brompwnie / botb

Related projects: ⓘ

• inguardians / peirates
  Peirates - Kubernetes Penetration Testing tool
  ☆1,206Updated last week
• cyberark / kubesploit
  Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized en…
  ☆1,112Updated 2 months ago
• raesene / kube_security_lab
  ☆230Updated last week
• RhinoSecurityLabs / ccat
  Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  ☆583Updated 4 years ago
• RhinoSecurityLabs / Cloud-Security-Research
  Cloud-related research releases from the Rhino Security Labs team.
  ☆350Updated 4 years ago
• quarkslab / kdigger
  Kubernetes focused container assessment and context discovery tool for penetration testing
  ☆427Updated 3 months ago
• PaloAltoNetworks / rbac-police
  Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
  ☆331Updated 8 months ago
• madhuakula / hacker-container
  The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Conta…
  ☆260Updated last year
• BishopFox / badPods
  A collection of manifests that will create pods with elevated privileges.
  ☆580Updated 2 years ago
• cyberark / KubiScan
  A tool to scan Kubernetes cluster for risky permissions
  ☆1,311Updated 2 months ago
• carnal0wnage / weirdAAL
  WeirdAAL (AWS Attack Library)
  ☆773Updated last year
• cyberark / kubernetes-rbac-audit
  Tool for auditing RBACs in Kubernetes
  ☆212Updated 7 months ago
• DockerSecurityPlayground / DSP
  A Microservices-based framework for the study of Network Security and Penetration Test techniques
  ☆570Updated 11 months ago
• imperva / automatic-api-attack-tool
  Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…
  ☆451Updated last year
• WithSecureLabs / leonidas
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆470Updated 2 weeks ago
• DataDog / security-labs-pocs
  Proof of concept code for Datadog Security Labs referenced exploits.
  ☆417Updated 11 months ago
• stealthcopter / deepce
  Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
  ☆1,176Updated 3 months ago
• projectdiscovery / cloudlist
  Cloudlist is a tool for listing Assets from multiple Cloud Providers.
  ☆840Updated this week
• nccgroup / sadcloud
  A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure
  ☆644Updated 11 months ago
• josehelps / git-wild-hunt
  A tool to hunt for credentials in github wild AKA git*hunt
  ☆291Updated last year
• Accenture / jenkins-attack-framework
  ☆554Updated 3 years ago
• BishopFox / smogcloud
  Find cloud assets that no one wants exposed 🔎 ☁️
  ☆330Updated 4 years ago
• RhinoSecurityLabs / GCPBucketBrute
  A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
  ☆476Updated last year
• andresriancho / enumerate-iam
  Enumerate the permissions associated with AWS credential set
  ☆1,073Updated 7 months ago
• vchinnipilli / kubestriker
  A Blazing fast Security Auditing tool for Kubernetes
  ☆985Updated 5 months ago
• RhinoSecurityLabs / Security-Research
  Exploits written by the Rhino Security Labs team
  ☆1,053Updated 3 years ago
• visma-prodsec / confused
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆684Updated last month
• appsecco / attacking-and-auditing-docker-containers-and-kubernetes-clusters
  ☆514Updated this week
• aquasecurity / docker-bench
  Checks whether Docker is deployed according to security best practices as defined in the CIS Docker Benchmark
  ☆207Updated 5 months ago
• michelin / ChopChop
  ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
  ☆667Updated 11 months ago