Alternatives and similar repositories for cognito-scanner

Users that are interested in cognito-scanner are comparing it to the libraries listed below

• HarshVaragiya / aws-redteam-kit

  View on GitHub
  A PoC to Simulate Ransomware Attack on AWS Environment
  ☆32Oct 14, 2024Updated last year
• plerionhq / conditional-love

  View on GitHub
  An AWS metadata enumeration tool by Plerion
  ☆101Feb 12, 2024Updated 2 years ago
• jp-gouin / multi-cluster-supply-chain

  View on GitHub
  ☆16Jul 17, 2024Updated last year
• ovotech / cloud-key-rotator

  View on GitHub
  A Golang program to rotate AWS & GCP account keys
  ☆67May 12, 2025Updated 9 months ago
• saw-your-packet / CloudShovel

  View on GitHub
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆113Nov 13, 2024Updated last year
• GoogleCloudPlatform / assured-workloads-terraform

  View on GitHub
  ☆18Jul 30, 2024Updated last year
• BreakingMhet / honeyzure

  View on GitHub
  HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…
  ☆17Jun 11, 2024Updated last year
• offensive-actions / azure-storage-reverse-shell

  View on GitHub
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆39Sep 25, 2024Updated last year
• ReversecLabs / encap-attack

  View on GitHub
  Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.
  ☆23Aug 30, 2024Updated last year
• ncc-erik-steringer / Aerides

  View on GitHub
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Jan 18, 2022Updated 4 years ago
• welldone-cloud / aws-scps-for-sandbox-and-training-accounts

  View on GitHub
  Collection of example Service Control Policies (SCPs) that are useful for sandbox and training AWS accounts.
  ☆161Dec 22, 2025Updated last month
• hac01 / gcp-iam-brute

  View on GitHub
  ☆51Jun 13, 2024Updated last year
• NetSPI / gcpwn

  View on GitHub
  Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…
  ☆284May 16, 2025Updated 8 months ago
• jackadamson / CVE-2021-26700

  View on GitHub
  RCE in NPM VSCode Extension
  ☆20Apr 11, 2021Updated 4 years ago
• usdAG / FlowMate

  View on GitHub
  FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…
  ☆165Oct 28, 2025Updated 3 months ago
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated 11 months ago
• Permiso-io-tools / bucket-shield

  View on GitHub
  ☆14Jan 8, 2026Updated last month
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated 11 months ago
• padok-team / yatas

  View on GitHub
  A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
  ☆337Dec 12, 2025Updated 2 months ago
• Ry0taK / first-sequence-sync

  View on GitHub
  ☆35Jun 21, 2024Updated last year
• pruzko / hakuin

  View on GitHub
  A blazing fast and fully configurable Blind SQL Injection optimization and automation framework.
  ☆141Jun 7, 2025Updated 8 months ago
• awslabs / Chatbot-to-help-security-teams-perform-vulnerability-assessments

  View on GitHub
  ☆29Dec 26, 2025Updated last month
• christophetd / aws-sso-device-code-authentication

  View on GitHub
  ☆37Jun 9, 2021Updated 4 years ago
• Resourcely-Inc / cloud-guardrails

  View on GitHub
  Open-source best practices for protecting a secure, sensible cloud platform
  ☆129Oct 25, 2024Updated last year
• ortegaalfredo / crashbench

  View on GitHub
  Crashbench is a LLM benchmark to measure bug-finding and reporting capabilities of LLMs
  ☆14Jan 20, 2026Updated 3 weeks ago
• schwartz1375 / genai-essentials

  View on GitHub
  ☆28Jan 16, 2026Updated 3 weeks ago
• offensive-actions / terraform-provider-statefile-rce

  View on GitHub
  This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.
  ☆61Jan 25, 2025Updated last year
• n0jam / gcp-ctf-workshop

  View on GitHub
  ☆41Nov 29, 2024Updated last year
• ekristen / libnuke

  View on GitHub
  Common Golang Packages for use by the Various Cloud Nuke Tools
  ☆54Feb 3, 2026Updated last week
• federicodotta / semgrep-rules

  View on GitHub
  A collection of my Semgrep rules
  ☆51Jul 4, 2023Updated 2 years ago
• g0ldencybersec / CloudRecon

  View on GitHub
  ☆520Apr 29, 2024Updated last year
• Rezonate-io / github-oidc-checker

  View on GitHub
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆61May 15, 2023Updated 2 years ago
• doyensec / Prototype-Pollution-Gadgets-Finder

  View on GitHub
  ☆91Apr 29, 2024Updated last year
• trufflesecurity / WhoAmISlack

  View on GitHub
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆42Dec 12, 2023Updated 2 years ago
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆35Jan 25, 2026Updated 3 weeks ago
• widdix / aws-amicleaner

  View on GitHub
  To clean up your AWS AMIs: First, include AMIs by name or tag. Second, exclude AMIs in use, younger than N days, or the newest N images. …
  ☆36Updated this week
• righteousgambit / quiet-riot

  View on GitHub
  Unauthenticated enumeration of AWS, Azure, and GCP Principals
  ☆282Nov 27, 2025Updated 2 months ago
• mindedsecurity / semgrep-rules-android-security

  View on GitHub
  A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
  ☆317Nov 12, 2025Updated 3 months ago
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆339Feb 8, 2026Updated last week