#aws

cloudlist on offsec.tools
Sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

#aws   #azure   #cloud   #google  

Covenant on offsec.tools
Featured
Covenant

Collaborative C2 framework for red teamers.

#api   #aws   #cloud   #framework   #google  

Trivy on offsec.tools
Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...

#aws   #containers   #cves   #docker   #git   #kubernetes   #scanner   #vm  

cloudsploit on offsec.tools
cloudsploit

Cloud Security Posture Management (CSPM).

#alibaba   #aws   #azure   #cloud   #google  

Ghostbuster on offsec.tools
Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

#aws   #cloud   #dns   #ips  

IAMagic on offsec.tools
IAMagic

Advanced AWS access credentials scanner.

#aws   #cloud   #credentials   #iam   #scanner  

AWS Sensitive Permissions on offsec.tools
AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

#aws   #cloud   #permissions   #privesc  

DVCA on offsec.tools
DVCA

Damn vulnerable cloud application.

#aws   #cloud   #training   #vulnerabilities  

AWSGoat on offsec.tools
AWSGoat

A damn vulnerable AWS infrastructure.

#aws   #cloud   #training   #vulnerabilities  

Splunk on offsec.tools
Splunk

The unified security and observability platform.

#aws   #azure   #cloud   #logs   #monitoring   #reports  

AWSloot on offsec.tools
AWSloot

Pull secrets from an AWS environment.

#aws   #cloud   #secrets  

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

#aws   #azure   #cloud   #passwords   #subdomains  

s3recon on offsec.tools
s3recon

Amazon S3 bucket finder and crawler.

#aws   #buckets   #cloud  

bucket_finder on offsec.tools
bucket_finder

DigiNinja's bucket_finder utility.

#aws   #buckets   #cloud  

CloudFrunt on offsec.tools
CloudFrunt

A tool for identifying misconfigured CloudFront domains.

#aws   #cloud   #cloudfront   #domains  

CloudJack on offsec.tools
CloudJack

Route53/CloudFront Vulnerability assessment utility.

#aws   #cloud   #cloudfront   #dns  

CloudMapper on offsec.tools
CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

#aws   #cloud  

Bucket Stream on offsec.tools
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

#aws   #buckets   #certificates   #cloud  

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

#aws   #azure   #cloud   #directories   #emails   #firebase   #fuzzing   #osint   #subdomains  

Nimbostratus on offsec.tools
Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

#aws   #cloud   #fingerprint   #pivot  

ScoutSuite on offsec.tools
ScoutSuite

Multi-cloud security auditing tool.

#alibaba   #aws   #azure   #cloud   #google   #oracle   #reports  

s3reverse on offsec.tools
s3reverse

The format of various S3 buckets is convert in one format.

#aws   #buckets   #cloud   #utils  

NSDetect on offsec.tools
NSDetect

Utility to detect AWS NS Takeover.

#aws   #cloud   #dns  

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

#aws   #azure   #buckets   #cloud   #digitalocean   #endpoints   #google   #online   #shorteners  

WeirdAAL on offsec.tools
WeirdAAL

AWS Attack Library.

#aws   #buckets   #cloud   #cloudfront  

barq on offsec.tools
barq

The AWS Cloud Post Exploitation framework!

#aws   #cloud   #exploits   #framework  

Mass3 on offsec.tools
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

#aws   #buckets   #cloud  

SubDomainizer on offsec.tools
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

#aws   #azure   #buckets   #cloud   #digitalocean   #endpoints   #github   #subto  

AWS Extender CLI on offsec.tools
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

#aws   #azure   #cloud   #google  

Smogcloud on offsec.tools
Smogcloud

Find cloud assets that no one wants exposed.

#aws   #buckets   #cloud  

Pacu on offsec.tools
Pacu

The exploitation framework designed for testing the security of AWS environments.

#aws   #cloud  

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

#aws   #buckets   #burpsuite   #cloud   #scanner  

IPRotate on offsec.tools
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

#aws   #burpsuite   #firewall   #ips  

NSBrute on offsec.tools
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

#aws   #cloud   #subdomains   #subto  

S3Scanner on offsec.tools
S3Scanner

Scan for open S3 buckets and dump the contents.

