A vast collection of security tools for bug bounty, pentest and red teaming

#aws

cloudlist on offsec.tools
Sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

#aws   #azure   #cloud   #google  

DVCA on offsec.tools
DVCA

Damn vulnerable cloud application.

AWSGoat on offsec.tools
AWSGoat

A damn vulnerable AWS infrastructure.

Splunk on offsec.tools
Splunk

The unified security and observability platform.

AWSloot on offsec.tools
AWSloot

Pull secrets from an AWS environment.

#aws   #cloud   #secrets  

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

s3recon on offsec.tools
s3recon

Amazon S3 bucket finder and crawler.

#aws   #buckets   #cloud  

bucket_finder on offsec.tools
bucket_finder

DigiNinja's bucket_finder utility.

#aws   #buckets   #cloud  

CloudMapper on offsec.tools
CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

#aws   #cloud  

CloudJack on offsec.tools
CloudJack

Route53/CloudFront Vulnerability assessment utility.

CloudFrunt on offsec.tools
CloudFrunt

A tool for identifying misconfigured CloudFront domains.

Bucket Stream on offsec.tools
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Nimbostratus on offsec.tools
Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

ScoutSuite on offsec.tools
ScoutSuite

Multi-cloud security auditing tool.

s3reverse on offsec.tools
s3reverse

The format of various S3 buckets is convert in one format.

#aws   #buckets   #cloud   #utils  

NSDetect on offsec.tools
NSDetect

Utility to detect AWS NS Takeover.

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

Covenant on offsec.tools
Covenant

Collaborative C2 framework for red teamers.

#api   #aws   #cloud   #framework   #google   #gui  

WeirdAAL on offsec.tools
WeirdAAL

AWS Attack Library.

barq on offsec.tools
barq

The AWS Cloud Post Exploitation framework!

Mass3 on offsec.tools
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

#aws   #buckets   #cloud  

SubDomainizer on offsec.tools
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

AWS Extender CLI on offsec.tools
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

#aws   #azure   #cloud   #google  

Smogcloud on offsec.tools
Smogcloud

Find cloud assets that no one wants exposed.

#aws   #buckets   #cloud  

Pacu on offsec.tools
Pacu

The exploitation framework designed for testing the security of AWS environments.

#aws   #cloud  

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

IPRotate on offsec.tools
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

NSBrute on offsec.tools
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

Sandcastle on offsec.tools
Sandcastle

A Python script for AWS S3 bucket enumeration.

#aws   #buckets   #cloud  

S3Cruze on offsec.tools
S3Cruze

All-in-one AWS S3 bucket tool.

#aws   #buckets   #cloud   #cors  

s3cario on offsec.tools
s3cario

Performs buckets checks from a given list of subdomains.

CloudBrute on offsec.tools
CloudBrute

Awesome cloud enumerator.

s3tk on offsec.tools
s3tk

A security toolkit for Amazon S3.

#aws   #buckets   #cloud  

S3 Objects Check on offsec.tools
S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

#aws   #buckets   #cloud  

2tearsinabucket on offsec.tools
2tearsinabucket

Enumerate s3 buckets for a specific target.

#aws   #buckets   #cloud  

kicks3 on offsec.tools
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

#aws   #buckets   #cloud  

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

dirlstr on offsec.tools
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

S3BucketList on offsec.tools
S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

mass-s3-bucket-tester on offsec.tools
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

#aws   #buckets   #cloud  

FestIN on offsec.tools
FestIN

The powered S3 bucket finder and content discover.

S3Viewer on offsec.tools
S3Viewer

Publicly open storage viewer.

AWSBucketDump on offsec.tools
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

#aws   #buckets   #cloud  

S3Scanner on offsec.tools
S3Scanner

Scan for open S3 buckets and dump the contents.

Prowler on offsec.tools
Prowler

Open Source Security tool to perform Cloud Security best practices

#aws   #azure   #cloud  

dufflebag on offsec.tools
dufflebag

Search exposed EBS volumes for secrets.

#aws   #cloud   #ebs   #elastic   #secrets  

Rusty Hog on offsec.tools
Rusty Hog

A suite of secret scanners built in Rust for performance.

httprebind on offsec.tools
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

GoCloud on offsec.tools
GoCloud

Checks whether a domain is hosted on a cloud service.

CloudScraper on offsec.tools
CloudScraper

Tool to enumerate targets in search of cloud resources.

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

gospider on offsec.tools
gospider

Fast web spider written in Go.

cloud_enum on offsec.tools
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

#aws   #azure   #cloud   #google   #osint  

Slurp on offsec.tools
Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

#aws   #buckets   #cloud  

Cloudfox on offsec.tools
Cloudfox

Automating situational awareness for cloud penetration tests.

#aws   #azure   #cloud   #google  

s3-buckets-finder on offsec.tools
s3-buckets-finder

Find AWS S3 buckets and test their permissions.

#aws   #buckets   #cloud  

lazys3 on offsec.tools
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

#aws   #buckets   #cloud  

Teh S3 Bucketeers on offsec.tools
Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

#aws   #buckets   #cloud  

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.

TruffleHog on offsec.tools
TruffleHog

Find credentials all over the place.