opendevsecops / guide-aws-hackingLinks
This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.
☆174Updated 6 years ago
Alternatives and similar repositories for guide-aws-hacking
Users that are interested in guide-aws-hacking are comparing it to the libraries listed below
Sorting:
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆392Updated 5 years ago
- Search exposed EBS volumes for secrets☆302Updated 2 years ago
- Damn Vulnerable Cloud Application☆201Updated 7 years ago
- A tool geared towards pentesting APIs using OpenAPI definitions.☆182Updated 3 years ago
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.☆260Updated last week
- ☆259Updated last year
- These are the regexes that power truffleHog☆222Updated 3 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆109Updated 2 years ago
- Hands-On AWS Penetration Testing with Kali Linux published by Packt☆135Updated 2 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆93Updated last year
- A tool for identifying misconfigured CloudFront domains☆362Updated 5 years ago
- Amazon bucket brute force tool☆102Updated 12 years ago
- Pentesting/Bugbounty Dockerfiles.☆176Updated 4 years ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆350Updated 5 years ago
- AWS S3 Bucket/Object Finder☆122Updated 4 years ago
- Route53/CloudFront Vulnerability Assessment Utility☆87Updated 2 years ago
- Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities☆136Updated 3 years ago
- 🏰 A Python script for AWS S3 bucket enumeration.☆145Updated 3 years ago
- ☆276Updated 4 years ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆544Updated 2 years ago
- ☆83Updated 3 years ago
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆212Updated last year
- A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks☆148Updated 5 years ago
- FestIn - Open S3 Bucket Scanner☆232Updated 5 years ago
- Brute force AWS bucket finder☆61Updated 3 years ago
- barq: The AWS Cloud Post Exploitation framework!☆388Updated 3 years ago
- The Pixi module is a MEAN Stack web app with wildly insecure APIs!☆134Updated 3 years ago
- A collection of response templates for invalid bug bounty reports.☆90Updated 7 years ago
- a Damn Vulnerable Serverless Application☆545Updated 2 years ago