This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.
☆174Mar 1, 2019Updated 7 years ago
Alternatives and similar repositories for guide-aws-hacking
Users that are interested in guide-aws-hacking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Some python scripts I wrote that help with various specialized AWS security things☆10Jan 15, 2020Updated 6 years ago
- Repository for all the workshop content delivered at nullcon X on 1st of March 2019☆80Apr 4, 2019Updated 7 years ago
- Burp extension to generate multi-step CSRF POC.☆30Sep 23, 2019Updated 6 years ago
- An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share th…☆14Feb 16, 2021Updated 5 years ago
- A very vulnerable serverless application in AWS Lambda☆98Oct 7, 2019Updated 6 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A utility to convert your AWS CLI credentials into AWS console access.☆261May 7, 2020Updated 5 years ago
- Cloudformation Template and Lambda to detect if Instance Profile credentials are being used outside your AWS Account.☆29Aug 18, 2019Updated 6 years ago
- The Open-Source AWS Cyber Range☆494Aug 16, 2020Updated 5 years ago
- A collection of AWS penetration testing junk☆1,224Aug 30, 2023Updated 2 years ago
- A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __…☆12Jun 29, 2015Updated 10 years ago
- ☆264Jun 28, 2024Updated last year
- Deliberately vulnerable AWS resources for security assessment demos☆32Aug 20, 2022Updated 3 years ago
- Opsec considerations for each AWS GuardDuty finding type.☆24Oct 29, 2020Updated 5 years ago
- Docker container for Zachary Rice Gitleaks☆20Aug 16, 2019Updated 6 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- AWS CloudTrail CloudFormation template which creates KMS encryption keys, an encrypted S3 bucket, and enables CloudTrail☆14May 26, 2024Updated last year
- Configure AWS accounts for CloudTrail, Root Account Usage Monitor.☆13Aug 24, 2015Updated 10 years ago
- TSLint rules for Angular☆18Nov 30, 2018Updated 7 years ago
- Welcome to OpenDevSecOps! Our mission is to deliver highly-resilient, readily-available and free defensive and offensive devops security …☆21Jan 29, 2019Updated 7 years ago
- A powerful target reconnaissance framework powered by graph theory.☆420Oct 21, 2022Updated 3 years ago
- Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities☆136Dec 8, 2022Updated 3 years ago
- A list of questions that can be asked during an interview for a cloud architect position.☆11Nov 27, 2021Updated 4 years ago
- Resource types that can be publicly exposed on AWS☆331Feb 23, 2022Updated 4 years ago
- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool☆3,554Updated this week
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Packer and vagrant scripts to automate building Windows and Linux machines on vCenter☆17Jul 7, 2019Updated 6 years ago
- ThreadsApp is a web application built with a purpose of helping people learn web application security.☆17Nov 22, 2024Updated last year
- Watch CloudTrail and send notifications of every action to an slack channel.☆13Jun 15, 2018Updated 7 years ago
- Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate☆19Nov 14, 2018Updated 7 years ago
- C# port of LogServiceCrash☆46Oct 7, 2020Updated 5 years ago
- Pown.js is a security testing an exploitation toolkit built on top of Node.js and NPM.☆262Apr 7, 2023Updated 3 years ago
- Store the ATD/openapi/protobuf/... interfaces between semgrep components☆18Apr 22, 2026Updated last week
- OWASP Foundation Web Respository☆37Oct 3, 2025Updated 6 months ago
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆5,166Updated this week
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆20Jan 12, 2022Updated 4 years ago
- A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.☆927Jul 25, 2019Updated 6 years ago
- An AWS Lambda vulnerable application written in flask.☆49Oct 9, 2017Updated 8 years ago
- AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, …☆45Mar 5, 2021Updated 5 years ago
- Pown Proxy is a versatile web application security testing proxy with cool TUI features.☆60May 16, 2019Updated 6 years ago
- Blazing CloudTrail since 2018☆138Jan 27, 2019Updated 7 years ago
- Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…☆14May 28, 2025Updated 11 months ago