Git Product home page Git Product logo

cloudseclists's Introduction

About CloudSecLists

CloudSecLists is a collection of tools that are useful for securing a cloud environment. This list will start off fairly simple, then once I get enough things added I will separate the tools into Blue Team, Red Team, and maybe Purple Team. I will try to come up with a system to let the user knows if they are useful for AWS, Azure, GCP, etc...

AWS

General

AWS Well Architected Labs: Security - The security labs are documentation and code in the format of hands-on labs to help you learn, measure, and build using architectural best practices.

Enumeration

Metasploit: enum_iam - Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all IAM credentials associated with the account
Metasploit: enum_ec2 - Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all EC2 instances associated with the account
Metasploit: enum_s3 - Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all S3 buckets associated with the account

S3

Grayhat Warfare Public Bucket Search - Search engine for finding open S3 buckets.
S3Scanner - A tool to find open S3 buckets and dump their contents
S3-Inspector - Checks all your buckets for public access
AWS Extender - This Burp Suite extension can identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library.
minio - Set up a local S3 type lab you can test your scripts against. See https://medium.com/@jonathanchelmus/creating-an-s3-lab-on-an-ec2-instance-95ffd8ac6c1
Recon-Public-Buckets - Example of using bash + aws cli against a list of buckets to see if you have public buckets in your environment.

Cloudformation

cfn_nag - Cloudformation template scanner. DevSecOps. My favorite of the Open Source ones.
checkov - Cloudformation template scanner. DevSecOps.

Lambda

LambdaGuard - Audit and scan Lambda services

Informational Resources

Python, Boto3, and AWS S3: Demystified - Work with S3 via Python Boto3 module.

Attribution

Dustin Butterworth - [email protected]

Resources

AWS Penetration Testing by Jonathan Helmus - Many tools from this list gathered from this book. Highly recommend buying it!

cloudseclists's People

Contributors

dustinbutterworth avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.