opendevsecops/guide-aws-hacking external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

opendevsecops/guide-aws-hacking

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/opendevsecops/guide-aws-hacking)

Close

opendevsecops / guide-aws-hackingView on GitHubMore

• External links
• Readme badge

This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.

☆174Mar 1, 2019Updated 7 years ago

Alternatives and similar repositories for guide-aws-hacking

Users that are interested in guide-aws-hacking are comparing it to the libraries listed below

• appsecco / using-docker-kubernetes-for-automating-appsec-and-osint-workflows

  View on GitHub
  Repository for all the workshop content delivered at nullcon X on 1st of March 2019
  ☆80Apr 4, 2019Updated 6 years ago
• JonathanWilbur / CVE-2018-19131

  View on GitHub
  Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate
  ☆19Nov 14, 2018Updated 7 years ago
• NetSPI / aws_consoler

  View on GitHub
  A utility to convert your AWS CLI credentials into AWS console access.
  ☆256May 7, 2020Updated 5 years ago
• center-for-threat-informed-defense / defending-iaas-with-attack

  View on GitHub
  Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…
  ☆14May 28, 2025Updated 9 months ago
• kmcquade / aws-security-scripts

  View on GitHub
  Some python scripts I wrote that help with various specialized AWS security things
  ☆10Jan 15, 2020Updated 6 years ago
• TactiFail / Metasploit-Plugins

  View on GitHub
  A collection of Metasploit plugins I have written for various reasons.
  ☆15Dec 5, 2020Updated 5 years ago
• wickett / lambhack

  View on GitHub
  A very vulnerable serverless application in AWS Lambda
  ☆98Oct 7, 2019Updated 6 years ago
• lkys37en / Lab-Automation

  View on GitHub
  Packer and vagrant scripts to automate building Windows and Linux machines on vCenter
  ☆17Jul 7, 2019Updated 6 years ago
• jordanpotti / guardduty-opsec

  View on GitHub
  Opsec considerations for each AWS GuardDuty finding type.
  ☆23Oct 29, 2020Updated 5 years ago
• dagrz / aws_pwn

  View on GitHub
  A collection of AWS penetration testing junk
  ☆1,220Aug 30, 2023Updated 2 years ago
• secdevops-cuse / CyberRange

  View on GitHub
  The Open-Source AWS Cyber Range
  ☆492Aug 16, 2020Updated 5 years ago
• synopsys-sig / tslint-angular-security

  View on GitHub
  TSLint rules for Angular
  ☆18Nov 30, 2018Updated 7 years ago
• SpenGietz / endgame-1

  View on GitHub
  An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share th…
  ☆14Feb 16, 2021Updated 5 years ago
• allfro / dotNetBeautifier

  View on GitHub
  A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __…
  ☆12Jun 29, 2015Updated 10 years ago
• NotSoSecure / cloud-service-enum

  View on GitHub
  ☆261Jun 28, 2024Updated last year
• pentestgeek / burpcommander

  View on GitHub
  Ruby command-line interface to Burp Suite's REST API
  ☆58Apr 1, 2020Updated 5 years ago
• jchrisfarris / detect-credential-compromise

  View on GitHub
  Cloudformation Template and Lambda to detect if Instance Profile credentials are being used outside your AWS Account.
  ☆29Aug 18, 2019Updated 6 years ago
• wrvenkat / burp-multistep-csrf-poc

  View on GitHub
  Burp extension to generate multi-step CSRF POC.
  ☆31Sep 23, 2019Updated 6 years ago
• m6a-UdS / dvca

  View on GitHub
  Damn Vulnerable Cloud Application
  ☆208Sep 12, 2018Updated 7 years ago
• RhinoSecurityLabs / cloudgoat

  View on GitHub
  CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  ☆3,487Feb 12, 2026Updated 2 weeks ago
• RedSiege / SqlClient

  View on GitHub
  POC for .NET mssql client for accessing database data through beacon
  ☆64Sep 12, 2023Updated 2 years ago
• slyd0g / SharpCrashEventLog

  View on GitHub
  C# port of LogServiceCrash
  ☆46Oct 7, 2020Updated 5 years ago
• torque59 / AWS-Vulnerable-Lambda

  View on GitHub
  An AWS Lambda vulnerable application written in flask.
  ☆49Oct 9, 2017Updated 8 years ago
• we45 / DVFaaS-Damn-Vulnerable-Functions-as-a-Service

  View on GitHub
  Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
  ☆136Dec 8, 2022Updated 3 years ago
• RUB-NDS / ikev1-psk-main-mode-dict-attacker

  View on GitHub
  Proof-of-Concept Dictionary Attacker against IKEv1 PSK in Main Mode
  ☆18Nov 28, 2019Updated 6 years ago
• MostafaSoliman / CVE-2017-6079-Blind-Command-Injection-In-Edgewater-Edgemarc-Devices-Exploit

  View on GitHub
  ☆18Sep 22, 2018Updated 7 years ago
• opendevsecops / lobby

  View on GitHub
  Welcome to OpenDevSecOps! Our mission is to deliver highly-resilient, readily-available and free defensive and offensive devops security …
  ☆21Jan 29, 2019Updated 7 years ago
• SummitRoute / aws_exposable_resources

  View on GitHub
  Resource types that can be publicly exposed on AWS
  ☆331Feb 23, 2022Updated 4 years ago
• tevora-threat / splunk_pentest_app

  View on GitHub
  splunk_pentest_app
  ☆50Apr 22, 2016Updated 9 years ago
• JavaPentesters / java_vul_target

  View on GitHub
  ☆28Oct 16, 2017Updated 8 years ago
• RiccardoAncarani / bloodhound-playbook

  View on GitHub
  Reproducible and extensible BloodHound playbooks
  ☆44Jan 20, 2020Updated 6 years ago
• pownjs / pown

  View on GitHub
  Pown.js is a security testing an exploitation toolkit built on top of Node.js and NPM.
  ☆261Apr 7, 2023Updated 2 years ago
• rmikehodges / hideNsneak

  View on GitHub
  a CLI for ephemeral penetration testing
  ☆16Dec 10, 2019Updated 6 years ago
• RhinoSecurityLabs / pacu

  View on GitHub
  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  ☆5,073Updated this week
• 3gstudent / Execute-CSharp-From-XSLT-TEST

  View on GitHub
  ☆16Apr 17, 2021Updated 4 years ago
• staz0t / exploits

  View on GitHub
  Exploits for some of the vulnerabilities I have discovered
  ☆19Aug 3, 2020Updated 5 years ago
• BishopFox / iam-vulnerable

  View on GitHub
  Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
  ☆550Sep 11, 2025Updated 5 months ago
• ropnop / serverless_toolkit

  View on GitHub
  A collection of useful Serverless functions I use when pentesting
  ☆391Dec 9, 2022Updated 3 years ago
• M507 / 6-Eyed-Spider

  View on GitHub
  Post-exploitation tool collects data going out and coming into the browser and makes use of it.
  ☆23Apr 22, 2022Updated 3 years ago