Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      D4rkn3S

      aws security tools

      Recommended Posts

      hello guys, here is github link of AWS security tools

       

      Spoiler

      Defensive (Hardening, Security Assessment, Inventory)

      Scout2:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Security auditing tool for AWS environments (Python)
      Prowler:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - CIS benchmarks and additional checks for security best practices in AWS (Shell Script)
      Scans:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS security scanning checks (NodeJS)
      CloudMapper:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - helps you analyze your AWS environments (Python)
      CloudTracker:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)
      AWS Security Benchmarks:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - scrips and templates guidance related to the AWS CIS Foundation framework (Python)
      AWS Public IPs:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)
      PMapper:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Advanced and Automated AWS IAM Evaluation (Python)
      AWS-Inventory:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Make a inventory of all your resources across regions (Python)
      Resource Counter:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Counts number of resources in categories across regions
      ICE:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Ice provides insights from a usage and cost perspective, with high detail dashboards.
      SkyArk:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - SkyArk provides advanced discovery and security assessment for the most privileged entities in the tested AWS.
      Offensive:

      weirdALL:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS Attack Library
      Pacu:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS penetration testing toolkit
      Cred Scanner:

      Hidden Content

        Give reaction to this post to see the hidden content.

      AWS PWN:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Cloudfrunt:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Cloudjack:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Nimbostratus:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Continuous Security Auditing:

      Security Monkey:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Krampus (as Security Monkey complement)

      Hidden Content

        Give reaction to this post to see the hidden content.

      Cloud Inquisitor:

      Hidden Content

        Give reaction to this post to see the hidden content.

      CloudCustodian:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Disable keys after X days:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Repokid Least Privilege:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Wazuh CloudTrail module:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hammer:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Streamalert:

      Hidden Content

        Give reaction to this post to see the hidden content.

      DFIR:

      AWS IR:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - AWS specific Incident Response and Forensics Tool
      Margaritashotgun:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Linux memory remote acquisition tool
      LiMEaide:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Linux memory remote acquisition tool
      Diffy:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - Triage tool used during cloud-centric security incidents
      Development Security:

      CFN NAG:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - CloudFormation security test (Ruby)
      Git-secrets:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Repository of sample Custom Rules for AWS Config:

      Hidden Content

        Give reaction to this post to see the hidden content.

      S3 Buckets Auditing:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
      |

      Hidden Content

        Give reaction to this post to see the hidden content.
        [Currently Offline]

      Hidden Content

        Give reaction to this post to see the hidden content.

      Training:

      Hidden Content

        Give reaction to this post to see the hidden content.

      Others:

      Hidden Content

        Give reaction to this post to see the hidden content.
      - a list of some biggest leaks recorded

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. The Most Complete Visitor Analytics & SEO package including visitor analytics (unique visitor, page view, bounce rate, average stay time, average visit, traffic analysis, top refferer, new & returning visitor, content overview, country & browser report, os & device report etc.) , web analytics (alexa data, whois data, social media data, moz check, search engine index, google page rank, IP analysis, malware check ) , SEO tools (link analysis, keyword position analysis, auto keyword suggestion,page status check etc.)
          Demo:

          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          INE - OSCP Security Technology Course

          :m: This course provides a foundation in advanced penetration testing that will prepare students for the Penetration Testing with Kali Linux (PWK) course offered by Offensive Security. The course will also prepare students for the Offensive Security Certified Professional (OSCP) exam, which typically proceeds the PWK course. Students should be familiar with Linux command line, common networking terminology, and basic Bash/Python scripting prior to attempting this course.


          Download:
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. wsltools is an elegant and simple Web Scan auxiliary library for Python.
          User Guide Tree:
             
          urlclean
                  ast
                  etl
                  pathSplit
                  mixPayload
              
          checksec
                  
            Check Web Application Firewall
                      checkWaf
                      updateRules
                 
            Check HTTP Response Headers
                      checkHeaders
                      x_xss_protection
                      content_security_policy
                      content_security_policy_report_only
                      x_content_security_policy
                      x_webkit_csp
                      feature_policy
                      x_frame_options
                      access_control_allow_methods
                      access_control_allow_headers
                      access_control_expose_headers
                      strict_transport_security
                      public_key_pins
                      public_key_pins_report_only
                      Other about Security Header
              
          datatype
                  datatype
                  isnumeric
                  istext
                  isxml
                  isjson
                  isjsonp
                  isurl
                  isip
                  isdomain
                  isserialize
                  isimage
                  isaudio
                  isvideo
                  isdocument
                  isarchive
                  isurl Support Schemes
                  Stream Support Types
              
          similar
                  similar
              
          faker
                  Instance
                  profile
                  userAgent
                  creditCard
                  email
                  name
                  ssn
                  phone
                  job
                  company
                  address
                  Support Credit Card Types
                  Support Locales code
              
          domaintools
                  domain
                  valid
                  main
                  sld
                  tld
                  subdomain
                  sublevel
                  subMatch
                  updateTLDS


          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Detect This vulnerabilities
          Remote Code Execution
              Linux
          XSS Reflected
          Template Injection
              Jinja2
              ERB
              Java
              Twig
              Freemarker
          SQl Injection 
          OS Support:
          Linux
          Android
          Windows

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. ehtools framework
          Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it’s easy to install, set up, and utilize.
          Attacking frameworks
          Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program.
          An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself.
          An example of this we’ve covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what’s happening “under the hood” of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network.

          Hidden Content
          Give reaction to this post to see the hidden content.