Alternatives and similar repositories for AWS-Loot:

Users that are interested in AWS-Loot are comparing it to the libraries listed below

• saw-your-packet / EC2StepShell
  EC2StepShell is an AWS post-exploitation tool for getting high privileges reverse shells in public or private EC2 instances.
  ☆63Updated 7 months ago
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆67Updated 8 months ago
• zer1t0 / awsenum
  Enumerate AWS permissions and resources.
  ☆68Updated 2 years ago
• ayushpriya10 / IMDShift
  ☆55Updated last year
• iamavu / Slyther
  AWS Security Tool
  ☆30Updated last year
• nccgroup / cowcloud
  ☆57Updated last year
• RhinoSecurityLabs / CloudScraper
  CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
  ☆31Updated 3 years ago
• sebastian-mora / awsssome_phish
  AWS SSO serverless phishing API.
  ☆32Updated 3 years ago
• emgaurav / objectify-s3
  Objectify-s3 is a tool that recursively checks AWS S3 buckets and objects for misconfigured permissions.
  ☆15Updated 8 months ago
• nightwatchcybersecurity / gitbleed_tools
  ☆90Updated 3 years ago
• offensive-terraform / offensive-terraform.github.io
  Offensive Terraform Website
  ☆44Updated 4 years ago
• grines / scour
  ☆126Updated 9 months ago
• ghostsecurity / waf-btk
  WAF bypass PoC
  ☆47Updated last year
• adanalvarez / TrailGuard
  Tool to check the CloudTrail configuration and the services where trails are sent, to detect potential attacks to CloudTrail logging.
  ☆13Updated 10 months ago
• carlospolop / aws_iam_review
  ☆35Updated 3 weeks ago
• dibsy / Recipies-Of-A-Jenkins-Hacker
  Jenkins Security Research or Hacking Jenkins ;)
  ☆11Updated 4 months ago
• stephenbradshaw / aws_url_signer
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆58Updated last year
• hotnops / AWSRoleJuggler
  A toolset to juggle AWS roles for persistent access
  ☆56Updated 8 months ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆40Updated last year
• Frichetten / aws_api_shapeshifter
  A small library to alter AWS API requests; Used for fuzzing research
  ☆22Updated last year
• Macmod / STARS
  A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …
  ☆49Updated 2 years ago
• nccgroup / s3_objects_check
  Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
  ☆76Updated 3 years ago
• stafordtituss / HazProne
  HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…
  ☆39Updated 2 years ago
• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 3 years ago
• AnubisSec / GroovyWaiter
  ☆17Updated 2 years ago
• saw-your-packet / CloudShovel
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆106Updated 5 months ago
• sensepost / steampipe-plugin-projectdiscovery
  A steampipe plugin to query projectdiscovery.io tools.
  ☆26Updated 9 months ago
• hac01 / gcp-iam-brute
  ☆46Updated 10 months ago
• CyberSecArmy / AWS-Offensive-Exploitation---Pentesting
  This repository mainly focuses on various techniques, tools, frameworks and approach to perform offensive exploitation of AWS infrastruct…
  ☆11Updated 5 years ago
• doyensec / cloudsec-tidbits
  Blogpost series showcasing interesting cloud - web app security bugs
  ☆47Updated last year