Alternatives and similar repositories for cloudtrail2sightings

Users that are interested in cloudtrail2sightings are comparing it to the libraries listed below

• kmcquade / OWASP-YouTube-2021

  View on GitHub
  Deliberately vulnerable AWS resources for security assessment demos
  ☆32Aug 20, 2022Updated 3 years ago
• invictus-ir / aws-cheatsheet

  View on GitHub
  A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
  ☆80Jan 6, 2026Updated last month
• grahamhelton / IMDSpoof

  View on GitHub
  IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.
  ☆106Nov 24, 2023Updated 2 years ago
• adanalvarez / TrailDiscover

  View on GitHub
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆172Updated this week
• easttimor / aws-incident-response

  View on GitHub
  ☆374Feb 23, 2024Updated last year
• awslabs / aws-security-analytics-bootstrap

  View on GitHub
  AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena a…
  ☆270Updated this week
• lmoratti / risky-records

  View on GitHub
  Given a list of domains and known IP and buckets that are owned, which might be susceptible to domain hijacking?
  ☆15Sep 20, 2024Updated last year
• primeharbor / aws-fast-fixes

  View on GitHub
  Scripts to quickly fix security and compliance issues
  ☆28Updated this week
• saw-your-packet / CloudShovel

  View on GitHub
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆113Nov 13, 2024Updated last year
• aquia-inc / aws-guardduty-runbook-generator

  View on GitHub
  Generates runbooks for GuardDuty findings
  ☆38Jun 24, 2024Updated last year
• StevenSmiley / aws-mine

  View on GitHub
  AWS honey token manager
  ☆89Aug 1, 2024Updated last year
• willbengtson / trailblazer-aws

  View on GitHub
  Blazing CloudTrail since 2018
  ☆138Jan 27, 2019Updated 7 years ago
• orcasecurity / orca-toolbox

  View on GitHub
  ☆124May 26, 2025Updated 8 months ago
• DataDog / managed-kubernetes-auditing-toolkit

  View on GitHub
  All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.
  ☆369Aug 1, 2025Updated 6 months ago
• disruptops / assess_network

  View on GitHub
  Assess certain AWS network configurations
  ☆12Aug 22, 2018Updated 7 years ago
• ReversecLabs / IAMSpy

  View on GitHub
  ☆228Jan 29, 2026Updated 2 weeks ago
• welldone-cloud / aws-summarize-account-activity

  View on GitHub
  Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well a…
  ☆165Dec 21, 2025Updated last month
• Permiso-io-tools / cloudtail

  View on GitHub
  ☆30Jan 13, 2026Updated last month
• GoogleCloudPlatform / active-assist

  View on GitHub
  ☆25Jun 27, 2024Updated last year
• DataDog / grimoire

  View on GitHub
  Generate datasets of cloud audit logs for common attacks
  ☆232Updated this week
• getcft / aws-cloudtrail-cf-template

  View on GitHub
  AWS CloudTrail CloudFormation template which creates KMS encryption keys, an encrypted S3 bucket, and enables CloudTrail
  ☆14May 26, 2024Updated last year
• Permiso-io-tools / DetentionDodger

  View on GitHub
  ☆18Jan 31, 2025Updated last year
• ovotech / cloud-key-rotator

  View on GitHub
  A Golang program to rotate AWS & GCP account keys
  ☆67May 12, 2025Updated 9 months ago
• StateFarmIns / CLAWS

  View on GitHub
  This application was built to help reduce the amount of time it takes to review AWS Lambda code.
  ☆61Nov 11, 2024Updated last year
• messypoutine / gravy-overflow

  View on GitHub
  A GitHub Actions Supply Chain CTF / Goat
  ☆27Jan 6, 2026Updated last month
• aws-samples / aws-customer-playbook-framework

  View on GitHub
  This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
  ☆647Updated this week
• offensive-actions / azure-storage-reverse-shell

  View on GitHub
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆39Sep 25, 2024Updated last year
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• runreveal / sigmalite

  View on GitHub
  ☆51Dec 13, 2025Updated 2 months ago
• tenable / access-undenied-aws

  View on GitHub
  Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. Open-s…
  ☆266Jan 26, 2023Updated 3 years ago
• ekristen / libnuke

  View on GitHub
  Common Golang Packages for use by the Various Cloud Nuke Tools
  ☆54Feb 3, 2026Updated last week
• vectra-ai-research / derf

  View on GitHub
  DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…
  ☆101Jan 12, 2024Updated 2 years ago
• awslabs / aws-cloudsaga

  View on GitHub
  AWS CloudSaga - Simulate security events in AWS
  ☆472Updated this week
• avishayil / cdk-goat

  View on GitHub
  Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
  ☆48Dec 29, 2023Updated 2 years ago
• RyanJarv / roles

  View on GitHub
  Unauthenticated enumeration of AWS IAM Roles.
  ☆26Sep 7, 2025Updated 5 months ago
• invictus-ir / Invictus-AWS

  View on GitHub
  A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …
  ☆198Jan 6, 2026Updated last month
• gemini-oss / starfleet

  View on GitHub
  Whole-infrastructure automation tooling for AWS
  ☆43Aug 22, 2025Updated 5 months ago
• houey / awesome-service-control-policies

  View on GitHub
  Listing of resources for example AWS Service Control Policies (SCPs)
  ☆17Jan 10, 2024Updated 2 years ago
• NorthfieldCreative / splunk-crowdstrike-event-queries

  View on GitHub
  ☆14Jan 2, 2025Updated last year