Blogs/Research

Tools

S3 Buckets Finder

  • S3Scanner: Scan for open AWS S3 buckets and dump the contents
  • smiegles/mass3: Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading.
  • AWS-Scanner: Scans a list of websites for Cloudfront or S3 Buckets
  • goGetBucket: A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
  • s3-inspector: Tool to check AWS S3 bucket permissions
  • buckets.grayhatwarfare.com: Search for open buckets using online service
  • AWSBucketDump: Security Tool to Look For Interesting Files in S3 Buckets
  • bucket-stream: Find interesting Amazon S3 Buckets by watching certificate transparency logs.
  • CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

DFIR

  • aws_ir: Python installable command line utiltity for mitigation of host and key compromises.
  • aws-security-automation: Collection of scripts and resources for DevSecOps and Automated Incident Response Security
  • GDPatrol: A Lambda-powered Security Orchestration framework for AWS GuardDuty
  • awslog: Show the history and changes between configuration versions of AWS resources
  • aws_responder: AWS Incident Response Kit (AIRK) - AWS Incident Response

Defensive

  • ScoutSuite: Multi-Cloud Security Auditing Tool
  • prowler: AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+90).
  • scans: AWS security scanning checks
  • cloudmapper: CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
  • cloudtracker: CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  • aws-security-benchmark: Open source demos, concept and guidance related to the AWS CIS Foundation framework.
  • aws_public_ips: Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
  • PMapper: A tool for quickly evaluating IAM permissions in AWS.
  • aws-inventory: Discover resources created in an AWS account.
  • SkyArk: SkyArk helps to discover, assess and secure the most privileged entities in AWS
  • lunar: A UNIX security auditing tool based on several security frameworks
  • cloud-reports: Scans your AWS cloud resources and generates reports
  • cs-suite: Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
  • cloud-service-enum - These script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service.

Offensive

  • DumpsterDiver: Tool to search secrets in various filetypes.
  • weirdAAL: WeirdAAL (AWS Attack Library)
  • pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • aws_pwn: A collection of AWS penetration testing junk
  • cloudjack: Route53/CloudFront Vulnerability Assessment Utility
  • cloudfrunt: A tool for identifying misconfigured CloudFront domains
  • mad-king: Proof of Concept Zappa Based AWS Persistence and Attack Platform
  • cloud-nuke: A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it
  • cloud-service-enum - These script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service.

Continous Monitoring

  • streamalert: StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
  • security_monkey: Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • keynuker: 🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github

Miscellaneous

Edit me on Github