disruptops / cred_scanner
A simple file-based scanner to look for potential AWS access and secret keys in files
☆87Updated 6 months ago
Related projects: ⓘ
- Route53/CloudFront Vulnerability Assessment Utility☆83Updated last year
- A tool to enumerate S3 buckets manually or via certstream☆80Updated last year
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆74Updated 2 years ago
- Pivot into private VPC networks using a VPN connection☆40Updated 4 years ago
- A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.☆37Updated 6 years ago
- 'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.☆61Updated 5 years ago
- A Burp plugin to export findings to DefectDojo☆29Updated 10 months ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆107Updated 3 years ago
- AWS S3 Sensitive Data Search☆36Updated 2 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆81Updated 4 years ago
- Amazon bucket brute force tool☆95Updated 11 years ago
- Monitoring GitHub for sensitive data shared publicly☆66Updated 2 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆60Updated last year
- Tools for AWS forensics☆64Updated 8 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆37Updated 3 years ago
- A tool for testing objects' permissions in AWS buckets☆39Updated 3 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆132Updated 4 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆110Updated 5 years ago
- Scripts and tools for AWS Pentest☆51Updated 3 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- Scans a list of websites for Cloudfront or S3 Buckets☆104Updated 2 years ago
- Proof of Concept Zappa Based AWS Persistence and Attack Platform☆37Updated 4 years ago
- An AWS Lambda vulnerable application written in flask.☆48Updated 6 years ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆79Updated 4 years ago
- This command line tool counts the number of resources in different categories across Amazon regions.☆56Updated 4 years ago
- This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage clou…☆22Updated 4 years ago
- Burp Extension for AWS Signing☆85Updated 3 months ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆69Updated 3 years ago
- Updated incident response generator for training classes☆41Updated 3 years ago
- Jekyll Files for cloudsecwiki.com☆49Updated 3 years ago