Cloudfox – Automating Situational Awareness For Cloud Penetration Tests

CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following common questions (and many more): What regions is this AWS account using and roughly howRead More

Parrot 5.1 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot OS 5.1 is officially released. We’re proud to say that the new version of Parrot OS 5.1 is available for download; this new version includes a lot of improvements and updates that makes the distribution more performing and more secure. How do I get Parrot OS? You can download Parrot OS by clicking hereRead More

TerraformGoat – "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab’s “Vulnerable by Design” multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID Cloud Service Company Types Of Cloud Services Vulnerable Environment 1 Alibaba Cloud Networking VPC Security Group Open All Ports 2 Alibaba CloudRead More

awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential

Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ ██ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █Read More

PacketStreamer – Distributed Tcpdump For Cloud Native Environments

Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence’s ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, no additional processing Portability, works across virtual machines, Kubernetes and AWS Fargate. Linux and WindowsRead More

AWS-Threat-Simulation-and-Detection – Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team – a tool for adversary emulation for the cloud. Stratus Red Team is “Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the Stratus Red Team repository oneRead More

Hakoriginfinder – Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide via HTTPRead More

ShadowClone – Unleash The Power Of Cloud

ShadowClone allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete. You can make full use of the Free Tiers provided by cloud providers and supercharge your mundane cli tools with shadow clone jutsu (Naruto style)!Read More

Cliam – Multi Cloud IAM Permissions Enumeration Tool

Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP [TODO] Azure [TODO] Oracle Description Cliam is a simple cloud permissions identifier. There are two main components to the CLI. Most of the enumerated permissions are list, describe or get permissions. Only permissions that does not require a specific resource are tested. enumerate which canRead More

Spring4Shell-Scan – A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants). Fuzzing for HTTP GET and POST methods. Automatic validation of the vulnerability upon discovery. Randomized and non-intrusive payloads. WAFRead More