YATAS – A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something thatRead More

nuvola – Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola (with the lowercase n) is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digital twin of a cloud platform. For a moreRead More

Matano – The Open-Source Security Lake Platform For AWS

Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses onRead More

awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential

Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ ██ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █Read More

LambdaGuard – AWS Serverless Security

  AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results. It provides aRead More

Requests-Ip-Rotator – A Python Library To Utilize AWS API Gateway’s Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway’s large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unless given. This is because otherwise, AWS will send theRead More

Poro – Scan Publicly Accessible Assets On Your AWS Cloud Environment

Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using –tag-key and –tag-value arguments. Prequisites AWS account with Read Only Access to services listedRead More

Slyther – AWS Security Tool

Slyther is AWS Security tool to check read/write/delete access for S3 buckets   Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Release History 0.0.3 Added option to check if aws-cli is installed or not 0.0.2 Added option to check list of buckets 0.0.1 Initial release Created by – @iamavu DownloadRead More

S3Sec – Check AWS S3 Instances For Read/Write/Delete Access

Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs. Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot 🙂 Installation CloneRead More