#cloud

cloudlist
sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

ThreatMapper
ThreatMapper

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

driftctl
driftctl

Detect, track and alert on infrastructure drift.

tfsec
tfsec

Security scanner for your Terraform code.

axiom
axiom

Distribute the workload of many different scanning tools with ease.

terraform
terraform

Enables you to safely and predictably create, change, and improve infrastructure.

wazuh
wazuh

The open source security platform.

OpenBuckets
OpenBuckets

Online platform for finding open buckets in cloud storage systems effortlessly.

BucketLoot
BucketLoot

An automated S3-compatible bucket inspector.

gcp_scanner
gcp_scanner

A comprehensive scanner for Google Cloud.

Kaeferjaeger
Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

TokenTactics
TokenTactics

Azure JWT token manipulation toolset.

cloudsploit
cloudsploit

Cloud Security Posture Management (CSPM).

Ghostbuster
Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

MSOLSpray
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

IAMagic
IAMagic

Advanced AWS access credentials scanner.

AWS Sensitive Permissions
AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

MicroBurst
MicroBurst

A collection of scripts for assessing Microsoft Azure security.

o365recon
o365recon

Retrieve information via O365 and AzureAD with valid credentials.

DVCA
DVCA

Damn vulnerable cloud application.

AzureGoat
AzureGoat

A damn vulnerable Azure infrastructure.

AWSGoat
AWSGoat

A damn vulnerable AWS infrastructure.

GCPBucketBrute
GCPBucketBrute

Enumerate Google Storage buckets, check the access and if they can be privilege escalated.

Splunk
Splunk

The unified security and observability platform.

NetWitness
NetWitness

Rapidly detect and respond to any threat, anywhere. See Everything. Fear Nothing.

AWSloot
AWSloot

Pull secrets from an AWS environment.

AzureADLateralMovement
AzureADLateralMovement

Lateral movement graph for Azure Active Directory.

Vajra
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

Offensive-Azure
Offensive-Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.

s3recon
s3recon

Amazon S3 bucket finder and crawler.

bucket_finder
bucket_finder

DigiNinja's bucket_finder utility.

CloudFrunt
CloudFrunt

A tool for identifying misconfigured CloudFront domains.

CloudJack
CloudJack

Route53/CloudFront Vulnerability assessment utility.

CloudMapper
CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

Bucket Stream
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Oculus
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

Nimbostratus
Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

ScoutSuite
ScoutSuite

Multi-cloud security auditing tool.

s3reverse
s3reverse

The format of various S3 buckets is convert in one format.

MagicRecon
MagicRecon

A powerful shell script to maximize the recon and data collection process.

NSDetect
NSDetect

Utility to detect AWS NS Takeover.

GrayhatWarfare
GrayhatWarfare

Search for buckets and URL shorteners.

Covenant
Covenant

Collaborative C2 framework for red teamers.

WeirdAAL
WeirdAAL

AWS Attack Library.

barq
barq

The AWS Cloud Post Exploitation framework!

Mass3
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

GyoiThon
GyoiThon

Growing penetration test tool using Machine Learning.

SubDomainizer
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

AWS Extender CLI
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

Smogcloud
Smogcloud

Find cloud assets that no one wants exposed.

Pacu
Pacu

The exploitation framework designed for testing the security of AWS environments.

AWS security checks
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

Betterscan
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

NSBrute
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

S3Scanner
S3Scanner

Scan for open S3 buckets and dump the contents.

AWSBucketDump
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

S3Viewer
S3Viewer

Publicly open storage viewer.

FestIN
FestIN

The powered S3 bucket finder and content discover.

mass-s3-bucket-tester
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

S3BucketList
S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

dirlstr
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

Burp-AnonymousCloud
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

kicks3
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

2tearsinabucket
2tearsinabucket

Enumerate s3 buckets for a specific target.

S3 Objects Check
S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

s3tk
s3tk

A security toolkit for Amazon S3.

s3cario
s3cario

Performs buckets checks from a given list of subdomains.

S3Cruze
S3Cruze

All-in-one AWS S3 bucket tool.

Sandcastle
Sandcastle

A Python script for AWS S3 bucket enumeration.

Prowler
Prowler

Open Source Security tool to perform Cloud Security best practices

Rusty Hog
Rusty Hog

A suite of secret scanners built in Rust for performance.

dufflebag
dufflebag

Search exposed EBS volumes for secrets.

Oh365UserFinder
Oh365UserFinder

O365 user enumeration and password spraying tool.

grafana-ssrf
grafana-ssrf

Authenticated SSRF in Grafana.

GHunt
GHunt

Offensive Google framework.

GoCloud
GoCloud

Checks whether a domain is hosted on a cloud service.

CloudScraper
CloudScraper

Tool to enumerate targets in search of cloud resources.

dnsReaper
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

cloud_enum
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Slurp
Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

Cloudfox
Cloudfox

Automating situational awareness for cloud penetration tests.

s3-buckets-finder
s3-buckets-finder

Find AWS S3 buckets and test their permissions.

Teh S3 Bucketeers
Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

lazys3
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

TruffleHog
TruffleHog

Find credentials all over the place.