padok-team / yatasView external linksLinks
A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
☆337Dec 12, 2025Updated 2 months ago
Alternatives and similar repositories for yatas
Users that are interested in yatas are comparing it to the libraries listed below
Sorting:
- Automating situational awareness for cloud penetration tests.☆2,289Feb 5, 2026Updated last week
- Cloud Exploit Framework☆112May 11, 2022Updated 3 years ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆109Feb 16, 2024Updated last year
- cloudgrep is grep for cloud storage☆326Feb 26, 2025Updated 11 months ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆998Updated this week
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆113Nov 13, 2024Updated last year
- User enumeration and password spraying tool for testing Azure AD☆71Mar 3, 2022Updated 3 years ago
- GATOR - GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments☆89Jun 22, 2024Updated last year
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆674Jun 4, 2024Updated last year
- Create your own vulnerable by design AWS penetration testing playground☆433Feb 6, 2026Updated last week
- A simple tool that helps to find assets/domains based on the Google Analytics ID.☆179Jan 12, 2026Updated last month
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- A Python script that gathers all valid IP addresses from all text files from a directory, and checks them against Whois database, TOR rel…☆29Jun 27, 2022Updated 3 years ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆198Jan 6, 2026Updated last month
- Granular, Actionable Adversary Emulation for the Cloud☆2,252Feb 6, 2026Updated last week
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆282Nov 27, 2025Updated 2 months ago
- Collection of offensive tools targeting Microsoft Azure☆217Jan 18, 2023Updated 3 years ago
- A tool for quickly evaluating IAM permissions in AWS.☆1,539Aug 2, 2024Updated last year
- ☆109Feb 21, 2023Updated 2 years ago
- Zed Attack Proxy Scripts for finding CVEs and Secrets.☆128Jun 2, 2022Updated 3 years ago
- ☆160Jan 7, 2022Updated 4 years ago
- A wrapper around grep, to help you grep for things! - Improved version of gf by @tomnomnom.☆62Nov 17, 2023Updated 2 years ago
- EC2StepShell is an AWS post-exploitation tool for getting high privileges reverse shells in public or private EC2 instances.☆68Sep 20, 2024Updated last year
- Secrets scanner that understands code☆193Nov 2, 2023Updated 2 years ago
- Determine privileges from cloud credentials via brute-force testing.☆68Aug 22, 2024Updated last year
- GitHub Actions Pipeline Enumeration and Attack Tool☆726Sep 17, 2025Updated 4 months ago
- Kubernetes exploitation tool☆363Jul 26, 2024Updated last year
- A Azure Exploitation Toolkit for Red Team & Pentesters☆166May 6, 2023Updated 2 years ago
- CrackQL is a GraphQL password brute-force and fuzzing utility.☆346Aug 3, 2024Updated last year
- Proof of concept code for Datadog Security Labs referenced exploits.☆449Updated this week
- wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]☆57Mar 26, 2022Updated 3 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆749Dec 19, 2023Updated 2 years ago
- An AWS IAM policy statement parser and query tool.☆197Updated this week
- ☆12Oct 17, 2023Updated 2 years ago
- ☆51Jun 13, 2024Updated last year
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆975Jan 12, 2024Updated 2 years ago
- Deploy a SOCKS5 proxy in DigitalOcean and autoconfigure the Burp proxy settings to route all traffic through the droplet☆57Oct 23, 2024Updated last year
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,097Updated this week
- Awesome cloud enumerator☆1,092Mar 9, 2025Updated 11 months ago