#aws   #buckets   #cloud   #scanner  

AWSBucketDump on offsec.tools
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

#aws   #buckets   #cloud  

S3Viewer on offsec.tools
S3Viewer

Publicly open storage viewer.

#aws   #azure   #buckets   #cloud   #directorylisting   #ftp  

FestIN on offsec.tools
FestIN

The powered S3 bucket finder and content discover.

#aws   #buckets   #cloud   #crawler  

mass-s3-bucket-tester on offsec.tools
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

#aws   #buckets   #cloud  

S3BucketList on offsec.tools
S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

#aws   #browser   #buckets   #cloud   #firefox  

dirlstr on offsec.tools
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

#aws   #buckets   #cloud   #directorylisting  

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

#aws   #azure   #buckets   #burpsuite   #cloud   #google   #subdomains   #subto  

kicks3 on offsec.tools
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

#aws   #buckets   #cloud  

2tearsinabucket on offsec.tools
2tearsinabucket

Enumerate s3 buckets for a specific target.

#aws   #buckets   #cloud  

S3 Objects Check on offsec.tools
S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

#aws   #buckets   #cloud  

s3tk on offsec.tools
s3tk

A security toolkit for Amazon S3.

#aws   #buckets   #cloud  

CloudBrute on offsec.tools
CloudBrute

Awesome cloud enumerator.

#alibaba   #aws   #azure   #digitalocean   #google   #linode   #vultr  

s3cario on offsec.tools
s3cario

Performs buckets checks from a given list of subdomains.

#aws   #buckets   #cloud   #subdomains  

S3Cruze on offsec.tools
S3Cruze

All-in-one AWS S3 bucket tool.

#aws   #buckets   #cloud   #cors  

Sandcastle on offsec.tools
Sandcastle

A Python script for AWS S3 bucket enumeration.

#aws   #buckets   #cloud  

Prowler on offsec.tools
Prowler

Open Source Security tool to perform Cloud Security best practices

#aws   #azure   #cloud  

Rusty Hog on offsec.tools
Rusty Hog

A suite of secret scanners built in Rust for performance.

#aws   #buckets   #cloud   #confluence   #git   #google   #jira   #secrets   #slack  

dufflebag on offsec.tools
dufflebag

Search exposed EBS volumes for secrets.

#aws   #cloud   #ebs   #elastic   #secrets  

httprebind on offsec.tools
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

#aws   #google   #ssrf   #vulnerabilities  

GoCloud on offsec.tools
GoCloud

Checks whether a domain is hosted on a cloud service.

#aws   #azure   #cloud   #cloudflare   #ips  

CloudScraper on offsec.tools
CloudScraper

Tool to enumerate targets in search of cloud resources.

#aws   #azure   #cloud   #digitalocean  

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

#aws   #azure   #cloud   #cloudflare   #digitalocean   #dns   #subdomains   #subto  

gospider on offsec.tools
gospider

Fast web spider written in Go.

#aws   #buckets   #directories   #endpoints  

cloud_enum on offsec.tools
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

#aws   #azure   #cloud   #google   #osint  

Slurp on offsec.tools
Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

#aws   #buckets   #cloud  

Cloudfox on offsec.tools
Cloudfox

Automating situational awareness for cloud penetration tests.

#aws   #azure   #cloud   #google  

s3-buckets-finder on offsec.tools
s3-buckets-finder

Find AWS S3 buckets and test their permissions.

#aws   #buckets   #cloud  

Teh S3 Bucketeers on offsec.tools
Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

#aws   #buckets   #cloud  

lazys3 on offsec.tools
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

#aws   #buckets   #cloud  

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.

#aws   #azure   #passwords   #secrets  

TruffleHog on offsec.tools
TruffleHog

Find credentials all over the place.

#aws   #cloud   #codeanalysis   #digitalocean   #github   #secrets