• cloudgoat: Rhino Security Labs’ “Vulnerable by Design” AWS infrastructure setup tool

  • dvca: Damn Vulnerable Cloud Application

  • AWSDetonationLab: This script is used to generate some basic detections of the aws security services

  • AWS-Vulnerable-Lambda: An AWS Lambda vulnerable application written in flask.

  • lambhack: A very vulnerable serverless application in AWS Lambda

  • honeyLambda: honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

  • Honey Buckets – Find out who is snooping through your Amazon S3 buckets.

  • sadcloud: A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure

  • Kubernetes Goat: Intentionally vulnerable cluster environment to learn and practice Kubernetes security by Madhu Akula

  • kube-goat: A deliberately vulnerable Kubernetes cluster

  • TerraGoat: Bridgecrew’s “Vulnerable by Design” Terraform stack

  • Cfngoat: Bridgecrew’s “Vulnerable by design” Cloudformation template

  • Kubernetes Local Security Testing Lab: Lab environment for testing Kubernetes exploits and security tools entirely locally on a single machine

  • Pequod - Container hacking lab environment.

  • kctf - kCTF is a Kubernetes-based infrastructure for CTF competitions.

  • Simulator - A distributed systems and infrastructure simulator for attacking and debugging Kubernetes

  • IAM Vulnerable - Deploys over 250 IAM resources in your account and supports around 31 privelege esclation paths.

Edit me on Github