A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

An offensive attack framework for Distributed Layer of Modern Applications

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Hands on labs and code to help you learn, measure, and build using architectural best practices.

OWASP API Security Project

Offensive tools as Dockerfiles. Lightweight & Ready to go

Automated Red Team Infrastructure deployement using Docker

Wiki to collect Red Team infrastructure hardening resources

This repository contains an example Python API that is vulnerable to several different web API attacks.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

Multi-Cloud Security Auditing Tool

Scan for misconfigured S3 buckets across S3-compatible APIs!

Amazon bucket brute force tool

A Siem environment using Guard Duty + Kibana + S3 + ES + Cognito + Kinesis