Stars
All about bug bounty (bypasses, payloads, and etc)
superwerker can help you get started with the AWS Cloud quickly without investing in consultants or devoting time to extensive research. superwerker is a free, open-source solution that lets you qu…
An AWS tool to help you create a point in time assessment of your AWS account using Prowler.
Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, h…
agnivesh / endgame
Forked from DavidDikker/endgameAn AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for precise detection and notification specifically for honeyservic…
Get notified when actions are taken in the AWS Console.
Centralizing AWS CloudWatch log forwarding via EventBridge and Step Functions
Terraform scripts that create a honey pot within AWS
List of Awesome Asset Discovery Resources
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
An AWS SAM template for deploying Steampipe in Fargate to take an inventory of selected AWS resources across an entire AWS Organization.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Find broken links, missing images, etc within your HTML.
A repository of breaches of AWS customers
Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Companion Repository to Linked In Learning Course "AWS Cost Control"
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
AWS CloudFormation temp 442C late for a Pi-hole over VPN using docker containers
Comet is an alert distribution framework which allows you to distribute alerts all the way to the resource owner with customizable owner lookup, de-duplication, alert formatting as well as automate…
Slides and Code for the BHUSA 2019 talk: Flying a False Flag