Tech with Tyler
LinkedInGitHubYouTube
  • 👋Welcome!
    • whoami
    • !!! Disclaimer !!!
  • 🎓Academy
    • AWS Security Cookbook by Tyler
      • AWS Control Tower
        • Lab: Deploying AWS Control Tower via Terraform
      • AWS CloudTrail
      • AWS GuardDuty
        • Lab: Deploying AWS GuardDuty via Terraform
        • Lab: Logging GuardDuty Findings to S3
        • Lab: Adversary Simulation Detection with Stratus Red Team and GuardDuty
      • AWS Organizations
        • Lab: Deploying AWS Organizations via Terraform
      • AWS Root Account Management
        • Lab: Deploying AWS Root Account Management via Terraform
      • AWS Service Control Policies (SCPs)
        • Lab: Deploying AWS Service Control Policies (SCPs) via Terraform
      • TBD - Coming Soon!
        • [TBD] AWS Account Factory
        • [TBD] AWS Identity Center
    • My content on Cybr
      • Course - Terraform on AWS: From Zero to Cloud Infrastructure
      • Lab - Create Static AWS S3 Website with Terraform
      • Lab - Secure EC2 Access with SSM Session Manager and KMS
      • Lab - Encrypt and Decrypt Data with KMS and Data Encryption Keys
    • My content on PwnedLabs
      • Cyber Range - Electra
      • Lab - Abusing Identity Providers in AWS
      • Lab - Prowler and AWS Security Hub
      • Blog - Abusing Identity Providers in AWS
      • Blog - Building Security Guardrails with AWS Resource Control Policies
      • Blog - Defending Against the whoAMI Attack with AWS Declarative Policies
    • My content on YouTube
      • AWS Security Engineering
      • Linux in 60 Seconds!
  • ☁️Cloud Security
    • AWS Attacks and Techniques
      • Enumerate AWS Account IDs
      • Enumerate AWS IAM Users
      • Enumerate (Unauthenticated) IAM Users and Roles
      • Enumerate AWS Public Resources
      • Enumerate Secrets in AWS
      • Generate AWS Console Session
      • Generate IAM Access Keys from CloudShell
      • Password Spraying AWS IAM Users
      • Subdomain Takeovers
    • AWS Privilege Escalation
      • Identity Access Management (IAM)
      • IAM Trust Policies
      • Key Management Service (KMS)
      • Lightsail
      • OpenID Connect (OIDC)
      • S3
      • Secrets Manager
      • Security Token Service (STS)
    • AWS General Info
      • Amazon Bedrock
      • EC2
      • KMS
      • S3
      • SNS Topic
    • AWS CLI Cheat Sheet
    • Capture the Flags (CTFs)
      • Flaws.Cloud
        • Level 1
        • Level 2
        • Level 3
        • Level 4
        • Level 5
        • Level 6
      • PwnedLabs
        • Escalate Privileges by IAM Policy Rollback
        • Exploiting Weak S3 Bucket Policies
        • Leveraging S3 Bucket Versioning
        • S3 Enumeration Basics
        • Pillage Exposed RDS Instances
        • EC2 SSRF Attack
        • Hunt for Secrets in Git Repos
      • Cybr
        • Challenge - Secrets Unleashed
    • Tools
      • Tooling Index
      • dsnap
      • Pacu
      • s3-account-search
      • GoAWSConsoleSpray
      • aws_consoler
      • cloudenum
  • 📦Containers & Orchestration
    • Kubernetes
  • 👨‍💻Coding & CLI Tooling
    • CLI Tools
      • AWS CLI
      • Git
      • GitHub Copilot (CLI)
      • Homebrew
      • jq
      • ngrok
      • ssh
    • Coding and Scripting
      • Bash
      • Python
    • Terminal Customization
  • ⚙️DevSecOps
    • CI/CD
      • GitLab
    • Hashicorp Terraform
    • Hashicorp Vault
    • IAC Scanning
      • tfsec
    • Secrets Scanning
      • Trufflehog
  • 🎁Miscellaneous
    • Jenkins
  • 💻Operating Systems
    • Linux
      • APT Package Manager
      • CLI Tools Cheat Sheet
      • Man Pages
      • Services
      • Users and Groups
  • 🏗️Projects
    • Active Directory Homelab Automation
    • AWS Cloud Resume Challenge
    • Proxmox Homelab as Code
  • 📌Other
    • Useful Resources
Powered by GitBook
On this page

Was this helpful?

  1. Cloud Security
  2. Tools

Tooling Index

Useful tools I've come across

PreviousToolsNextdsnap

Last updated 11 months ago

Was this helpful?

Tool Name
Description
Write Up
Reference
Tags

dsnap

Use to locally download AWS EBS volumes.

dsnap
https://github.com/RhinoSecurityLabs/dsnap

aws, ebs

Pacu

AWS exploitation framework.

Pacu
https://github.com/RhinoSecurityLabs/pacu

aws, exploitation, pentest

cloud_enum

Enumerate public cloud resources on AWS, Azure, GCP.

https://github.com/initstring/cloud_enum/tree/master

aws, azure, gcp, s3, awsapps

EC2userDataDumper

Enumerates and dumps EC2 user data.

https://github.com/cloudbreach/CloudBreach_AWSScripts/blob/master/EC2userDataDumper.sh

aws, ec2

s3BucketVersionDumper

Enumerates and dumps all S3 object versions.

https://github.com/cloudbreach/CloudBreach_AWSScripts/blob/master/s3BucketVersionDumper.sh

aws, s3

Prowler

Open-source multi-cloud CSPM solution for conducting security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.

Lab - Prowler and AWS Security Hub
https://github.com/prowler-cloud/prowler

aws, cspm

CloudFox

Automating situational awareness for cloud penetration tests.

Lab - Abusing Identity Providers in AWS
https://github.com/BishopFox/cloudfox

aws, pentest

Trufflehog

Find secrets in local files, git, docker images, CI/CD, S3 buckets, etc.

Hunt for Secrets in Git Repos
https://github.com/trufflesecurity/trufflehog

aws, secrets, ci/cd, git

gitsecrets

AWS created solution for discovering and preventing committing secrets and credentials into git repositories.

https://github.com/awslabs/git-secrets

aws, secrets, ci/cd, git

tfsec

Terraform scanning solution.

tfsec
https://github.com/aquasecurity/tfsec

terraform, ci/cd

trivy

Vulnerability, misconfiguration, and secrets scanning solution for Terraform, AWS, Containers, and more

https://aquasecurity.github.io/trivy/v0.53/docs/

aws, terraform, containers, kubernetes, secrets, ci/cd

☁️
Get User-Data