Docker configuration to quickly setup your own Canarytokens.

Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern

Scan for misconfigured S3 buckets across S3-compatible APIs!

Data pipelines for cloud config and security data. Build cloud asset inventory, CSPM, FinOps, and vulnerability management solutions. Extract from AWS, Azure, GCP, and 70+ cloud and SaaS sources.

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Multi-Cloud Security Auditing Tool

Cloud Security Posture Management (CSPM)

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A vulnerability scanner for container images and filesystems

Script to fingerprint NTP servers

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

This repository can be used to generate and evaluate findings detected by Amazon GuardDuty

Small and highly portable detection tests based on MITRE's ATT&CK.

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Automating situational awareness for cloud penetration tests.

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

🌐 Identify the technologies powering any website. This is a fork of the now deleted Wappalyzer project by @AliasIO and community.

CVE cache of the official CVE List in CVE JSON 5 format

Backend for HTTP Observatory on MDN

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

Quickly discover exposed hosts on the internet using multiple search engines.