opendevsecops / guide-aws-hackingLinks
This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.
☆172Updated 6 years ago
Alternatives and similar repositories for guide-aws-hacking
Users that are interested in guide-aws-hacking are comparing it to the libraries listed below
Sorting:
- Search exposed EBS volumes for secrets☆298Updated 2 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- Damn Vulnerable Cloud Application☆193Updated 6 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆388Updated 5 years ago
- AWS S3 Bucket/Object Finder☆120Updated 3 years ago
- A tool for identifying misconfigured CloudFront domains☆357Updated 4 years ago
- A tool geared towards pentesting APIs using OpenAPI definitions.☆177Updated 2 years ago
- Amazon bucket brute force tool☆102Updated 11 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆92Updated last year
- Find cloud assets that no one wants exposed 🔎 ☁️☆345Updated 4 years ago
- Hands-On AWS Penetration Testing with Kali Linux published by Packt☆134Updated 2 years ago
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).☆122Updated 2 years ago
- ☆275Updated 3 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.☆250Updated last month
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆103Updated last year
- ☆250Updated 11 months ago
- 🏰 A Python script for AWS S3 bucket enumeration.☆144Updated 2 years ago
- Pentesting/Bugbounty Dockerfiles.☆177Updated 4 years ago
- Route53/CloudFront Vulnerability Assessment Utility☆86Updated last year
- A place to store my own wordlists, and link to others that are useful☆108Updated last year
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆520Updated 2 years ago
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆209Updated 7 months ago
- vulnerable single sign on☆147Updated 10 months ago
- The Pixi module is a MEAN Stack web app with wildly insecure APIs!☆126Updated 2 years ago
- Brute force AWS bucket finder☆61Updated 2 years ago
- Red Team Scripts for AWS.☆169Updated 4 years ago
- A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces☆75Updated 3 years ago
- S3 Account Search☆8Updated 8 months ago
- A Docker container for remote penetration testing.☆135Updated 4 years ago
- Various Payload wordlists☆236Updated last month