Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Multiple Resource Types
    • (tick) asecure.cloud –  Creates customized CloudFormation/Terraform templates to improve security of existing AWS resources, or deploy secured resources.
    • (tick) cloud-custodian/cloud-custodian – Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
    • toniblyx/prowler – Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
    • aquasecurity/cloudsploit – Cloud Security Posture Management (CSPM)
    • airbnb/streamalert – StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
    • RhinoSecurityLabs/pacu – The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
    • Netflix/security_monkey – Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
    • RiotGames/cloud-inquisitor – Enforce ownership and data security within AWS
    • tmobile/pacbot – Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud.
    • darkbitio/aws-recon – Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
    • righteousgambitresearch/quiet-riot – Unauthenticated enumeration of services, roles, and users in an AWS account or in every AWS account in existence.
    • fivexl/terraform-aws-cloudtrail-to-slack – Terraform module that deploys resources to parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules
    • cloudquery/cloudquery – Open-source cloud asset inventory powered by SQL. Can also perform Terraform drift checks.
    • turbot/steampipe – Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
    • simonw/s3-credentials –  A tool for creating credentials for accessing S3 buckets. Helps generate tightly-scoped IAM policies limited to a single prefix within a single bucket.
    • nccgroup/ScoutSuite – Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
    • DataDog/stratus-red-team – Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.
    • awslabs/aws-cloudsaga – Simulate security events in AWS
    • awslabs/aws-automated-incident-response-and-forensics – The Automated Incident Response and Forensics aims to facilitate automated steps for incident response and forensics based on the AWS Incident Response White Paper
    • awslabs/aws-security-assessment-solution – An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.
    • jonrau1/ElectricEye – Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability.
  •  CloudFormation
    • cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
    • stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
  • Keys and Secrets
    • awslabs/git-secrets – Prevents you from committing secrets and credentials into git repositories

    • exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
    • dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
    • zricethezav/gitleaks – Scan git repos (or files) for secrets using regex and entropy 
  • S3

...