- cloudgoat: Rhino Security Labs’ “Vulnerable by Design” AWS infrastructure setup tool
- dvca: Damn Vulnerable Cloud Application
- AWSDetonationLab: This script is used to generate some basic detections of the aws security services
- AWS-Vulnerable-Lambda: An AWS Lambda vulnerable application written in flask.
- lambhack: A very vulnerable serverless application in AWS Lambda
- honeyLambda: honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
- Honey Buckets – Find out who is snooping through your Amazon S3 buckets.
- sadcloud - A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure