Alternatives and similar repositories for derf

Users that are interested in derf are comparing it to the libraries listed below

• Permiso-io-tools / LogLicker

  View on GitHub
  Tool for obfuscating and deobfuscating data.
  ☆75Mar 20, 2024Updated last year
• Algbra-Labs-OSS / Chronicle

  View on GitHub
  ☆65May 21, 2024Updated last year
• invictus-ir / ALFA

  View on GitHub
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆173Jan 30, 2026Updated 2 weeks ago
• tenable / cnappgoat

  View on GitHub
  CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.
  ☆293Sep 4, 2024Updated last year
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆338Updated this week
• iknowjason / edge

  View on GitHub
  Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
  ☆183Oct 9, 2025Updated 4 months ago
• elastic / SWAT

  View on GitHub
  ☆169Sep 30, 2025Updated 4 months ago
• cado-security / cloudgrep

  View on GitHub
  cloudgrep is grep for cloud storage
  ☆326Feb 26, 2025Updated 11 months ago
• KatTraxler / gcpdocs

  View on GitHub
  Repository to archive GCP Documentation for local use
  ☆16Feb 11, 2025Updated last year
• iknowjason / GHOSTSPlayground

  View on GitHub
  A small security playground implementation of GHOSTS User Simulation framework with an Active Directory deployment and Elastic.
  ☆20Jul 17, 2024Updated last year
• Permiso-io-tools / azure-activity-log-axe

  View on GitHub
  Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leve…
  ☆35Sep 6, 2024Updated last year
• ReversecLabs / IAMSpy

  View on GitHub
  ☆228Jan 29, 2026Updated 2 weeks ago
• adanalvarez / TrailDiscover

  View on GitHub
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆172Feb 8, 2026Updated last week
• zmallen / cloudtrail2sightings

  View on GitHub
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆82Jul 25, 2022Updated 3 years ago
• BishopFox / cloudfoxable

  View on GitHub
  Create your own vulnerable by design AWS penetration testing playground
  ☆433Updated this week
• Permiso-io-tools / CloudGrappler

  View on GitHub
  CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known…
  ☆265Nov 21, 2025Updated 2 months ago
• blackberry / Falco-bypasses

  View on GitHub
  Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
  ☆88Jan 28, 2024Updated 2 years ago
• iknowjason / AutomatedEmulation

  View on GitHub
  An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built f…
  ☆205Nov 23, 2025Updated 2 months ago
• Permiso-io-tools / cloudtail

  View on GitHub
  ☆30Jan 13, 2026Updated last month
• DataDog / whoAMI-scanner

  View on GitHub
  Scan your account for the use of untrusted AMIs
  ☆31Updated this week
• 0x4D31 / detection-and-response-pipeline

  View on GitHub
  ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …
  ☆289Feb 5, 2024Updated 2 years ago
• privateerproj / privateer

  View on GitHub
  Privateer is a plugin-based framework to validate the status of deployed resources.
  ☆17Feb 5, 2026Updated last week
• Permiso-io-tools / DetentionDodger

  View on GitHub
  ☆18Jan 31, 2025Updated last year
• Permiso-io-tools / bucket-shield

  View on GitHub
  ☆14Jan 8, 2026Updated last month
• hotnops / AzureScripts

  View on GitHub
  Random scripts for azure stuff
  ☆13Oct 12, 2022Updated 3 years ago
• caizencloud / caizen

  View on GitHub
  Harness the security superpowers of your cloud asset inventory
  ☆11Sep 22, 2024Updated last year
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated 11 months ago
• DataDog / workload-security-evaluator

  View on GitHub
  ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…
  ☆37Oct 17, 2024Updated last year
• trustoncloud / threatmodel-for-aws-s3

  View on GitHub
  Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
  ☆157Oct 2, 2023Updated 2 years ago
• google / localtoast

  View on GitHub
  ☆116Updated this week
• its-a-feature / HealthInspector

  View on GitHub
  JXA situational awareness helper by simply reading specific files on a filesystem
  ☆82Feb 18, 2022Updated 3 years ago
• orcasecurity / orca-toolbox

  View on GitHub
  ☆124May 26, 2025Updated 8 months ago
• righteousgambit / quiet-riot

  View on GitHub
  Unauthenticated enumeration of AWS, Azure, and GCP Principals
  ☆282Nov 27, 2025Updated 2 months ago
• google / cloud-forensics-utils

  View on GitHub
  Python library to carry out DFIR analysis on the Cloud
  ☆499Oct 8, 2025Updated 4 months ago
• mvelazc0 / BadZure

  View on GitHub
  BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…
  ☆485Updated this week
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• RhinoSecurityLabs / IAMActionHunter

  View on GitHub
  An AWS IAM policy statement parser and query tool.
  ☆197Updated this week
• tenable / hidden-services-revealer

  View on GitHub
  ☆39Aug 2, 2024Updated last year
• Permiso-io-tools / SkyScalpel

  View on GitHub
  ☆46Nov 7, 2024Updated last year