Skip to content

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

License

Notifications You must be signed in to change notification settings

philipmeadows/my-arsenal-of-aws-security-tools

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 

Repository files navigation

Defensive (Hardening, Security Assessment, Inventory)

Offensive:

Continuous Security Auditing:

DFIR:

Development Security:

S3 Buckets Auditing:

Training:

  • http://flaws.cloud/ - flAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS
  • http://flaws2.cloud/ - flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened.
  • https://github.com/RhinoSecurityLabs/cloudgoat - Vulnerable by Design AWS infrastructure setup tool
  • https://github.com/m6a-UdS/dvca - Damn Vulnerable Cloud Application more info
  • https://github.com/sonofagl1tch/AWSDetonationLab - Scripts and templates to generate some basic detections of the AWS security services
  • OWASP ServerlessGoat - OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository.
  • Sadcloud - A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure.

Honey-token:

Others:

About

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 83.4%
  • Makefile 16.6%