Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      D4rkn3S

      aws security tools

      Recommended Posts

      hello guys, here is github link of AWS security tools

       

      Spoiler

      Defensive (Hardening, Security Assessment, Inventory)

      Scout2:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Security auditing tool for AWS environments (Python)
      Prowler:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - CIS benchmarks and additional checks for security best practices in AWS (Shell Script)
      Scans:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS security scanning checks (NodeJS)
      CloudMapper:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - helps you analyze your AWS environments (Python)
      CloudTracker:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)
      AWS Security Benchmarks:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - scrips and templates guidance related to the AWS CIS Foundation framework (Python)
      AWS Public IPs:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)
      PMapper:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Advanced and Automated AWS IAM Evaluation (Python)
      AWS-Inventory:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Make a inventory of all your resources across regions (Python)
      Resource Counter:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Counts number of resources in categories across regions
      ICE:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Ice provides insights from a usage and cost perspective, with high detail dashboards.
      SkyArk:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS.
      Offensive:

      weirdALL:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS Attack Library
      Pacu:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS penetration testing toolkit
      Cred Scanner:

      Hidden Content

        Give reaction to this post to see the hidden content.

      AWS PWN:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Cloudfrunt:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Cloudjack:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Nimbostratus:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Continuous Security Auditing:

      Security Monkey:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Krampus (as Security Monkey complement)

      Hidden Content

        Give reaction to this post to see the hidden content.

      Cloud Inquisitor:

      Hidden Content

        Give reaction to this post to see the hidden content.

      CloudCustodian:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Disable keys after X days:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Repokid Least Privilege:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Wazuh CloudTrail module:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hammer:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Streamalert:

      Hidden Content

        Give reaction to this post to see the hidden content.

      DFIR:

      AWS IR:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS specific Incident Response and Forensics Tool
      Margaritashotgun:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Linux memory remote acquisition tool
      LiMEaide:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Linux memory remote acquisition tool
      Diffy:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Triage tool used during cloud-centric security incidents
      Development Security:

      CFN NAG:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - CloudFormation security test (Ruby)
      Git-secrets:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Repository of sample Custom Rules for AWS Config:

      Hidden Content

        Give reaction to this post to see the hidden content.

      S3 Buckets Auditing:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
      |

      Hidden Content

        Give reaction to this post to see the hidden content.
        [Currently Offline]

      Hidden Content

        Give reaction to this post to see the hidden content.

      Training:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Others:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - a list of some biggest leaks recorded

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in waybackmachine.
          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exist and accessible
              Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
               Search S3 buckets in source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.5.9
              Start: Code optimization Update: Change changelog.md + Readme.md

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Hide My WP is the number one security plugin for WordPress. It hides your WordPress from attackers, spammers and theme detectors. Over 26,000 satisfied customers use Hide My WP. It also hides your wp login URL and renames admin URL. It detects and blocks XSS, SQL Injection type of security attacks on your WordPress website.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Protection against your greatest online foes
          Avast Premium Security protects against all online threats including spoofed websites and ransomware.
          Security that’s tailored to fit your needs
          Custom features for PC, Mac, Android, and iPhone/iPad secure your devices where it’s needed most.
          Single- and Multi-Device options let you choose the protection that works best for you.
          “Up to 10 devices” means you can share your security with every one of your devices or everyone closest to you.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
          Web Application Security Recon Automation Framework
          It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like -
              Subdomains from - Amass ,findomain, subfinder & resolvable subdomains using shuffledns
              Screenshots
              Port Scan
              JS files
              Httpx Status codes of subdomains
              Dirsearch file/dir paths by fuzzing


          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
          Features
              Man-in-the-middle (MITM) HTTP/1.1 proxy with logs
              Project based database storage (SQLite)
              Scope support
              Headless management API using GraphQL
              Embedded web interface (Next.js)

          Hidden Content
          Give reaction to this post to see the hidden content.