TerraformGoat – "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab’s “Vulnerable by Design” multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID Cloud Service Company Types Of Cloud Services Vulnerable Environment 1 Alibaba Cloud Networking VPC Security Group Open All Ports 2 Alibaba CloudRead More

awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential

Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ ██ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █Read More

PacketStreamer – Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence’s ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, no additional processing Portability, works across virtual machines, Kubernetes and AWS Fargate. Linux and WindowsRead More

AWS-Threat-Simulation-and-Detection – Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team – a tool for adversary emulation for the cloud. Stratus Red Team is “Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the Stratus Red Team repository oneRead More

Hakoriginfinder – Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide via HTTPRead More

ShadowClone – Unleash The Power Of Cloud

ShadowClone allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete. You can make full use of the Free Tiers provided by cloud providers and supercharge your mundane cli tools with shadow clone jutsu (Naruto style)!Read More

Cliam – Multi Cloud IAM Permissions Enumeration Tool

Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP [TODO] Azure [TODO] Oracle Description Cliam is a simple cloud permissions identifier. There are two main components to the CLI. Most of the enumerated permissions are list, describe or get permissions. Only permissions that does not require a specific resource are tested. enumerate which canRead More

Spring4Shell-Scan – A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants). Fuzzing for HTTP GET and POST methods. Automatic validation of the vulnerability upon discovery. Randomized and non-intrusive payloads. WAFRead More

Poro – Scan Publicly Accessible Assets On Your AWS Cloud Environment

Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using –tag-key and –tag-value arguments. Prequisites AWS account with Read Only Access to services listedRead More

ASSAMEE – Free Advance Encryptor For Anon Cloud

ASSAMEE is a free Advance encryptor for Anonfiles. It uses an advanced encryption method to encrypt the directory with AES-256. The data will store on anonfiles.com in an encrypted format. The ASSAMEE requires a download ID to download and decrypt the data from Anonfiles. Downloading encrypted data directly from anon files via a browser willRead More