Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



66 Commits

Repository files navigation


Awesome list for cloud (mostly AWS at the moment), security, pentesting related projects and libraries.

NOTE: This isn't an endorsement of any of these projects. I'm mostly using this as a way to keep track of interesting projects I come across.



Other Awesome Lists

Offensive Security

  • pacu -- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • liquidswards -- Discover and maintain access to IAM roles.
  • aws_pwn -- A collection of AWS penetration testing junk.
  • IAMFinder -- Enumerates and finds users and IAM roles in a target AWS account.
  • enumerate-iam -- Brute force enumeration of permissions associated with AWS credential set.
  • endgame -- An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet ๐Ÿ˜ˆ
  • WeirdAAL -- WeirdAAL (AWS Attack Library)
  • marionett -- Example of how an attacker might swap user data temporarily to execute arbitrary commands.

Infrastructure as Code (IaC)

  • terraformer -- CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • former2 -- Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.

General Utilities

  • coldsnap -- A command line interface for Amazon EBS snapshots
  • lsh -- Run interactive shell commands on AWS Lambda
  • dsnap -- Utility for downloading and mounting EBS snapshots using the EBS Direct API's
  • cognitocurl -- ๐Ÿฆ‰๐Ÿค–Easily sign curl calls to API Gateway with Cognito authorization token.
  • Offline Web Console's
    • ScoutSuite -- Multi-Cloud Security Auditing Tool
  • Resource analysis

Resource DBs

  • steampipe -- The extensible SQL interface to your favorite cloud APIs.
  • introspector -- A schema and set of tools for using SQL to query cloud infrastructure
  • cartography -- Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
  • cloudquery -- cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.

Visual Resource Graphing

  • cloudsplaining -- Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
  • cloudiscovery -- Discover resources in the cloud environment.
  • cloudmapper -- Analyze your Amazon Web Services (AWS) environments
    • Note: Takes advantage of existing botocore definitions for discovery.
  • hammer -- Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
  • cloudscout -- Identify and visualize cross platform attack paths, vulnerabilities, and enhance overall resilience.

Linting/Static Analysis


  • rpCheckup -- rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
  • prowler -- Best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
  • AWS Config -- Lambda's that analyze resource state and changes, primarily in AWS but extensible
  • cloudsploit -- Cloud Security Posture Management (CSPM)
  • smogcloud -- Find cloud assets that no one wants exposed ๐Ÿ”Ž โ˜๏ธ

Least privilege

  • policy_sentry -- IAM Least Privilege Policy Generator.
  • repokid -- IAM least privilege service
  • cloudtracker -- Finds over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  • iamlive -- Generate a basic IAM policy from AWS client-side monitoring (CSM)
  • aws-leastprivilege -- Generates an IAM policy for the CloudFormation service role that adheres to least privilege.


  • cloudjack -- Route53/CloudFront Vulnerability Assessment Utility

Vulnerable by design

  • cloudgoat -- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  • terragoat -- TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.


  • shimit -- A tool that implements the Golden SAML attack


  • subfinder -- Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Subdomain Enumeration

  • ctfr -- Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Subdomain Takeover

  • subdover -- Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
  • cloudjack -- Route53/CloudFront Vulnerability Assessment Utility
  • can-i-take-over-xyz -- "Can I take over XYZ?" โ€” a list of services and how to claim (sub)domains with dangling DNS records.
  • takeover -- Sub-Domain TakeOver Vulnerability Scanner
  • SubOver -- A Powerful Subdomain Takeover Tool


  • cheatsheet
  • kube-hunter -- Hunt for security weaknesses in Kubernetes clusters
  • kubeaudit -- kubeaudit helps you audit your Kubernetes clusters against common security controls
  • kubiscan -- A tool to scan Kubernetes cluster for risky permissions
  • kubesploit -- Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
  • kubernetes-rbac-audit -- Tool for auditing RBACs in Kubernetes
  • peirates -- Peirates - Kubernetes Penetration Testing tool
  • cheatsheet -- Kubernetes Cheat Sheet โ€“ 15 Kubectl Commands & Objects


  • pydevops -- gcp gcloud cheat sheet
  • GCP-IAM-Privilege-Escalation -- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
  • ScoutSuite -- Multi-Cloud Security Auditing Tool
  • terraformer -- CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • gcp_enum -- A simple bash script to enumerate Google Cloud Platform environments.
  • gcp_misc -- Miscellaneous tools related to attack operations in Google Cloud Platform.
  • gcp_firewall_enum -- Parse gcloud output to enumerate compute instances with network ports exposed to the Internet. Generates targeted nmap and masscan scripts based on the results.
  • gcp_k8s_enum -- Enumerate services exposed via GKE.



Secret Scanning


  • Terraform Static Analysis
    • checkov -- Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
    • terrascan
    • tfsec -- Security scanner for your Terraform code
    • kics -- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
  • AirIAM -- Least privilege AWS IAM Terraformer.
  • terraform_aws_scp -- AWS Organizations Service Control Policies (SCPs) for Terraform.
  • terraformer -- CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code


  • deepce -- Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE).
  • ccat -- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  • trivy -- Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Open Policy Agent (OPA)

  • opa -- An open source, general-purpose policy engine.
  • fregot -- Alternative REPL to OPA's built-in interpreter.
  • policy-hub-cli -- CLI for searching Rego policies
  • conftest -- Write tests against structured configuration data using the Open Policy Agent Rego query language


Non-CloudSec Stuff (TODO: move this elsewhere)

  • proxify -- Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
  • CloudFail -- Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network.
  • chalice -- Python Serverless Microframework for AWS
  • placebo -- Make boto3 calls that look real but have no effect.
  • serverlessish -- Run the same Docker images in AWS Lambda and AWS ECS
  • BloodHound -- Six Degrees of Domain Admin
  • ProcMon-for-Linux -- Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
  • exec-template -- Super simple go templater.
  • leapp -- Potential alternative to aws-vault