Alternatives and similar repositories for cis-benchmarks:

Users that are interested in cis-benchmarks are comparing it to the libraries listed below

• vmware-labs / attack-surface-framework
  Tool to discover external and internal network attack surface
  ☆193Updated 7 months ago
• NotSoSecure / cloud-sec-wiki
  Jekyll Files for cloudsecwiki.com
  ☆50Updated 3 years ago
• gand3lf / semgrepper
  An extension to use Semgrep inside Burp Suite.
  ☆88Updated last year
• PortSwigger / nuclei-burp-integration
  Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.
  ☆27Updated last year
• GovTech-CSG / Autowasp
  BurpSuite Extension: A one-stop pen testing checklist and logger tool
  ☆75Updated 2 years ago
• JOSHUAJEBARAJ / GCP-GOAT
  GCP GOAT is the vulnerable application for learn the GCP Security
  ☆63Updated last year
• lightspin-tech / lightspin-2022-top-7-attack-paths
  Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a …
  ☆39Updated 2 years ago
• cyware-labs / Threat-Response-Docker
  ☆41Updated 2 years ago
• bcoles / jira_scan
  A simple remote scanner for Atlassian Jira
  ☆120Updated last year
• Static-Flow / CloudCopy
  This tool implements a cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapsho…
  ☆120Updated 5 years ago
• vengatesh-nagarajan / Cloud-pentest
  Resources to learn cloud environment and pentesting the same, contains AWS, Azure, Google Cloud
  ☆50Updated 2 years ago
• projectdiscovery / network-fingerprint
  A fingerprint generation helper for nuclei network templates
  ☆72Updated 2 years ago
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆64Updated 4 months ago
• mhaskar / Bughound
  Static code analysis tool based on Elasticsearch
  ☆129Updated 3 years ago
• righettod / log4shell-analysis
  Contains all my research and content produced regarding the log4shell vulnerability
  ☆31Updated 2 years ago
• prjblk / nessus-database-export
  Script to export Nessus results to a relational database for use in reports, analysis, or whatever else.
  ☆64Updated 4 years ago
• carlospolop / Cloudtrail2IAM
  ☆20Updated last year
• righel / log4shell_nse
  nse script to inject jndi payloads
  ☆45Updated 3 years ago
• mandiant / heyserial
  Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, an…
  ☆142Updated last year
• SygniaLabs / security-cloud-scout
  ☆133Updated last year
• NetSPI / aws_consoler
  A utility to convert your AWS CLI credentials into AWS console access.
  ☆231Updated 4 years ago
• NicholasSpringer / thunder-ctf
  GCP cloud security CTF
  ☆42Updated 10 months ago
• OWASP / www-project-cloud-native-application-security-top-10
  OWASP Foundation Web Respository
  ☆34Updated 4 months ago
• vortexau / cdn
  Compiles a list of major CDN and WAF subnets.
  ☆63Updated this week
• thelicato / fire
  Take domains on stdin and output them on stdout if they get resolved
  ☆33Updated 2 years ago
• nccgroup / cowcloud
  ☆58Updated last year
• nccgroup / ccs
  ☆110Updated last year
• darkarnium / Log4j-CVE-Detect
  Detections for CVE-2021-44228 inside of nested binaries
  ☆34Updated 3 years ago