# Cloud & Containers

# AWS

  • Cloudsplaining - Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report. last-commit
  • Greyhat Warfare - Search scanned archived AWS buckets.
  • pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. last-commit
  • Prowler - Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. last-commit
  • ScoutSuite - Multi-Cloud Security Auditing Tool. last-commit
  • WeirdAAL - WeirdAAL (AWS Attack Library) last-commit

# Azure

  • Azurcar - Security auditing tool for Azure environments last-commit
  • Greyhat Warfare - Search scanned archived AWS buckets.
  • ScoutSuite - Multi-Cloud Security Auditing Tool ) last-commit

# Buckets

  • OpenBuckets - Search public or misconfigured AWS, Azure, Digital Ocean, GCP, IBM, Linode, and Alibaba buckets.

# Containers

  • Checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. last-commit
  • Clair - Vulnerability Static Analysis for Containers. last-commit
  • Dacker Daemon Attack Surface - There are four major areas to consider when reviewing Docker security
  • Dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to star. last-commit
  • Grype - A vulnerability scanner for container images and filesystems. last-commit
  • IceKube - A tool to help find attack paths within a Kubernetes cluster from a low privileged point, to a preferred location, typically cluster-admin. last-commit
  • Scancode Toolkit - ScanCode detects licenses, copyrights, and dependencies to discover and inventory open source and third-party packages used in your code. last-commit
  • Syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems. last-commit
  • Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more. last-commit

# Git

  • gitleaks - Scan git repos (or files) for secrets using regex and entropy. last-commit
  • gitrob - Reconnaissance tool for GitHub organizations last-commit
  • GitRoller - GitRoller: A Git Recon Tools last-commit
  • go-gitaudit - Git audit is a go package which can be used to audit git repository to find issues. last-commit
  • shhgit - Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories. last-commit
  • truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history. last-commit
  • Yar - Yar is a tool for plunderin' organizations, users and/or repositories. last-commit