Awesome list for cloud (mostly AWS), security, pentesting related projects and libraries.

NOTE: This isn't an endorsement of any of these projects. I'm mostly using this as a way to keep track of interesting projects I come across.

• AWS

  • Info
    • aws_exposable_resources -- Resource types that can be publicly exposed on AWS
    • aws_managed_policies -- [MAMIP] Monitor AWS Managed IAM Policies Changes
    • Security Tool Comparison -- Comparisons between various security tools.
  • Offensive Security
    • pacu -- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
    • aws_pwn -- A collection of AWS penetration testing junk.
    • IAMFinder -- Enumerates and finds users and IAM roles in a target AWS account.
    • enumerate-iam -- Brute force enumeration of permissions associated with AWS credential set.
    • endgame -- An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
  • General Utilities
    • coldsnap -- A command line interface for Amazon EBS snapshots
    • lsh -- Run interactive shell commands on AWS Lambda
    • dsnap -- Utility for downloading and mounting EBS snapshots using the EBS Direct API's
    • former2 -- Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.
  • Offline Web Console's
    • ScoutSuite -- Multi-Cloud Security Auditing Tool
  • Resource analysis
    • awspx -- Graph-based tool for visualizing effective access and resource relationships.
    • PMapper -- A tool for quickly evaluating IAM permissions in AWS.
    • aws_public_ips -- Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
      • Fork that handles multiple regions: https://github.com/breser/aws_public_ips
  • Resource DBs
    • steampipe -- The extensible SQL interface to your favorite cloud APIs.
    • introspector -- A schema and set of tools for using SQL to query cloud infrastructure
    • cartography -- Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
    • cloudquery -- cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
  • Visual Resource Graphing
    • cloudsplaining -- Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
    • cloudiscovery -- Discover resources in the cloud environment.
    • cloudmapper -- Analyze your Amazon Web Services (AWS) environments
      • Note: Takes advantage of existing botocore definitions for discovery.
    • hammer -- Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
  • Linting/Static Analysis
    • parliament -- AWS IAM linting library
  • Auditing
    • rpCheckup -- rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
    • prowler -- Best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
    • AWS Config -- Lambda's that analyze resource state and changes, primarily in AWS but extensible
  • Least privilege
    • policy_sentry -- IAM Least Privilege Policy Generator.
    • repokid -- IAM least privilege service
    • cloudtracker -- Finds over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
    • iamlive -- Generate a basic IAM policy from AWS client-side monitoring (CSM)
    • aws-leastprivilege -- Generates an IAM policy for the CloudFormation service role that adheres to least privilege.

• Terraform

  • Terraform Static Analysis
    • checkov -- Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
    • terrascan
      • Related: KaiMonkey
  • AirIAM -- Least privilege AWS IAM Terraformer.
  • terraform_aws_scp -- AWS Organizations Service Control Policies (SCPs) for Terraform.

• Secret Scanning

  • DumpsterDiver -- Tool to search secrets in various filetypes.
  • ebs-direct-sec-tools -- Uses EBS Direct API to scan blocks for secrets

• Azure

  • CRT -- This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard to find permissions and configuration settings in order to assist organizations in securing these environments.

• Containers

  • deepce -- Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE).
  • ccat -- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

• Networking

  • proxify -- Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
  • CloudFail -- Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network.

• Development

  • chalice -- Python Serverless Microframework for AWS
  • placebo -- Make boto3 calls that look real but have no effect.
  • serverlessish -- Run the same Docker images in AWS Lambda and AWS ECS

• Infrastructure

  • website-openid-proxy -- This service provides authenticated access to a static website hosted in an s3 bucket.

• Config

  • https://asecure.cloud/l/p_conformance_packs/

• Learning Environments

  • https://www.blackhillsinfosec.com/how-to-applied-purple-teaming-lab-build-on-azure-with-terraform/

• Opa

  • opa -- An open source, general-purpose policy engine.
  • fregot -- Alternative REPL to OPA's built-in interpreter.
  • policy-hub-cli -- CLI for searching Rego policies

• Windows

  • (BloodHound)[https://github.com/BloodHoundAD/BloodHound] -- Six Degrees of Domain Admin

• Other

  • exec-template -- Super simple go templater.
  • leapp -- Potential alternative to aws-vault