Komiser is a multi-cloud infrastructure inspector and asset inventory manager. It provides a centralized system for auditing, cataloging, and analyzing deployed services and assets across AWS, GCP, and Azure environments. The project transforms disparate resource schemas from different cloud vendors into a unified structural representation through a provider-based plugin architecture. It uses agentless API inspection and polling-based resource discovery to retrieve metadata and configuration states without requiring agents on target resources. The platform covers financial management via cos
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
CDK is a specialized toolset for container security auditing, container escape exploitation, and cloud infrastructure pentesting. It provides a collection of scripts and tools designed to identify and exploit vulnerabilities in container runtimes to break out of isolated environments and execute commands on the underlying host operating system. The project features a dedicated Docker runtime exploit suite for abusing the Docker API, procfs, and cgroups to gain unauthorized host-level access. It includes specific techniques for bypassing isolation via LXCFS, user namespace exploitation, and ho
CloudQuery is a cloud infrastructure ETL tool and multi-cloud data pipeline designed to collect, synchronize, and normalize resource metadata from various cloud providers and SaaS platforms. It functions as a centralized asset inventory manager and security posture manager, extracting configuration and state data into relational databases, data lakes, or data warehouses.
The main features of cloudquery/cloudquery are: Cloud Provider Metadata Extraction, Cloud Asset Inventory Managers, Cloud Metadata Transformations, Relational Data Transformations, API-to-Relational Mappers, Cloud Metadata Ingestors, SQL Data Loading and Transformation, SQL Infrastructure Querying.
Open-source alternatives to cloudquery/cloudquery include: mlabouardy/komiser — Komiser is a multi-cloud infrastructure inspector and asset inventory manager. It provides a centralized system for… alfresco/prowler — Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for… toniblyx/prowler — Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance… cdk-team/cdk — CDK is a specialized toolset for container security auditing, container escape exploitation, and cloud infrastructure… dlt-hub/dlt — dlt is a Python data ingestion tool and ETL pipeline framework designed to fetch data from diverse sources and persist… capitalone/cloud-custodian — Cloud Custodian is a multi-cloud governance engine and policy enforcement tool designed to automate security,…