stephenbradshaw / aws_url_signerView external linksLinks
POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
☆59Sep 20, 2023Updated 2 years ago
Alternatives and similar repositories for aws_url_signer
Users that are interested in aws_url_signer are comparing it to the libraries listed below
Sorting:
- ☆18Jul 30, 2024Updated last year
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆282Nov 27, 2025Updated 2 months ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆39Sep 25, 2024Updated last year
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆61Nov 11, 2024Updated last year
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆23Aug 30, 2024Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61May 15, 2023Updated 2 years ago
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints☆121Jul 13, 2025Updated 7 months ago
- A collection of documented and undocumented AWS API models☆53Nov 21, 2025Updated 2 months ago
- AWS Testing and Reporting Management Tool☆20Jan 23, 2023Updated 3 years ago
- Public repository to provide guidance and examples for people to start learning IaC. This repository also contains some open-hack style l…☆23Jun 14, 2023Updated 2 years ago
- Clean accounts over permissions in GCP infra at scale☆71May 9, 2023Updated 2 years ago
- Harness the security superpowers of your cloud asset inventory☆11Sep 22, 2024Updated last year
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Oct 17, 2024Updated last year
- A GitHub Actions Supply Chain CTF / Goat☆27Jan 6, 2026Updated last month
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- ☆39Aug 2, 2024Updated last year
- ☆41Nov 29, 2024Updated last year
- Tools for attacking Azure Function Apps☆88Oct 28, 2025Updated 3 months ago
- ☆185Updated this week
- Repository with supporting materials for Invictus Academy/Training☆44Jan 3, 2025Updated last year
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure☆48Dec 29, 2023Updated 2 years ago
- CloudSplaining on AWS Managed Policies☆44Sep 8, 2025Updated 5 months ago
- Proof-of-Concept to evade auditd by tampering via ptrace☆18Aug 3, 2023Updated 2 years ago
- A Python script to authenticate and test access to Google Cloud Platform (GCP) resources.☆18Jan 31, 2024Updated 2 years ago
- A PoC to Simulate Ransomware Attack on AWS Environment☆32Oct 14, 2024Updated last year
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆284May 16, 2025Updated 9 months ago
- ☆71Jan 8, 2025Updated last year
- Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure☆15Jan 23, 2025Updated last year
- ☆47Jan 31, 2024Updated 2 years ago
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆51Nov 12, 2024Updated last year
- Blogpost series showcasing interesting cloud - web app security bugs☆49Jun 13, 2023Updated 2 years ago
- ☆51Jun 13, 2024Updated last year
- Protect against subdomain takeover☆95Jul 20, 2025Updated 6 months ago
- AWS STS token decoder☆46Mar 18, 2025Updated 10 months ago
- Lightspin AWS IAM Vulnerability Scanner☆94Mar 28, 2021Updated 4 years ago
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆60Feb 8, 2026Updated last week
- Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).☆143May 1, 2025Updated 9 months ago
- Session Hijacking Visual Exploitation☆210Mar 7, 2024Updated last year