Kali
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following common questions (and many more): What regions is this AWS account using and roughly how …
Continue reading “Cloudfox – Automating Situational Awareness For Cloud Penetration Tests”
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API. …
Continue reading “Restler Fuzzer : API Fuzzing Tool For Automatically Testing Cloud Services”
This is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpoint Sigma rules (https://github.com/Neo23x0/sigma) …
Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node implemented as a docker container …
Create a VPS on Google Cloud Platform or Digital Ocean easily to use Offensive Docker and launch the assessments to the targets. Requirements Terraform installed (Version used: v0.13.0) Ansible installed (Version used: 2.9.12) SSH private and public keys Google Cloud Platform or Digital Ocean account. Usage Clone the repository git clone –depth 1 https://github.com/aaaguirrep/offensive-docker-vps.git vps …
SkyArk is a cloud security project with two main scanning modules: AzureStealth – Scans Azure environments AWStealth – Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal – Discover The Most Privileged Cloud Users It currently focuses on mitigating the new threat …
Continue reading “SkyArk : A Cloud Security Project With Two Main Scanning Modules”
L2MON is a cloud based remote android managment suite, powered by NodeJS. Features GPS Logging Microphone Recording View Contacts SMS Logs Send SMS Call Logs View Installed Apps View Stub Permissions Live Clipboard Logging Live Notification Logging View WiFi Networks (logs previously seen) File Explorer & Downloader Command Queuing Built In APK Builder Prerequisites Java …
Continue reading “L3MON : A Cloud Based Remote Android Management Suite”
Cloudtopolis is a tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!). Requirements Have 1 Google account (at least). Installation Cloudtopolis installation is carried out in two phases: Phase 1 Access Google Cloud Shell from the following link: https://ssh.cloud.google.com/cloudshell/editor?hl=es&fromcloudshell=true&shellonly=true Then, run the …
Continue reading “Cloudtopolis : Cracking Hashes In The Cloud For Free”
Parsec is a free software (AGPL v3) aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key Features Works as a virtual drive on you computer. You can access and modify all the data stored in Parsec with your regular softwares just like you would on …
Cloud Container Attack Tool or CCat is a tool for testing security of container environments. Requirements Python 3.5+ is required. Docker is required. Note: It is tested with Docker Engine 19.03.1 version. Named profile is required for using AWS functionality. A service account or access token is required for using GCP functionality. Installation Note: We …
