#aws

cloudlist
sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

ThreatMapper
ThreatMapper

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

driftctl
driftctl

Detect, track and alert on infrastructure drift.

axiom
axiom

Distribute the workload of many different scanning tools with ease.

OpenBuckets
OpenBuckets

Online platform for finding open buckets in cloud storage systems effortlessly.

BucketLoot
BucketLoot

An automated S3-compatible bucket inspector.

Trivy
Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...

cloudsploit
cloudsploit

Cloud Security Posture Management (CSPM).

Ghostbuster
Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

IAMagic
IAMagic

Advanced AWS access credentials scanner.

AWS Sensitive Permissions
AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

DVCA
DVCA

Damn vulnerable cloud application.

AWSGoat
AWSGoat

A damn vulnerable AWS infrastructure.

Splunk
Splunk

The unified security and observability platform.

AWSloot
AWSloot

Pull secrets from an AWS environment.

Vajra
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

s3recon
s3recon

Amazon S3 bucket finder and crawler.

bucket_finder
bucket_finder

DigiNinja's bucket_finder utility.

CloudFrunt
CloudFrunt

A tool for identifying misconfigured CloudFront domains.

CloudJack
CloudJack

Route53/CloudFront Vulnerability assessment utility.

CloudMapper
CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

Bucket Stream
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Oculus
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

Nimbostratus
Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

ScoutSuite
ScoutSuite

Multi-cloud security auditing tool.

s3reverse
s3reverse

The format of various S3 buckets is convert in one format.

NSDetect
NSDetect

Utility to detect AWS NS Takeover.

GrayhatWarfare
GrayhatWarfare

Search for buckets and URL shorteners.

Covenant
Covenant

Collaborative C2 framework for red teamers.

WeirdAAL
WeirdAAL

AWS Attack Library.

barq
barq

The AWS Cloud Post Exploitation framework!

Mass3
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

SubDomainizer
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

AWS Extender CLI
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

Smogcloud
Smogcloud

Find cloud assets that no one wants exposed.

Pacu
Pacu

The exploitation framework designed for testing the security of AWS environments.

AWS security checks
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

IPRotate
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

NSBrute
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

S3Scanner
S3Scanner

Scan for open S3 buckets and dump the contents.

AWSBucketDump
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

S3Viewer
S3Viewer

Publicly open storage viewer.

FestIN
FestIN

The powered S3 bucket finder and content discover.

mass-s3-bucket-tester
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

S3BucketList
S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

dirlstr
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

Burp-AnonymousCloud
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

kicks3
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

2tearsinabucket
2tearsinabucket

Enumerate s3 buckets for a specific target.

S3 Objects Check
S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

s3tk
s3tk

A security toolkit for Amazon S3.

CloudBrute
CloudBrute

Awesome cloud enumerator.

s3cario
s3cario

Performs buckets checks from a given list of subdomains.

S3Cruze
S3Cruze

All-in-one AWS S3 bucket tool.

Sandcastle
Sandcastle

A Python script for AWS S3 bucket enumeration.

Prowler
Prowler

Open Source Security tool to perform Cloud Security best practices

Rusty Hog
Rusty Hog

A suite of secret scanners built in Rust for performance.

dufflebag
dufflebag

Search exposed EBS volumes for secrets.

httprebind
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

GoCloud
GoCloud

Checks whether a domain is hosted on a cloud service.

CloudScraper
CloudScraper

Tool to enumerate targets in search of cloud resources.

dnsReaper
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

gospider
gospider

Fast web spider written in Go.

cloud_enum
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Slurp
Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

Cloudfox
Cloudfox

Automating situational awareness for cloud penetration tests.

s3-buckets-finder
s3-buckets-finder

Find AWS S3 buckets and test their permissions.

Teh S3 Bucketeers
Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

lazys3
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

DumpsterDiver
DumpsterDiver

Tool to search secrets in various filetypes.

TruffleHog
TruffleHog

Find credentials all over the place.