# Cloud & Containers

# AWS

• Cloudsplaining - Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
• Greyhat Warfare - Search scanned archived AWS buckets.
• pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
• Prowler - Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
• ScoutSuite - Multi-Cloud Security Auditing Tool.
• WeirdAAL - WeirdAAL (AWS Attack Library)

# Azure

• Azurcar - Security auditing tool for Azure environments
• Greyhat Warfare - Search scanned archived AWS buckets.
• ScoutSuite - Multi-Cloud Security Auditing Tool )

# Docker

• Dacker Daemon Attack Surface - There are four major areas to consider when reviewing Docker security

# GitHub

• gitleaks - Scan git repos (or files) for secrets using regex and entropy.
• gitrob - Reconnaissance tool for GitHub organizations
• GitRoller - GitRoller: A Git Recon Tools
• go-gitaudit - Git audit is a go package which can be used to audit git repository to find issues.
• shhgit - Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
• truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history.
• Yar - Yar is a tool for plunderin' organizations, users and/or repositories.

# Kubernetes

• IceKube - A tool to help find attack paths within a Kubernetes cluster from a low privileged point, to a preferred location, typically cluster-admin.