Alternatives and similar repositories for cdk-goat

Users that are interested in cdk-goat are comparing it to the libraries listed below

• ReversecLabs / encap-attack

  View on GitHub
  Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.
  ☆23Aug 30, 2024Updated last year
• houey / awesome-service-control-policies

  View on GitHub
  Listing of resources for example AWS Service Control Policies (SCPs)
  ☆17Jan 10, 2024Updated 2 years ago
• GoogleCloudPlatform / assured-workloads-terraform

  View on GitHub
  ☆18Jul 30, 2024Updated last year
• Frichetten / ssm-agent-research

  View on GitHub
  This is a custom SSM agent which is sorta functional
  ☆17Jul 5, 2021Updated 4 years ago
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• domain-protect / domain-protect-gcp

  View on GitHub
  Protect against subdomain takeover
  ☆95Jul 20, 2025Updated 6 months ago
• Azure / azure-iac-workshop-content

  View on GitHub
  Public repository to provide guidance and examples for people to start learning IaC. This repository also contains some open-hack style l…
  ☆23Jun 14, 2023Updated 2 years ago
• CheckPointSW / charts

  View on GitHub
  Deploy Kubernetes Helm Charts for Check Point CloudGuard
  ☆19Oct 21, 2025Updated 3 months ago
• offensive-actions / azure-storage-reverse-shell

  View on GitHub
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆39Sep 25, 2024Updated last year
• gyrospectre / squyre

  View on GitHub
  Security Alert Decoration
  ☆27Jul 21, 2025Updated 6 months ago
• messypoutine / gravy-overflow

  View on GitHub
  A GitHub Actions Supply Chain CTF / Goat
  ☆27Jan 6, 2026Updated last month
• stephenbradshaw / aws_url_signer

  View on GitHub
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆59Sep 20, 2023Updated 2 years ago
• DuneGroup / ice-axe

  View on GitHub
  ☆23Sep 20, 2024Updated last year
• intrudir / burpcollaborator-docker

  View on GitHub
  A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…
  ☆30Nov 30, 2025Updated 2 months ago
• brandon-t-elliott / cve2epss

  View on GitHub
  A simple web app to get the latest EPSS data for a CVE ID
  ☆12Dec 14, 2025Updated 2 months ago
• javixeneize / zasca

  View on GitHub
  Yet Another SCA tool
  ☆13Nov 10, 2022Updated 3 years ago
• STIXProject / use-cases

  View on GitHub
  ☆13May 17, 2016Updated 9 years ago
• n0tspam / RunspaceLoader

  View on GitHub
  Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe
  ☆13Dec 11, 2023Updated 2 years ago
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• ly1g3 / Mailcow-CVE-2022-31245

  View on GitHub
  CVE-2022-31245: RCE and domain admin privilege escalation for Mailcow
  ☆12Jul 25, 2022Updated 3 years ago
• StateFarmIns / CLAWS

  View on GitHub
  This application was built to help reduce the amount of time it takes to review AWS Lambda code.
  ☆61Nov 11, 2024Updated last year
• ReversecLabs / IceKube

  View on GitHub
  ☆185Updated this week
• cji / talks

  View on GitHub
  Conference talk slides and code
  ☆11Aug 6, 2020Updated 5 years ago
• kmcquade / OWASP-YouTube-2021

  View on GitHub
  Deliberately vulnerable AWS resources for security assessment demos
  ☆32Aug 20, 2022Updated 3 years ago
• GoogleCloudPlatform / chaos-engineering

  View on GitHub
  Chaos Engineering recipes on the Google Cloud Platform
  ☆25Jan 22, 2026Updated 3 weeks ago
• MythicC2Profiles / httpx

  View on GitHub
  Configurable, Community driven, HTTP C2 Profile
  ☆27May 30, 2025Updated 8 months ago
• welldone-cloud / aws-scps-for-sandbox-and-training-accounts

  View on GitHub
  Collection of example Service Control Policies (SCPs) that are useful for sandbox and training AWS accounts.
  ☆161Dec 22, 2025Updated last month
• gradio-app / safehttpx

  View on GitHub
  ☆72Oct 24, 2025Updated 3 months ago
• cedowens / Helpful_aws-scripts

  View on GitHub
  python3 scripts to help with aws triage needs
  ☆15Feb 11, 2022Updated 4 years ago
• avishayil / cf-signer

  View on GitHub
  Tool for signing and verifying the integrity of CloudFormation templates
  ☆15Feb 16, 2023Updated 3 years ago
• DataDog / cloud-siem-aws-threat-emulation

  View on GitHub
  A guide to simplify the process of evaluating Datadog's Cloud SIEM security capabilities to detect AWS threats.
  ☆19Jul 24, 2023Updated 2 years ago
• cedowens / Terraform_DigitalOcean_Scripts

  View on GitHub
  Scripts to automate standing up C2 infra with firewall settings inside of DigitalOcean.
  ☆18Feb 5, 2021Updated 5 years ago
• BishopFox / cloudfoxable

  View on GitHub
  Create your own vulnerable by design AWS penetration testing playground
  ☆433Feb 6, 2026Updated last week
• tenable / hidden-services-revealer

  View on GitHub
  ☆39Aug 2, 2024Updated last year
• amjcyber / pwnlook

  View on GitHub
  An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails c…
  ☆166Oct 9, 2024Updated last year
• saw-your-packet / CloudShovel

  View on GitHub
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆113Nov 13, 2024Updated last year
• cedowens / aws-cli-notes

  View on GitHub
  A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…
  ☆19Mar 1, 2021Updated 4 years ago
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆80Jan 26, 2026Updated 3 weeks ago
• twilio-labs / gordon

  View on GitHub
  Gordon is status check Github app to enforce and validate about.yaml file specifications in a repository during pull requests to drive co…
  ☆20Feb 4, 2025Updated last year