andresriancho/nimbostratus external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

andresriancho/nimbostratus

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/andresriancho/nimbostratus)

Close

andresriancho / nimbostratusView on GitHubMore

• External links
• Readme badge

Tools for fingerprinting and exploiting Amazon cloud infrastructures

☆497Nov 10, 2022Updated 3 years ago

Alternatives and similar repositories for nimbostratus

Users that are interested in nimbostratus are comparing it to the libraries listed below

• dagrz / aws_pwn

  View on GitHub
  A collection of AWS penetration testing junk
  ☆1,220Aug 30, 2023Updated 2 years ago
• andresriancho / nimbostratus-target

  View on GitHub
  This repository holds a target infrastructure you can use for running the nimbostratus tools.
  ☆24Mar 9, 2015Updated 11 years ago
• RhinoSecurityLabs / Security-Research

  View on GitHub
  Exploits written by the Rhino Security Labs team
  ☆1,097Jan 23, 2021Updated 5 years ago
• carnal0wnage / weirdAAL

  View on GitHub
  WeirdAAL (AWS Attack Library)
  ☆837Jan 13, 2025Updated last year
• RhinoSecurityLabs / pacu

  View on GitHub
  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  ☆5,080Feb 24, 2026Updated last week
• VirtueSecurity / aws-extender

  View on GitHub
  AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.
  ☆256Feb 23, 2022Updated 4 years ago
• RhinoSecurityLabs / ccat

  View on GitHub
  Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  ☆645Nov 21, 2019Updated 6 years ago
• jordanpotti / CloudScraper

  View on GitHub
  CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
  ☆532Mar 7, 2022Updated 4 years ago
• andresriancho / enumerate-iam

  View on GitHub
  Enumerate the permissions associated with AWS credential set
  ☆1,222Feb 5, 2024Updated 2 years ago
• Voulnet / barq

  View on GitHub
  barq: The AWS Cloud Post Exploitation framework!
  ☆388Nov 19, 2022Updated 3 years ago
• nccgroup / PMapper

  View on GitHub
  A tool for quickly evaluating IAM permissions in AWS.
  ☆1,544Aug 2, 2024Updated last year
• securing / DumpsterDiver

  View on GitHub
  Tool to search secrets in various filetypes.
  ☆1,034Apr 25, 2023Updated 2 years ago
• jordanpotti / AWSBucketDump

  View on GitHub
  Security Tool to Look For Interesting Files in S3 Buckets
  ☆1,457Apr 10, 2024Updated last year
• RhinoSecurityLabs / AWS-IAM-Privilege-Escalation

  View on GitHub
  A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
  ☆924Jul 25, 2019Updated 6 years ago
• nccgroup / Scout2

  View on GitHub
  Security auditing tool for AWS environments
  ☆1,724Nov 28, 2018Updated 7 years ago
• RedSiege / WMImplant

  View on GitHub
  This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …
  ☆842Jun 25, 2024Updated last year
• prevade / cloudjack

  View on GitHub
  Route53/CloudFront Vulnerability Assessment Utility
  ☆86Sep 11, 2023Updated 2 years ago
• disruptops / cred_scanner

  View on GitHub
  A simple file-based scanner to look for potential AWS access and secret keys in files
  ☆95Mar 18, 2024Updated last year
• andresriancho / vpc-vpn-pivot

  View on GitHub
  Pivot into private VPC networks using a VPN connection
  ☆43Oct 8, 2019Updated 6 years ago
• Arno0x / WSC2

  View on GitHub
  A WebSocket C2 Tool
  ☆411Nov 24, 2017Updated 8 years ago
• FSecureLABS / Azurite

  View on GitHub
  Enumeration and reconnaissance activities in the Microsoft Azure Cloud.
  ☆254Feb 20, 2019Updated 7 years ago
• mdsecactivebreach / LinkedInt

  View on GitHub
  LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation
  ☆489May 23, 2023Updated 2 years ago
• FishermansEnemy / bucket_finder

  View on GitHub
  Amazon bucket brute force tool
  ☆102Jun 24, 2013Updated 12 years ago
• disruptops / assess_network

  View on GitHub
  Assess certain AWS network configurations
  ☆12Aug 22, 2018Updated 7 years ago
• silentsignal / burp-image-size

  View on GitHub
  Image size issues plugin for Burp Suite
  ☆95Jun 27, 2018Updated 7 years ago
• nccgroup / redsnarf

  View on GitHub
  RedSnarf is a pen-testing / red-teaming tool for Windows environments
  ☆1,213Sep 14, 2020Updated 5 years ago
• RhinoSecurityLabs / cloudgoat

  View on GitHub
  CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  ☆3,490Feb 12, 2026Updated 3 weeks ago
• Arno0x / DBC2

  View on GitHub
  DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any m…
  ☆306Oct 27, 2017Updated 8 years ago
• magoo / redteam-plan

  View on GitHub
  Issues to consider when planning a red team exercise.
  ☆615Aug 23, 2017Updated 8 years ago
• its-a-feature / Orchard

  View on GitHub
  JavaScript for Automation (JXA) tool to do Active Directory enumeration.
  ☆107Feb 19, 2022Updated 4 years ago
• vysecurity / RedTips

  View on GitHub
  Red Team Tips as posted by @vysecurity on Twitter
  ☆1,069Apr 26, 2020Updated 5 years ago
• nccgroup / Decoder-Improved

  View on GitHub
  Improved decoder for Burp Suite
  ☆138Aug 30, 2021Updated 4 years ago
• OpenSecurityResearch / CustomPassiveScanner

  View on GitHub
  A Custom Scanner for Burp
  ☆31Mar 26, 2014Updated 11 years ago
• threatexpress / domainhunter

  View on GitHub
  Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain name…
  ☆1,643Jun 6, 2024Updated last year
• P3GLEG / PwnBack

  View on GitHub
  Burp Extender plugin that generates a sitemap of a website using Wayback Machine
  ☆227May 8, 2018Updated 7 years ago
• duo-labs / cloudtracker

  View on GitHub
  CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  ☆907Dec 17, 2021Updated 4 years ago
• nccgroup / ScoutSuite

  View on GitHub
  Multi-Cloud Security Auditing Tool
  ☆7,562Sep 23, 2025Updated 5 months ago
• RhinoSecurityLabs / Cloud-Security-Research

  View on GitHub
  Cloud-related research releases from the Rhino Security Labs team.
  ☆392Apr 23, 2020Updated 5 years ago
• appsecco / spaces-finder

  View on GitHub
  A tool to hunt for publicly accessible DigitalOcean Spaces
  ☆156Jan 21, 2020Updated 6 years ago