awsEnum – Enumerate AWS Cloud Resources Based On Provided Credential

Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ ██ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █Read More

Ghostbuster – Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts (Route53), and can optionally take in records via CSV input, or via Cloudflare. After these records are collected, Ghostbuster iterates through all of your AWS Elastic IPsRead More

CloudSpec – An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language

CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language that everybody can understand. With its reasonably simple syntax, you can validate the configuration of your cloud resources, avoiding mistakes that can lead to availability or confidentiality issues.   Introduction With CloudSpec you validate resources in yourRead More

Vimana – An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications

Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks (in addition to the generic ones for web), trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework emerged, is to identify, through a blackboxRead More

Awesome Android Security – A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

    A curated list of Android Security materials and resources For Pentesters and Bug Hunters.   Blog AAPG – Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC – CVE-2020-8913 Android:Read More

Rakkess – Kubectl Plugin To Show An Access Matrix For K8S Server Resources

Review Access – kubectl plugin to show an access matrix for server resources IntroHave you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is what rakkess is for. It listsRead More

DAGOBAH – Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index.Dagobah runs into the a LAMBDA and looks at all the AWS REGIONS, actually collect differents configurations from: EC2 VPCRead More

AWS Report – A Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Install using PIP pip install awsreport Features Search IAM users based on creation date Search buckets public Search security based in rules, default is 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways detached Options aws_report.py [OPTIONS]Options: –s3 SearchRead More

Arcane – A Simple Script Designed To Backdoor iOS Packages (Iphone-Arm) And Create The Necessary Resources For APT Repositories

Arcane is a simple script designed to backdoor iOS packages (iphone-arm) and create the necessar y resources for APT repositories. It was created for this publication to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.How Arcane works…To understand what’s happening in the GIF, decompressRead More

X