Alternatives and similar repositories for terraform-deployment-pentesting:

Users that are interested in terraform-deployment-pentesting are comparing it to the libraries listed below

• somethingnew2-0 / SimpleCSPM
  GCP CSPM using Google Sheets
  ☆34Updated 8 months ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆75Updated 5 months ago
• shellcromancer / audit-log-wall-of-shame
  Audit log wall of shame.
  ☆41Updated 4 months ago
• carta / krang
  Knowledge Report Alert & Normalization Generator
  ☆27Updated 11 months ago
• jdyke / gcp-iam-analyzer
  Compares and analyzes GCP IAM roles.
  ☆77Updated 8 months ago
• Algbra-Labs-OSS / Chronicle
  ☆65Updated 9 months ago
• zmallen / cloudtrail2sightings
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆79Updated 2 years ago
• kpolley / slackurity
  Slack bot which promotes Defense in Depth/Zero Trust security practices
  ☆24Updated 2 years ago
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆82Updated last week
• cado-security / AWS_EKS_Cluster_Forensics
  AWS EKS Cluster Forensics
  ☆23Updated 3 years ago
• zenzora / awesome-gcpsec
  ☆14Updated 2 years ago
• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 3 years ago
• DataDog / workload-security-evaluator
  Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.
  ☆30Updated 4 months ago
• technologik / terraform_attack_automation
  Automation associated with our talk: Attacking and Defending Infrastructure with Terraform
  ☆16Updated 2 years ago
• allisonis / gcp-iam-sentinel-examples
  ☆28Updated 4 years ago
• jshlbrd / detection-engineering-pocket-guide
  pocket guide for core detection engineering concepts
  ☆27Updated last year
• disruptops / IncidentResponseGenerator
  Updated incident response generator for training classes
  ☆43Updated 3 years ago
• Hacking-the-Cloud / htc-ctfs
  Holds the public Hacking the Cloud CTFs.
  ☆54Updated 11 months ago
• devops-kung-fu / lucha
  A CLI that scans for sensitive data in source code
  ☆13Updated last year
• adanalvarez / HoneyTrail
  Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for pre…
  ☆48Updated 3 months ago
• prisma-cloud / IAMFinder
  IAMFinder enumerates and finds users and IAM roles in a target AWS account.
  ☆110Updated 4 years ago
• nccgroup / s3_objects_check
  Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
  ☆76Updated 2 years ago
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆60Updated last year
• vectra-ai-research / derf
  DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…
  ☆91Updated last year
• gojek / CureIAM
  Clean accounts over permissions in GCP infra at scale
  ☆71Updated last year
• domain-protect / domain-protect-gcp
  Protect against subdomain takeover
  ☆92Updated 8 months ago
• sebastian-mora / awsssome_phish
  AWS SSO serverless phishing API.
  ☆31Updated 3 years ago
• aquia-inc / aws-guardduty-runbook-generator
  Generates runbooks for GuardDuty findings
  ☆35Updated 7 months ago
• dxa4481 / gcploit
  These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
  ☆170Updated 2 weeks ago