A curated list of Awesome Security Challenges.
β211Nov 6, 2024Updated last year
Alternatives and similar repositories for awesome-sec-challenges
Users that are interested in awesome-sec-challenges are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Cloud Commotion intends to cause chaos to simulate security incidentsβ149Jun 18, 2024Updated 2 years ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β141May 3, 2026Updated last month
- A cloud security tool to search and clean up unused AWS access keys, written in Go.β52Sep 2, 2022Updated 3 years ago
- β24Mar 20, 2023Updated 3 years ago
- β116Feb 11, 2026Updated 4 months ago
- Virtual machines for every use case on DigitalOcean β’ AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Create your own vulnerable by design AWS penetration testing playgroundβ457May 1, 2026Updated last month
- Autonomous AI C2β33Jul 23, 2024Updated last year
- Harness the security superpowers of your cloud asset inventoryβ11Sep 22, 2024Updated last year
- Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and sβ¦β463Dec 28, 2024Updated last year
- This repository provides a comprehensive collection of Pulumi scenarios utilized by cnappgoatβ22Jan 28, 2025Updated last year
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRFβ59Sep 20, 2023Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61May 15, 2023Updated 3 years ago
- Common Security Interview Questions with Answersβ31Jul 4, 2023Updated 2 years ago
- Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.β2,122Oct 1, 2025Updated 8 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securitβ¦β38Oct 17, 2024Updated last year
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environmentβ508Jun 27, 2025Updated last year
- β26May 22, 2026Updated last month
- β22Apr 17, 2023Updated 3 years ago
- An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)β132Jul 14, 2024Updated last year
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versionsβ¦β88Updated this week
- β¨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The β¦β295Feb 5, 2024Updated 2 years ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessmentsβ146Jan 2, 2025Updated last year
- Awesome secure by default libraries to help you eliminate bug classes!β708Dec 6, 2025Updated 6 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.β121Jun 17, 2026Updated last week
- Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWSβ¦β1,565Apr 3, 2026Updated 2 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.β184Dec 11, 2025Updated 6 months ago
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Pβ¦β140Jun 7, 2025Updated last year
- An active domain name query tool to help keep track of domain name movements...β16Mar 28, 2021Updated 5 years ago
- A GitHub Actions Supply Chain CTF / Goatβ27Apr 13, 2026Updated 2 months ago
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructureβ47Dec 29, 2023Updated 2 years ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and securβ¦β174Mar 11, 2026Updated 3 months ago
- Compares and analyzes GCP IAM roles.β78Mar 9, 2025Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits β’ AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Blogpost series showcasing interesting cloud - web app security bugsβ73May 27, 2026Updated last month
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ124Jun 20, 2026Updated last week
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.β295Sep 4, 2024Updated last year
- Public repository to provide guidance and examples for people to start learning IaC. This repository also contains some open-hack style lβ¦β24Jun 14, 2023Updated 3 years ago
- BOR - Break On Request, is a burp extension that provides a custom context menu for marking requests to be stopped by the interceptor witβ¦β13Nov 18, 2022Updated 3 years ago
- A PoC to Simulate Ransomware Attack on AWS Environmentβ33Oct 14, 2024Updated last year
- Scan publicly accessible assets on your AWS cloud environmentβ136Jan 14, 2026Updated 5 months ago