BishopFox / smogcloud
Find cloud assets that no one wants exposed π βοΈ
β339Updated 4 years ago
Alternatives and similar repositories for smogcloud:
Users that are interested in smogcloud are comparing it to the libraries listed below
- Search exposed EBS volumes for secretsβ297Updated last year
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.β247Updated last week
- β247Updated 9 months ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.β514Updated last year
- A tool geared towards pentesting APIs using OpenAPI definitions.β174Updated 2 years ago
- Cloud-related research releases from the Rhino Security Labs team.β384Updated 4 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Updated 3 years ago
- FestIn - Open S3 Bucket Scannerβ232Updated 4 years ago
- AWS S3 Bucket/Object Finderβ119Updated 3 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes β¦β256Updated 2 years ago
- A tool to hunt for credentials in github wild AKA git*huntβ294Updated 2 years ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloβ¦β124Updated last year
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.β134Updated 4 years ago
- A Docker container for remote penetration testing.β135Updated 4 years ago
- Benchmarking repo for secrets scanningβ231Updated 7 months ago
- Weaponizing Live CT logs for automated monitoring ofΒ assetsβ133Updated 3 years ago
- Cross Origin Resource Sharing MisConfiguration Scannerβ173Updated 3 years ago
- secretz, minimizing the large attack surface of Travis CIβ326Updated 2 years ago
- GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingβ¦β205Updated last year
- BurpSuite Extension: A one-stop pen testing checklist and logger toolβ265Updated 2 years ago
- Material for the training "Developing Burp Suite Extensions β From Manual Testing to Security Automation"β350Updated 4 years ago
- Bugbounty scope toolβ327Updated last month
- β274Updated 3 years ago
- A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover supportβ293Updated last month
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).β122Updated 2 years ago
- Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Muβ¦β221Updated 4 years ago
- A tool for identifying misconfigured CloudFront domainsβ351Updated 4 years ago
- Find AWS S3 buckets and test their permissions.β381Updated 2 years ago
- A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server forβ¦β190Updated 4 years ago
- Damn Vulnerable Cloud Applicationβ192Updated 6 years ago