Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints
☆121Jul 13, 2025Updated 11 months ago
Alternatives and similar repositories for SneakyEndpoints
Users that are interested in SneakyEndpoints are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆59Sep 20, 2023Updated 2 years ago
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆291Nov 27, 2025Updated 6 months ago
- Collection of Slides From My Conference Talks☆21Nov 21, 2022Updated 3 years ago
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆24Apr 27, 2026Updated last month
- Swift code to run a dylib on disk☆16May 9, 2022Updated 4 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- AWS CloudSaga - Simulate security events in AWS☆477Updated this week
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- Generate datasets of cloud audit logs for common attacks☆240May 7, 2026Updated last month
- AWS Attack Path Management Tool - Walking on the Moon☆263Dec 5, 2024Updated last year
- Determine privileges from cloud credentials via brute-force testing.☆69Aug 22, 2024Updated last year
- Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized repo…☆2,224Jun 3, 2026Updated last week
- A tool for quickly evaluating IAM permissions in AWS.☆1,561Aug 2, 2024Updated last year
- Utility for downloading and mounting EBS snapshots using the EBS Direct API's☆94Mar 17, 2025Updated last year
- Resource types that can be publicly exposed on AWS☆333Feb 23, 2022Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- A meta-database collecting resources that compile lists of breaches☆22Oct 30, 2025Updated 7 months ago
- A utility to convert your AWS CLI credentials into AWS console access.☆261May 7, 2020Updated 6 years ago
- Granular, Actionable Adversary Emulation for the Cloud☆2,336Jun 4, 2026Updated last week
- ☆191May 29, 2026Updated 2 weeks ago
- Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.☆41Oct 29, 2024Updated last year
- ☆159Jul 8, 2023Updated 2 years ago
- all paths lead to clouds☆641Oct 11, 2023Updated 2 years ago
- Semgrep-based Policy Controller for Kubernetes☆47Apr 4, 2025Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 5 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆71May 27, 2026Updated 2 weeks ago
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed depend…☆18Nov 3, 2021Updated 4 years ago
- A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.☆17Jun 24, 2021Updated 4 years ago
- The Jolly Executioner - a simple command execution proxy☆16Jun 9, 2024Updated 2 years ago
- A tool for pointesters to find candies in SharePoint☆286Nov 4, 2022Updated 3 years ago
- A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS ac…☆156Nov 14, 2025Updated 6 months ago
- ☆233May 29, 2026Updated 2 weeks ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- ☆13Mar 31, 2023Updated 3 years ago
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆52Nov 12, 2024Updated last year
- Crowdsourced list of sensitive IAM Actions☆158Oct 29, 2024Updated last year
- Threat Box Assessment Tool☆19Mar 5, 2026Updated 3 months ago
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆651Nov 21, 2019Updated 6 years ago
- Pentesting framework for GCP that enumerates/downloads data that feeds into a BloodHound Opengraph model. Includes credential management,…☆300Updated this week
- Automating situational awareness for cloud penetration tests.☆2,421May 26, 2026Updated 2 weeks ago