Home
Categories
π
Osint
π©
Brute-force
π₯·
Active directory
π΅
Wireless security
π©οΈ
Cloud Security
π§©
Network assessment
πΈοΈ
Web vulnerability detection
πΆ
Wireless Attacks
π
Information Gathering Tools
βοΈ
Forensics Tools
π«
Vulnerability Analysis
π
Sniffing & Spoofing
β οΈ
Stress Testing
Tools
Blog
Tools
π©οΈ
Cloud Security
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Explore other tools categories:
π
Osint
π©
Brute-force
π₯·
Active directory
π΅
Wireless security
π©οΈ
Cloud Security
π§©
Network assessment
πΈοΈ
Web vulnerability detection
πΆ
Wireless Attacks
π
Information Gathering Tools
π«
Vulnerability Analysis
βοΈ
Forensics Tools
π
Sniffing & Spoofing
β οΈ
Stress Testing
13.11.23
CloudHunter
CloudHunter is a potent reconnaissance tool for discovering and investigating security vulnerabilities in cloud storage buckets across providers. The tool's objective is to identify and display the permissions for potentially problematic buckets, giving users important information about the security of cloud storage setups.
October 2, 2023
13.11.23
CloudEnum
CloudEnum is a versatile multi-cloud OSINT (Open-source intelligence) tool designed to enumerate public resources in popular cloud service providers such as AWS (Amazon Web Services), Azure (Microsoft Azure), and Google Cloud Platform (GCP). This tool aids in discovering various resources within these cloud environments, providing valuable insights into potential security vulnerabilities.
October 2, 2023
13.11.23
barq
Barq is a post-exploitation framework designed to carry out assaults on a live Amazon infrastructure. Targeting live EC2 instances is made simpler by not requiring the original instance SSH keypairs.Additionally, AWS's secret and parameter storage may be listed and extracted using Barq.
October 3, 2023
13.11.23
BlobHunter
An open-source programme called BlobHunter is used to search Azure blob storage accounts for publicly available blobs. BlobHunter, a vital tool for locating improperly configured containers hosting sensitive data within Azure subscriptions, was created as a component of the "Hunting Azure Blobs Exposes Millions of SensitiveFiles" investigation.
October 3, 2023
13.11.23
CloudBrute
Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, and Linode are a few of the major cloud service providers. A powerful tool for identifying a company's (target) infrastructure, data, and software on these platforms is called CloudBrute. This tool is helpful for bug bounty hunters, red teams, and penetration testers who are trying to identify and assess cloud-based vulnerabilities.
October 3, 2023
13.11.23
CloudMapper
A useful tool for examining Amazon Web Services (AWS) infrastructures is called CloudMapper. CloudMapper currently supports a wide range of functions, including audits for security concerns. It was first developed for creating network diagrams. Although the network visualisation functionality (command prepare) is no longer supported, the tool is still developing and getting new capabilities.
October 3, 2023
13.11.23
Scout Suite
The open-source Scout Suite multi-cloud security auditing tool is intended to evaluate the security status of cloud systems. It collects configuration information from cloud providers using their open APIs, enabling security consultants and auditors to manually review systems and spot any security vulnerabilities. Scout Suite provides a clear, automated picture of the attack surface rather than browsing via online interfaces.
October 3, 2023
13.11.23
CloudFox
To assist penetration testers and offensive security specialists in becoming situationally aware in novel cloud environments, the open-source CloudFox command-line tool was developed. It assists in identifying weak attack vectors in cloud infrastructure by replying to several questions about the configuration and security posture of the cloud environment.
October 3, 2023
13.11.23
Pacu
AWS exploitation framework Pacu is open-source and developed for offensive security testing against cloud systems. Pacu, which Rhino Security Labs created and maintains, enables penetration testers to take advantage of configuration bugs in an AWS account. It uses modules to quickly increase the capability of its system, making a variety of attacks possible, such as user privilege escalation, IAM user backdooring, Lambda function exploitation, and others.
October 3, 2023
13.11.23
Prowler
Prowler is an open-source security tool made for doing assessments, audits, incident response, continuous monitoring, hardening, and forensics ready for AWS, GCP, and Azure security best practises.It has a large number of controls that cover many compliance frameworks, including ENS (Spanish National Security Scheme), CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, and AWS Well-Architected Framework Security Pillar.
October 3, 2023
13.11.23
CloudSploit
An open-source project called CloudSploit by Aqua enables the identification of security concerns in cloud infrastructure accounts, such as those for GitHub, Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI). These programmes provide a long list of possible security flaws and setup errors.
October 3, 2023