Alternatives and similar repositories for aws_ir

Users that are interested in aws_ir are comparing it to the libraries listed below

• ThreatResponse / margaritashotgun

  View on GitHub
  Remote Memory Acquisition Tool
  ☆252Sep 22, 2020Updated 5 years ago
• ThreatResponse / aws_ir_plugins

  View on GitHub
  Core incident handling plugins for aws_ir cli, incident pony, and more.
  ☆21Jul 7, 2018Updated 7 years ago
• ThreatResponse / ThreatPrep

  View on GitHub
  Python module for evaluation of AWS account best practices around incident handling readieness.
  ☆55Jun 26, 2020Updated 5 years ago
• ThreatResponse / threatresponse_web

  View on GitHub
  Web based analysis platform for use with the AWS_IR command line tool.
  ☆17Aug 4, 2016Updated 9 years ago
• awslabs / aws-security-automation

  View on GitHub
  Collection of scripts and resources for DevSecOps and Automated Incident Response Security
  ☆634Jan 14, 2026Updated last month
• mozilla / ssm-acquire

  View on GitHub
  A python module for orchestrating content acquisitions and analysis via amazon ssm.
  ☆58Nov 2, 2023Updated 2 years ago
• ThreatResponse / mad-king

  View on GitHub
  Proof of Concept Zappa Based AWS Persistence and Attack Platform
  ☆40Jun 26, 2020Updated 5 years ago
• easttimor / aws-incident-response

  View on GitHub
  ☆374Feb 23, 2024Updated last year
• willbengtson / trailblazer-aws

  View on GitHub
  Blazing CloudTrail since 2018
  ☆138Jan 27, 2019Updated 7 years ago
• ReversecLabs / leonidas

  View on GitHub
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆602Nov 28, 2024Updated last year
• Netflix-Skunkworks / cloudtrail-anomaly

  View on GitHub
  ☆83Dec 5, 2019Updated 6 years ago
• dagrz / aws_pwn

  View on GitHub
  A collection of AWS penetration testing junk
  ☆1,217Aug 30, 2023Updated 2 years ago
• Netflix-Skunkworks / diffy

  View on GitHub
  (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR)…
  ☆631Jan 11, 2024Updated 2 years ago
• carnal0wnage / weirdAAL

  View on GitHub
  WeirdAAL (AWS Attack Library)
  ☆837Jan 13, 2025Updated last year
• opensourcesec / CIRTKit

  View on GitHub
  Tools for the Computer Incident Response Team
  ☆150Apr 17, 2017Updated 8 years ago
• awslabs / aws-automated-incident-response-and-forensics

  View on GitHub
  ☆401Sep 25, 2023Updated 2 years ago
• andrewkrug / fargate-ir

  View on GitHub
  Proof of concept incident response demo using SSM and AWS Fargate.
  ☆14Dec 5, 2019Updated 6 years ago
• DefensePointSecurity / threat_note

  View on GitHub
  DPS' Lightweight Investigation Notebook
  ☆433Dec 31, 2023Updated 2 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,715Jan 21, 2026Updated 3 weeks ago
• palantir / alerting-detection-strategy-framework

  View on GitHub
  A framework for developing alerting and detection strategies for incident response.
  ☆837Sep 8, 2025Updated 5 months ago
• duo-labs / cloudtracker

  View on GitHub
  CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  ☆907Dec 17, 2021Updated 4 years ago
• dowjones / hammer

  View on GitHub
  Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
  ☆447Jul 17, 2023Updated 2 years ago
• toniblyx / aws-forensic-tools

  View on GitHub
  Tools for AWS forensics
  ☆65Mar 4, 2016Updated 9 years ago
• certsocietegenerale / FIR

  View on GitHub
  Fast Incident Response
  ☆1,988Updated this week
• nccgroup / Scout2

  View on GitHub
  Security auditing tool for AWS environments
  ☆1,725Nov 28, 2018Updated 7 years ago
• duo-labs / cloudtrail-partitioner

  View on GitHub
  ☆157Jul 8, 2023Updated 2 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• Netflix / security_monkey

  View on GitHub
  Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  ☆4,373Feb 11, 2021Updated 5 years ago
• ThreatHuntingProject / ThreatHunting

  View on GitHub
  An informational repo about hunting for adversaries in your IT environment.
  ☆1,846Nov 17, 2021Updated 4 years ago
• awslabs / aws-cloudsaga

  View on GitHub
  AWS CloudSaga - Simulate security events in AWS
  ☆472Feb 7, 2026Updated last week
• Netflix / repokid

  View on GitHub
  AWS Least Privilege for Distributed, High-Velocity Deployment
  ☆1,148Nov 24, 2025Updated 2 months ago
• rams3sh / Aaia

  View on GitHub
  AWS Identity and Access Management Visualizer and Anomaly Finder
  ☆298Jan 23, 2026Updated 3 weeks ago
• Netflix-Skunkworks / aws-metadata-proxy

  View on GitHub
  AWS Metadata Proxy for protection against SSRF
  ☆68Mar 3, 2020Updated 5 years ago
• arkadiyt / aws_public_ips

  View on GitHub
  Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
  ☆641Apr 29, 2021Updated 4 years ago
• uber-common / metta

  View on GitHub
  An information security preparedness tool to do adversarial simulation.
  ☆1,142Apr 1, 2019Updated 6 years ago
• awslabs / amazon-guardduty-tester

  View on GitHub
  This repository can be used to generate and evaluate findings detected by Amazon GuardDuty
  ☆419Jan 7, 2026Updated last month
• SecurityFTW / cs-suite

  View on GitHub
  Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
  ☆1,165Dec 8, 2022Updated 3 years ago
• RhinoSecurityLabs / ccat

  View on GitHub
  Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  ☆647Nov 21, 2019Updated 6 years ago
• orlikoski / CDQR

  View on GitHub
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆345Jun 25, 2022Updated 3 years ago