Kali
The field of cloud computing is growing quickly, and security threats and problems have grown at the same rate. ZeusCloud is a new open-source cloud security tool that is made to deal with the risks and weaknesses of today. ZeusCloud is a game-changer because it has a full set of features, from keeping track of …
Continue reading “ZeusCloud: The Next-Gen Open Source Cloud Security Solution”
Aws-Security-Assessment-Solution is an AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks. Self-Service Security Assessment tool Cybersecurity remains a very important topic and point of concern for many CIOs, CISOs, and their customers. To meet these important …
The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that is not covered. Features YATAS is …
Continue reading “YATAS : A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration”
Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses on …
Continue reading “Matano : The Open-Source Security Lake Platform For AWS”
LambdaGuard is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results. It provides a meaningful overview …
Slyther is AWS Security tool to check read/write/delete access for S3 buckets. Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud
Scour is a modern module based AWS exploitation framework written in golang, designed for red team testing and blue team analysis. Scour contains modern techniques that can be used to attack environments or build detections for defense. Features Command Completion Dynamic resource listing Command history Blue team mode (tags attacks with unique User Agent) Installation …
Taken is a tool to takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a …
Continue reading “Taken : Takeover AWS IPS & Have A Working POC For Subdomain Takeover”
AutoVPN is a script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes ~3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN configuration …
Continue reading “Autovpn : Create On Demand Disposable OpenVPN Endpoints On AWS”
AWS Report is a tool for analyzing amazon resources. Install Using PIP pip install awsreport Features Search IAM users based on creation date Search buckets public Search security based in rules, default is 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways detached Options aws_report.py [OPTIONS] Options:–s3 Search …
Continue reading “AWS Report : A Tool For Analyzing Amazon Resources”
.png)
%20(1).png)
