0xsha / CloudBruteView external linksLinks
Awesome cloud enumerator
☆1,092Mar 9, 2025Updated 11 months ago
Alternatives and similar repositories for CloudBrute
Users that are interested in CloudBrute are comparing it to the libraries listed below
Sorting:
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.☆2,012Jul 12, 2025Updated 7 months ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆602Nov 28, 2024Updated last year
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆647Nov 21, 2019Updated 6 years ago
- Automating situational awareness for cloud penetration tests.☆2,289Feb 5, 2026Updated last week
- Validate proxies for specific domain☆38Aug 14, 2021Updated 4 years ago
- A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure☆754Oct 14, 2023Updated 2 years ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆998Updated this week
- The Swiss Army knife for automated Web Application Testing☆2,324May 8, 2024Updated last year
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆5,065Updated this week
- Scan for misconfigured S3 buckets across S3-compatible APIs!☆2,998Dec 11, 2025Updated 2 months ago
- This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage clou…☆2,804Sep 17, 2024Updated last year
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findin…☆7,192Updated this week
- Find cloud assets that no one wants exposed 🔎 ☁️☆349Jul 20, 2020Updated 5 years ago
- OSINT tools and more but without API key☆1,473Jun 29, 2025Updated 7 months ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,059Jan 2, 2024Updated 2 years ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆534Mar 7, 2022Updated 3 years ago
- 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.☆4,835Updated this week
- Rockyou for web fuzzing☆3,014Aug 28, 2025Updated 5 months ago
- Contextual Content Discovery Tool☆3,085Apr 29, 2024Updated last year
- Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.☆1,397Updated this week
- reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via E…☆8,464Nov 16, 2025Updated 2 months ago
- Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing☆2,998Jun 24, 2024Updated last year
- A collection of scripts for assessing Microsoft Azure security☆2,300Oct 29, 2025Updated 3 months ago
- Multi-Cloud Security Auditing Tool☆7,537Sep 23, 2025Updated 4 months ago
- Convolutional neural network for analyzing pentest screenshots☆1,278Feb 19, 2024Updated last year
- Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned ent…��☆2,106Nov 18, 2024Updated last year
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,515Feb 5, 2026Updated last week
- Gotator is a tool to generate DNS wordlists through permutations.☆503Jul 17, 2022Updated 3 years ago
- Making Favicon.ico based Recon Great again !☆1,261Aug 29, 2023Updated 2 years ago
- A Modern Orchestration Engine for Security☆6,096Updated this week
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,755May 22, 2024Updated last year
- The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, f…☆4,346Sep 30, 2024Updated last year
- Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling☆1,254Mar 19, 2025Updated 10 months ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆438Dec 30, 2025Updated last month
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆975Jan 12, 2024Updated 2 years ago
- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool☆3,475Updated this week
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆6,042Aug 14, 2024Updated last year
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files☆2,376May 26, 2024Updated last year
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,515Jan 15, 2026Updated last month