nccgroup / ConMachiLinks
Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container
☆106Updated 6 years ago
Alternatives and similar repositories for ConMachi
Users that are interested in ConMachi are comparing it to the libraries listed below
Sorting:
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 3 years ago
- ☆27Updated 2 weeks ago
- Kubernetes Pwnage for all☆57Updated 4 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Updated 3 years ago
- Pentester-focused Docker registry tool to enumerate and pull images☆108Updated 5 years ago
- ☆28Updated 4 years ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆41Updated last year
- ☆126Updated 10 months ago
- ☆110Updated last year
- Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.☆43Updated last year
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 3 years ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆118Updated last year
- Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/)☆88Updated 2 years ago
- sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.☆81Updated 3 years ago
- Protect against subdomain takeover☆92Updated last year
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆81Updated last year
- Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.☆161Updated last year
- Monitoring GitHub for sensitive data shared publicly☆66Updated 3 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆76Updated 5 years ago
- ☆57Updated 2 years ago
- An Evil OIDC Server☆53Updated 2 years ago
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆73Updated last year
- WAF bypass PoC☆47Updated last year
- A repository to store Rad Fingerprinting data.☆24Updated 10 months ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆50Updated 3 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- Terraform module which provides easy to configure AWS environment for running automated security scanning solutions at scheduled interval…☆46Updated 6 years ago
- ☆10Updated 3 years ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…☆70Updated 2 years ago