offensive-actions / terraform-provider-statefile-rce
This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.
☆32Updated last week
Alternatives and similar repositories for terraform-provider-statefile-rce:
Users that are interested in terraform-provider-statefile-rce are comparing it to the libraries listed below
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆59Updated 8 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- ☆45Updated last month
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆37Updated 2 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆38Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆95Updated last month
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure☆46Updated 11 months ago
- ☆31Updated 4 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆128Updated 3 weeks ago
- A tool to uncover undocumented APIs from the AWS Console.☆91Updated 3 weeks ago
- ☆26Updated last month
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆30Updated 2 months ago
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆21Updated 3 months ago
- A PoC to Simulate Ransomware Attack on AWS Environment☆28Updated 2 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆83Updated this week
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆71Updated 10 months ago
- ☆156Updated 3 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆85Updated 11 months ago
- Repository to archive AWS Documentation for local use☆41Updated 2 months ago
- Determine privileges from cloud credentials via brute-force testing.☆64Updated 3 months ago
- ☆55Updated last year
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆35Updated 3 months ago
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆92Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆41Updated 4 months ago
- ☆171Updated 3 weeks ago
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆60Updated last month
- ☆24Updated last month
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆80Updated last week
- A full insecure kubernetes application for testing security tools☆63Updated last week
- Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for pre…☆45Updated last month