arsenal.md

AWS Arsenal

Defensive (Hardening, Security Assessment, Inventory)

• ScoutSuite: https://github.com/nccgroup/ScoutSuite - Security auditing tool for AWS environments (Python)
• Prowler: https://github.com/toniblyx/prowler - CIS benchmarks and additional checks for security best practices in AWS (Shell Script)
• Scans: https://github.com/cloudsploit/scans - AWS security scanning checks (NodeJS)
• CloudMapper: https://github.com/duo-labs/cloudmapper - helps you analyze your AWS environments (Python)
• CloudTracker: https://github.com/duo-labs/cloudtracker - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)
• AWS Security Benchmarks: https://github.com/awslabs/aws-security-benchmark - scrips and templates guidance related to the AWS CIS Foundation framework (Python)
• AWS Public IPs: https://github.com/arkadiyt/aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)
• PMapper: https://github.com/nccgroup/PMapper - Advanced and Automated AWS IAM Evaluation (Python)
• AWS-Inventory: https://github.com/nccgroup/aws-inventory - Make a inventory of all your resources across regions (Python)
• Resource Counter: https://github.com/disruptops/resource-counter - Counts number of resources in categories across regions
• Checkov: https://github.com/bridgecrewio/checkov - Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform and detects security and compliance misconfigurations.
• CloudQuery https://github.com/cloudquery/cloudquery - Asset Inventory

Offensive:

• weirdALL: https://github.com/carnal0wnage/weirdAAL - AWS Attack Library
• Pacu: https://github.com/RhinoSecurityLabs/pacu - AWS penetration testing toolkit
• Cred Scanner: https://github.com/disruptops/cred_scanner
• AWS PWN: https://github.com/dagrz/aws_pwn
• Cloudfrunt: https://github.com/MindPointGroup/cloudfrunt
• Cloudjack: https://github.com/prevade/cloudjack
• Nimbostratus: https://github.com/andresriancho/nimbostratus
• EndGame [https://github.com/salesforce/endgame] (https://github.com/salesforce/endgame) - AWS PenTest Tool from Salesforce/Kinnaird

Continuous Security Auditing:

• hammer https://github.com/dowjones/hammer
• PacBot https://github.com/tmobile/pacbot
• Security Monkey: https://github.com/Netflix/security_monkey
• Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus
• Cloud Inquisitor: https://github.com/RiotGames/cloud-inquisitor
• CloudCustodian: https://github.com/capitalone/cloud-custodian
• Disable keys after X days: https://github.com/te-papa/aws-key-disabler
• Repokid Least Privilege: https://github.com/Netflix/repokid
• Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html
• Detect Credential Compromise https://github.com/jchrisfarris/detect-credential-compromise
• Barq https://github.com/Voulnet/barq - post exploitation tool
• smogcloud https://github.com/BishopFox/smogcloud - Find cloud assets that no one wants exposed

DFIR:

• AWS IR: https://github.com/ThreatResponse/aws_ir - AWS specific Incident Response and Forensics Tool
• Margaritashotgun: https://github.com/ThreatResponse/margaritashotgun - Linux memory remote acquisition tool
• LiMEaide: https://kd8bny.github.io/LiMEaide/ - Linux memory remote acquisition tool
• Diffy: https://github.com/Netflix-Skunkworks/diffy - Triage tool used during cloud-centric security incidents

Development Security:

• CFN NAG: https://github.com/stelligent/cfn_nag - CloudFormation security test (Ruby)
• Git-secrets: https://github.com/awslabs/git-secrets
• Repository of sample Custom Rules for AWS Config: https://github.com/awslabs/aws-config-rules

S3 Buckets Auditing:

• https://github.com/Parasimpaticki/sandcastle
• https://github.com/smiegles/mass3
• https://github.com/koenrh/s3enum
• https://github.com/tomdev/teh_s3_bucketeers/
• https://github.com/eth0izzle/bucket-stream
• https://github.com/gwen001/s3-buckets-finder
• https://github.com/aaparmeggiani/s3find
• https://github.com/bbb31/slurp
• https://github.com/random-robbie/slurp
• https://github.com/kromtech/s3-inspector
• https://github.com/petermbenjamin/s3-fuzzer
• https://github.com/jordanpotti/AWSBucketDump
• https://github.com/bear/s3scan
• https://github.com/sa7mon/S3Scanner
• https://github.com/magisterquis/s3finder
• https://github.com/abhn/S3Scan
• https://breachinsider.com/honey-buckets/
• https://www.buckhacker.com | https://www.thebuckhacker.com/   [Currently Offline]
• https://buckets.grayhatwarfare.com/

Training:

• Flaws http://flaws.cloud/
• Flaws2 http://flaws2.cloud/
• Cloudgoat https://github.com/RhinoSecurityLabs/cloudgoat

Others:

• StreamAlert https://github.com/airbnb/streamalert - data analytics
• https://github.com/nagwww/s3-leaks - a list of some biggest leaks recorded
• Rhino Labs Research https://github.com/RhinoSecurityLabs/Cloud-Security-Research
• Dufflebag https://github.com/bishopfox/dufflebag - Search exposed EBS volumes for secrets
• CloudENum https://github.com/initstring/cloud_enum
• Domain-Protect https://github.com/ovotech/domain-protect - protect from sub-domain takeovers

IAM:

• AirIAM https://github.com/bridgecrewio/AirIAM
• IAM Reference https://github.com/rvedotrc/aws-iam-reference
• PMapper https://github.com/nccgroup/PMapper
• CloudSplaining https://github.com/salesforce/cloudsplaining
• PolicySentry https://github.com/salesforce/policy_sentry

Honeypots

• Spacecrab https://bitbucket.org/asecurityteam/spacecrab
• https://breachinsider.com/honey-buckets/
• honeyLambda https://github.com/0x4D31/honeyLambda
• Thinkst Canary https://github.com/thinkst/canarytokens-docker

Serverless & Lambda:

• https://github.com/Skyscanner/LambdaGuard - LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results.

CloudFormation and Terraform

• CFRipper https://github.com/Skyscanner/cfripper/
• https://github.com/nozaq/terraform-aws-secure-baseline
• Terrascan https://github.com/cesar-rodriguez/terrascan
• tfsec https://github.com/liamg/tfsec