Alternatives and similar repositories for attack-guardduty-navigator

Users that are interested in attack-guardduty-navigator are comparing it to the libraries listed below

• easttimor / aws-incident-response

  View on GitHub
  ☆374Feb 23, 2024Updated last year
• endgameinc / varna

  View on GitHub
  Varna: Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL)
  ☆52Dec 26, 2022Updated 3 years ago
• SummitRoute / aws_exposable_resources

  View on GitHub
  Resource types that can be publicly exposed on AWS
  ☆329Feb 23, 2022Updated 3 years ago
• blackbotsecurity / AWS-Attack

  View on GitHub
  AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, …
  ☆45Mar 5, 2021Updated 4 years ago
• duo-labs / cloudtrail-partitioner

  View on GitHub
  ☆157Jul 8, 2023Updated 2 years ago
• joshzelonis / EnterpriseAPT29Eval

  View on GitHub
  ☆26Jun 22, 2022Updated 3 years ago
• CloudWanderer-io / PolicyGlass

  View on GitHub
  PolicyGlass allows you to analyse one or more AWS policies' effective permissions in aggregate, by restating them in the form of PolicySh…
  ☆60Jan 9, 2022Updated 4 years ago
• matthewdfuller / aws-guides

  View on GitHub
  AWS docs, guides, and other tools
  ☆75Feb 4, 2023Updated 3 years ago
• bradleyjkemp / threathunting

  View on GitHub
  Assorted, MIT licensed, threat hunting rules from @bradleyjkemp
  ☆14Mar 11, 2022Updated 3 years ago
• ReversecLabs / Jamf-Attack-Toolkit

  View on GitHub
  Suite of tools to facilitate attacks against the Jamf macOS management platform.
  ☆189Feb 10, 2021Updated 5 years ago
• cyberark / SkyWrapper

  View on GitHub
  SkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWS
  ☆108Mar 25, 2021Updated 4 years ago
• GhostManager / mythic_sync

  View on GitHub
  Automated activity logging utility for Mythic C2 v3.0+ with Ghostwriter v3.0+
  ☆23Jul 31, 2025Updated 6 months ago
• cedowens / macOS-browserhist-parser

  View on GitHub
  Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…
  ☆15Dec 3, 2020Updated 5 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,263Jan 21, 2026Updated 3 weeks ago
• mozilla / ssm-acquire

  View on GitHub
  A python module for orchestrating content acquisitions and analysis via amazon ssm.
  ☆58Nov 2, 2023Updated 2 years ago
• lacework / lacework-labs

  View on GitHub
  ☆18Dec 6, 2022Updated 3 years ago
• center-for-threat-informed-defense / security-stack-mappings

  View on GitHub
  🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is k…
  ☆389Apr 3, 2024Updated last year
• zoph-io / MAMIP

  View on GitHub
  Monitor AWS Managed IAM Policies Changes
  ☆493Updated this week
• attactics / cslogwatch

  View on GitHub
  Cobalt Strike log state tracking, parsing, and storage
  ☆24Jul 18, 2019Updated 6 years ago
• joshlarsen / aws-recon

  View on GitHub
  Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
  ☆554Jul 13, 2025Updated 7 months ago
• OTRF / SimuLand

  View on GitHub
  Cloud Templates and scripts to deploy mordor environments
  ☆129Mar 3, 2021Updated 4 years ago
• panther-labs / panther-analysis

  View on GitHub
  Built-in Panther detection rules and policies
  ☆439Updated this week
• magoo / ato-checklist

  View on GitHub
  A checklist of practices for organizations dealing with account takeover (ATO)
  ☆276Oct 4, 2024Updated last year
• rams3sh / Aaia

  View on GitHub
  AWS Identity and Access Management Visualizer and Anomaly Finder
  ☆298Jan 23, 2026Updated 3 weeks ago
• OpenCSPM / opencspm

  View on GitHub
  Open Cloud Security Posture Management Engine
  ☆343Feb 19, 2022Updated 3 years ago
• aws-samples / elevate-your-aws-iam-policy-using-iam-access-analyzer

  View on GitHub
  This implementation demonstrates the AWS Identity and Access Management (IAM) Access Analyzer policy validation capability. Learn how to …
  ☆24Jun 16, 2022Updated 3 years ago
• nccgroup / SFPolDevChk

  View on GitHub
  Salesforce Policy Deviation Checker
  ☆30Sep 30, 2020Updated 5 years ago
• its-a-feature / macos-popups

  View on GitHub
  Catalog Red Team techniques that cause popups in various macOS versions
  ☆15Nov 18, 2024Updated last year
• spotify / terraform-google-grr

  View on GitHub
  A Terraform module for GRR: the distributed incident forensics and response framework
  ☆52May 6, 2020Updated 5 years ago
• ch33r10 / BlueSpace2021

  View on GitHub
  Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!
  ☆13Jun 5, 2023Updated 2 years ago
• Frichetten / ssm-agent-research

  View on GitHub
  This is a custom SSM agent which is sorta functional
  ☆17Jul 5, 2021Updated 4 years ago
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 4 years ago
• fastlorenzo / redelk-kibana-app

  View on GitHub
  Kibana app for RedELK
  ☆18Mar 19, 2023Updated 2 years ago
• nccgroup / PMapper

  View on GitHub
  A tool for quickly evaluating IAM permissions in AWS.
  ☆1,539Aug 2, 2024Updated last year
• ReversecLabs / leonidas

  View on GitHub
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆602Nov 28, 2024Updated last year
• willbengtson / trailblazer-aws

  View on GitHub
  Blazing CloudTrail since 2018
  ☆138Jan 27, 2019Updated 7 years ago
• aws-samples / aws-incident-response-playbooks

  View on GitHub
  ☆1,049Aug 22, 2025Updated 5 months ago
• domain-protect / domain-protect

  View on GitHub
  OWASP Domain Protect - prevent subdomain takeover
  ☆398Dec 23, 2024Updated last year
• SygniaLabs / security-cloud-scout

  View on GitHub
  ☆140Mar 29, 2023Updated 2 years ago