opendevsecops / guide-aws-hackingLinks
This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.
☆172Updated 6 years ago
Alternatives and similar repositories for guide-aws-hacking
Users that are interested in guide-aws-hacking are comparing it to the libraries listed below
Sorting:
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆135Updated 5 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆392Updated 5 years ago
- Search exposed EBS volumes for secrets☆302Updated 2 years ago
- A tool geared towards pentesting APIs using OpenAPI definitions.☆182Updated 2 years ago
- Pentesting/Bugbounty Dockerfiles.☆177Updated 4 years ago
- AWS S3 Bucket/Object Finder☆122Updated 4 years ago
- Damn Vulnerable Cloud Application☆199Updated 7 years ago
- Route53/CloudFront Vulnerability Assessment Utility☆86Updated 2 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆93Updated last year
- Find cloud assets that no one wants exposed 🔎 ☁️☆349Updated 5 years ago
- Amazon bucket brute force tool☆102Updated 12 years ago
- ☆259Updated last year
- 🏰 A Python script for AWS S3 bucket enumeration.☆146Updated 2 years ago
- Hands-On AWS Penetration Testing with Kali Linux published by Packt☆134Updated 2 years ago
- A tool for identifying misconfigured CloudFront domains☆359Updated 5 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.☆257Updated 2 months ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆106Updated last year
- These are the regexes that power truffleHog☆218Updated 2 years ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆536Updated 2 years ago
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆212Updated 11 months ago
- Some good resources for getting started with application security☆142Updated 4 years ago
- A place to store my own wordlists, and link to others that are useful☆107Updated last year
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆78Updated 3 years ago
- A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks☆148Updated 4 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated 2 years ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Clo…☆127Updated last week
- Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities☆136Updated 2 years ago
- FestIn - Open S3 Bucket Scanner☆232Updated 4 years ago
- Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…☆216Updated 5 years ago
- ☆276Updated 4 years ago