#azure

cloudlist
sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

pingcastle
pingcastle

Get Active Directory security at 80% in 20% of the time.

driftctl
driftctl

Detect, track and alert on infrastructure drift.

axiom
axiom

Distribute the workload of many different scanning tools with ease.

OpenBuckets
OpenBuckets

Online platform for finding open buckets in cloud storage systems effortlessly.

BloodHound
BloodHound

Six Degrees of Domain Admin.

TokenTactics
TokenTactics

Azure JWT token manipulation toolset.

cloudsploit
cloudsploit

Cloud Security Posture Management (CSPM).

CypherDog
CypherDog

PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.

MSOLSpray
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

MicroBurst
MicroBurst

A collection of scripts for assessing Microsoft Azure security.

o365recon
o365recon

Retrieve information via O365 and AzureAD with valid credentials.

AzureGoat
AzureGoat

A damn vulnerable Azure infrastructure.

Splunk
Splunk

The unified security and observability platform.

AzureADLateralMovement
AzureADLateralMovement

Lateral movement graph for Azure Active Directory.

Vajra
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

Offensive-Azure
Offensive-Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.

Oculus
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

ScoutSuite
ScoutSuite

Multi-cloud security auditing tool.

GrayhatWarfare
GrayhatWarfare

Search for buckets and URL shorteners.

SQLRecon
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

SubDomainizer
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

AWS Extender CLI
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

S3Viewer
S3Viewer

Publicly open storage viewer.

Burp-AnonymousCloud
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

CloudBrute
CloudBrute

Awesome cloud enumerator.

Prowler
Prowler

Open Source Security tool to perform Cloud Security best practices

grafana-ssrf
grafana-ssrf

Authenticated SSRF in Grafana.

GoCloud
GoCloud

Checks whether a domain is hosted on a cloud service.

CloudScraper
CloudScraper

Tool to enumerate targets in search of cloud resources.

dnsReaper
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

cloud_enum
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Cloudfox
Cloudfox

Automating situational awareness for cloud penetration tests.

DumpsterDiver
DumpsterDiver

Tool to search secrets in various filetypes.