opendevsecops / guide-aws-hackingLinks
This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.
☆172Updated 6 years ago
Alternatives and similar repositories for guide-aws-hacking
Users that are interested in guide-aws-hacking are comparing it to the libraries listed below
Sorting:
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆135Updated 5 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆392Updated 5 years ago
- Hands-On AWS Penetration Testing with Kali Linux published by Packt☆134Updated 2 years ago
- Damn Vulnerable Cloud Application☆199Updated 7 years ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆348Updated 5 years ago
- Search exposed EBS volumes for secrets☆300Updated 2 years ago
- Amazon bucket brute force tool☆102Updated 12 years ago
- Route53/CloudFront Vulnerability Assessment Utility☆86Updated 2 years ago
- AWS S3 Bucket/Object Finder☆121Updated 4 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆106Updated last year
- A simple file-based scanner to look for potential AWS access and secret keys in files☆93Updated last year
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.☆255Updated last month
- A tool geared towards pentesting APIs using OpenAPI definitions.☆181Updated 2 years ago
- Pentesting/Bugbounty Dockerfiles.☆177Updated 4 years ago
- These are the regexes that power truffleHog☆218Updated 2 years ago
- ☆259Updated last year
- 🏰 A Python script for AWS S3 bucket enumeration.☆145Updated 2 years ago
- A tool for identifying misconfigured CloudFront domains☆359Updated 5 years ago
- Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki☆212Updated 11 months ago
- ☆276Updated 3 years ago
- Brute force AWS bucket finder☆61Updated 2 years ago
- ☆81Updated 3 years ago
- barq: The AWS Cloud Post Exploitation framework!☆385Updated 2 years ago
- The Pixi module is a MEAN Stack web app with wildly insecure APIs!☆129Updated 2 years ago
- A tool to enumerate S3 buckets manually or via certstream☆82Updated 2 years ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆536Updated 2 years ago
- Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities☆136Updated 2 years ago
- vulnerable single sign on☆148Updated last year
- FestIn - Open S3 Bucket Scanner☆233Updated 4 years ago
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Clo…☆126Updated last year