opendevsecops/guide-aws-hacking external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

opendevsecops/guide-aws-hacking

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/opendevsecops/guide-aws-hacking)

Close

opendevsecops / guide-aws-hackingView on GitHubMore

• External links
• Readme badge

This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.

☆174Mar 1, 2019Updated 7 years ago

Alternatives and similar repositories for guide-aws-hacking

Users that are interested in guide-aws-hacking are comparing it to the libraries listed below

• kmcquade / aws-security-scripts

  View on GitHub
  Some python scripts I wrote that help with various specialized AWS security things
  ☆10Jan 15, 2020Updated 6 years ago
• appsecco / using-docker-kubernetes-for-automating-appsec-and-osint-workflows

  View on GitHub
  Repository for all the workshop content delivered at nullcon X on 1st of March 2019
  ☆80Apr 4, 2019Updated 6 years ago
• wrvenkat / burp-multistep-csrf-poc

  View on GitHub
  Burp extension to generate multi-step CSRF POC.
  ☆31Sep 23, 2019Updated 6 years ago
• SpenGietz / endgame-1

  View on GitHub
  An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share th…
  ☆14Feb 16, 2021Updated 5 years ago
• wickett / lambhack

  View on GitHub
  A very vulnerable serverless application in AWS Lambda
  ☆98Oct 7, 2019Updated 6 years ago
• NetSPI / aws_consoler

  View on GitHub
  A utility to convert your AWS CLI credentials into AWS console access.
  ☆257May 7, 2020Updated 5 years ago
• jchrisfarris / detect-credential-compromise

  View on GitHub
  Cloudformation Template and Lambda to detect if Instance Profile credentials are being used outside your AWS Account.
  ☆29Aug 18, 2019Updated 6 years ago
• secdevops-cuse / CyberRange

  View on GitHub
  The Open-Source AWS Cyber Range
  ☆493Aug 16, 2020Updated 5 years ago
• allfro / dotNetBeautifier

  View on GitHub
  A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __…
  ☆12Jun 29, 2015Updated 10 years ago
• dagrz / aws_pwn

  View on GitHub
  A collection of AWS penetration testing junk
  ☆1,221Aug 30, 2023Updated 2 years ago
• NotSoSecure / cloud-service-enum

  View on GitHub
  ☆261Jun 28, 2024Updated last year
• jordanpotti / guardduty-opsec

  View on GitHub
  Opsec considerations for each AWS GuardDuty finding type.
  ☆23Oct 29, 2020Updated 5 years ago
• kmcquade / OWASP-YouTube-2021

  View on GitHub
  Deliberately vulnerable AWS resources for security assessment demos
  ☆32Aug 20, 2022Updated 3 years ago
• opendevsecops / docker-gitleaks

  View on GitHub
  Docker container for Zachary Rice Gitleaks
  ☆20Aug 16, 2019Updated 6 years ago
• getcft / aws-cloudtrail-cf-template

  View on GitHub
  AWS CloudTrail CloudFormation template which creates KMS encryption keys, an encrypted S3 bucket, and enables CloudTrail
  ☆14May 26, 2024Updated last year
• KKBOX / aws_configurer

  View on GitHub
  Configure AWS accounts for CloudTrail, Root Account Usage Monitor.
  ☆13Aug 24, 2015Updated 10 years ago
• synopsys-sig / tslint-angular-security

  View on GitHub
  TSLint rules for Angular
  ☆18Nov 30, 2018Updated 7 years ago
• opendevsecops / lobby

  View on GitHub
  Welcome to OpenDevSecOps! Our mission is to deliver highly-resilient, readily-available and free defensive and offensive devops security …
  ☆21Jan 29, 2019Updated 7 years ago
• pownjs / recon

  View on GitHub
  A powerful target reconnaissance framework powered by graph theory.
  ☆420Oct 21, 2022Updated 3 years ago
• we45 / DVFaaS-Damn-Vulnerable-Functions-as-a-Service

  View on GitHub
  Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
  ☆136Dec 8, 2022Updated 3 years ago
• bdicroce / cloud-architect-interview-questions

  View on GitHub
  A list of questions that can be asked during an interview for a cloud architect position.
  ☆11Nov 27, 2021Updated 4 years ago
• RhinoSecurityLabs / cloudgoat

  View on GitHub
  CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  ☆3,510Updated this week
• SummitRoute / aws_exposable_resources

  View on GitHub
  Resource types that can be publicly exposed on AWS
  ☆331Feb 23, 2022Updated 4 years ago
• lkys37en / Lab-Automation

  View on GitHub
  Packer and vagrant scripts to automate building Windows and Linux machines on vCenter
  ☆17Jul 7, 2019Updated 6 years ago
• enciphers-team / ThreadsApp

  View on GitHub
  ThreadsApp is a web application built with a purpose of helping people learn web application security.
  ☆17Nov 22, 2024Updated last year
• JonathanWilbur / CVE-2018-19131

  View on GitHub
  Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate
  ☆19Nov 14, 2018Updated 7 years ago
• auth0 / cloudtrail-slack

  View on GitHub
  Watch CloudTrail and send notifications of every action to an slack channel.
  ☆13Jun 15, 2018Updated 7 years ago
• slyd0g / SharpCrashEventLog

  View on GitHub
  C# port of LogServiceCrash
  ☆46Oct 7, 2020Updated 5 years ago
• pownjs / pown

  View on GitHub
  Pown.js is a security testing an exploitation toolkit built on top of Node.js and NPM.
  ☆261Apr 7, 2023Updated 2 years ago
• semgrep / semgrep-interfaces

  View on GitHub
  Store the ATD/openapi/protobuf/... interfaces between semgrep components
  ☆18Mar 13, 2026Updated last week
• opendevsecops / terraform-aws-scanner

  View on GitHub
  Terraform module which provides easy to configure AWS environment for running automated security scanning solutions at scheduled interval…
  ☆46Jan 29, 2019Updated 7 years ago
• OWASP / www-project-cloud-native-application-security-top-10

  View on GitHub
  OWASP Foundation Web Respository
  ☆37Oct 3, 2025Updated 5 months ago
• RhinoSecurityLabs / pacu

  View on GitHub
  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  ☆5,097Updated this week
• RhinoSecurityLabs / AWS-IAM-Privilege-Escalation

  View on GitHub
  A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
  ☆923Jul 25, 2019Updated 6 years ago
• Kloudle / pentesting-ibm-cloud

  View on GitHub
  ☆20Jan 12, 2022Updated 4 years ago
• torque59 / AWS-Vulnerable-Lambda

  View on GitHub
  An AWS Lambda vulnerable application written in flask.
  ☆49Oct 9, 2017Updated 8 years ago
• blackbotsecurity / AWS-Attack

  View on GitHub
  AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, …
  ☆45Mar 5, 2021Updated 5 years ago
• pownjs / proxy

  View on GitHub
  Pown Proxy is a versatile web application security testing proxy with cool TUI features.
  ☆60May 16, 2019Updated 6 years ago
• center-for-threat-informed-defense / defending-iaas-with-attack

  View on GitHub
  Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…
  ☆14May 28, 2025Updated 9 months ago