
  • PMapper: A tool for quickly evaluating IAM permissions in AWS.
  • aws-inventory: Discover resources created in an AWS account.
  • SkyArk: SkyArk helps to discover, assess and secure the most privileged entities in AWS
  • lunar: A UNIX security auditing tool based on several security frameworks
  • cloud-reports: Scans your AWS cloud resources and generates reports
  • cs-suite: Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
  • cloud-service-enum: These script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service.
  • Chamber: Tool for managing secrets. It does so by storing secrets in SSM Parameter Store, an AWS service for storing secrets.
  • Policy Sentry: IAM Least Privilege Policy Generator by Salesforce
  • Antiope: AWS Inventory & Compliance Framework
  • rpCheckup: Catch AWS resource policy backdoors
  • AWS CloudFormation Guard: AWS CloudFormation Guard is an open-source general-purpose policy-as-code evaluation tool.

Offensive

  • DumpsterDiver: Tool to search secrets in various filetypes.
  • weirdAAL: WeirdAAL (AWS Attack Library)
  • pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • aws_pwn: A collection of AWS penetration testing junk
  • cloudjack: Route53/CloudFront Vulnerability Assessment Utility
  • cloudfrunt: A tool for identifying misconfigured CloudFront domains
  • mad-king: Proof of Concept Zappa Based AWS Persistence and Attack Platform
  • cloud-nuke: A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it
  • cloud-service-enum: These script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service.
  • Cloudsplaining: AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.
  • security-cloud-scout - Cloud Scout is a plugin which works on top of BloodHound, leveraging its visualization capabilities in order to visualize cross platform attack paths.
  • Red-Shadow - Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured
  • S3 Account Search - This tool lets you find the account id an S3 bucket belongs too.

Continous Monitoring

  • streamalert: StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
  • security_monkey: Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • keynuker: 🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github

Miscellaneous

Edit me on Github