Awesome cloud enumerator
☆1,103Mar 9, 2025Updated 11 months ago
Alternatives and similar repositories for CloudBrute
Users that are interested in CloudBrute are comparing it to the libraries listed below
Sorting:
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.☆2,034Jul 12, 2025Updated 7 months ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆605Nov 28, 2024Updated last year
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆645Nov 21, 2019Updated 6 years ago
- Automating situational awareness for cloud penetration tests.☆2,299Updated this week
- Validate proxies for specific domain☆38Aug 14, 2021Updated 4 years ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆1,006Updated this week
- A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure☆755Oct 14, 2023Updated 2 years ago
- The Swiss Army knife for automated Web Application Testing☆2,323May 8, 2024Updated last year
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆5,080Feb 24, 2026Updated last week
- Scan for misconfigured S3 buckets across S3-compatible APIs!☆2,998Dec 11, 2025Updated 2 months ago
- This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage clou…☆2,803Sep 17, 2024Updated last year
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findin…☆7,280Updated this week
- Find cloud assets that no one wants exposed 🔎 ☁️☆348Jul 20, 2020Updated 5 years ago
- OSINT tools and more but without API key☆1,484Feb 15, 2026Updated 3 weeks ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,062Jan 2, 2024Updated 2 years ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆532Mar 7, 2022Updated 4 years ago
- 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.☆4,859Feb 28, 2026Updated last week
- Rockyou for web fuzzing☆3,033Feb 11, 2026Updated 3 weeks ago
- Contextual Content Discovery Tool☆3,106Apr 29, 2024Updated last year
- Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.☆1,405Feb 10, 2026Updated 3 weeks ago
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via E…☆8,497Nov 16, 2025Updated 3 months ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing☆3,012Jun 24, 2024Updated last year
- A collection of scripts for assessing Microsoft Azure security☆2,313Oct 29, 2025Updated 4 months ago
- Multi-Cloud Security Auditing Tool☆7,562Sep 23, 2025Updated 5 months ago
- Convolutional neural network for analyzing pentest screenshots☆1,279Feb 19, 2024Updated 2 years ago
- Making Favicon.ico based Recon Great again !☆1,268Aug 29, 2023Updated 2 years ago
- Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned ent…☆2,131Feb 23, 2026Updated last week
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,535Feb 5, 2026Updated last month
- Gotator is a tool to generate DNS wordlists through permutations.☆507Jul 17, 2022Updated 3 years ago
- A Modern Orchestration Engine for Security☆6,116Mar 1, 2026Updated last week
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,773May 22, 2024Updated last year
- The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, f…☆4,352Sep 30, 2024Updated last year
- Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling☆1,263Mar 19, 2025Updated 11 months ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆436Dec 30, 2025Updated 2 months ago
- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool☆3,490Feb 12, 2026Updated 3 weeks ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆6,089Aug 14, 2024Updated last year
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files☆2,399May 26, 2024Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,529Jan 15, 2026Updated last month
- Automation for internal Windows Penetrationtest / AD-Security☆3,645Aug 28, 2025Updated 6 months ago