LinkedInGitHubYouTube

Tooling Index

Useful tools I've come across

Tool Name
Description
Write Up
Reference
Tags

dsnap

Use to locally download AWS EBS volumes.

dsnap
https://github.com/RhinoSecurityLabs/dsnap

aws, ebs

Pacu

AWS exploitation framework.

Pacu
https://github.com/RhinoSecurityLabs/pacu

aws, exploitation, pentest

cloud_enum

Enumerate public cloud resources on AWS, Azure, GCP.

https://github.com/initstring/cloud_enum/tree/master

aws, azure, gcp, s3, awsapps

EC2userDataDumper

Enumerates and dumps EC2 user data.

Get User-Data
https://github.com/cloudbreach/CloudBreach_AWSScripts/blob/master/EC2userDataDumper.sh

aws, ec2

s3BucketVersionDumper

Enumerates and dumps all S3 object versions.

https://github.com/cloudbreach/CloudBreach_AWSScripts/blob/master/s3BucketVersionDumper.sh

aws, s3

Prowler

Open-source multi-cloud CSPM solution for conducting security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness.

Lab - Prowler and AWS Security Hub
https://github.com/prowler-cloud/prowler

aws, cspm

CloudFox

Automating situational awareness for cloud penetration tests.

Lab - Abusing Identity Providers in AWS
https://github.com/BishopFox/cloudfox

aws, pentest

Trufflehog

Find secrets in local files, git, docker images, CI/CD, S3 buckets, etc.

Hunt for Secrets in Git Repos
https://github.com/trufflesecurity/trufflehog

aws, secrets, ci/cd, git

gitsecrets

AWS created solution for discovering and preventing committing secrets and credentials into git repositories.

https://github.com/awslabs/git-secrets

aws, secrets, ci/cd, git

tfsec

Terraform scanning solution.

tfsec
https://github.com/aquasecurity/tfsec

terraform, ci/cd

trivy

Vulnerability, misconfiguration, and secrets scanning solution for Terraform, AWS, Containers, and more

https://aquasecurity.github.io/trivy/v0.53/docs/

aws, terraform, containers, kubernetes, secrets, ci/cd

PreviousToolsNextdsnap

Last updated

Was this helpful?