# Automated AWS Security Auditing Tools > Search results for `audit an AWS account for security risks` on awesome-repositories.com. 115 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/audit-an-aws-account-for-security-risks **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/audit-an-aws-account-for-security-risks).** ## Results - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut - [addyosmani/agent-skills](https://awesome-repositories.com/repository/addyosmani-agent-skills.md) (60,849 ⭐) — Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated - [fallibleinc/security-guide-for-developers](https://awesome-repositories.com/repository/fallibleinc-security-guide-for-developers.md) (21,090 ⭐) — This project is a web application security guide and developer training resource. It serves as a secure coding framework and vulnerability remediation manual, providing software engineers with the tools to identify, prioritize, and fix common security holes across different application layers. The resource utilizes a structured verification framework and security audit checklists to systematically find vulnerabilities. It features a technical reference that maps specific security flaws to step-by-step instructions for remediation, supported by vulnerability statistics to help determine which - [qianniuspace/mcp-security-audit](https://awesome-repositories.com/repository/qianniuspace-mcp-security-audit.md) (53 ⭐) — A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks. - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i - [boto/boto3](https://awesome-repositories.com/repository/boto-boto3.md) (9,834 ⭐) — Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain - [cloud-custodian/cloud-custodian](https://awesome-repositories.com/repository/cloud-custodian-cloud-custodian.md) (6,011 ⭐) — Cloud Custodian is an open-source rules engine that uses declarative YAML policies to query, filter, and take automated actions on cloud resources for governance and compliance. It functions as a stateless policy execution engine, where each policy evaluation runs as an independent, idempotent operation without maintaining internal state between runs. Policies are defined using a YAML-based domain-specific language that structures rules as a query-filter-action pipeline. The engine supports dry-run validation, allowing users to simulate policy actions against live resources without applying c - [cjsrkd3321/aws-security-architectures](https://awesome-repositories.com/repository/cjsrkd3321-aws-security-architectures.md) (14 ⭐) — aws-security-architecture - [amruthpillai/reactive-resume](https://awesome-repositories.com/repository/amruthpillai-reactive-resume.md) (38,613 ⭐) — This project is a web-based platform designed for creating, managing, and sharing professional resumes. It functions as a structured document builder that integrates artificial intelligence to assist with content generation, editing, and analysis. Users can maintain a collection of resumes, customize their visual presentation through various templates, and export them into multiple formats for job applications. The platform distinguishes itself through its autonomous AI agent capabilities, which can perform research, suggest incremental edits, and apply data patches directly to documents. It - [portswigger/aws-security-checks](https://awesome-repositories.com/repository/portswigger-aws-security-checks.md) (41 ⭐) — AWS Security Checks - [prowler-cloud/prowler](https://awesome-repositories.com/repository/prowler-cloud-prowler.md) (13,049 ⭐) — Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf - [nccgroup/scoutsuite](https://awesome-repositories.com/repository/nccgroup-scoutsuite.md) (7,548 ⭐) — ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul - [0xnazgul/blockchain-security-audit-list](https://awesome-repositories.com/repository/0xnazgul-blockchain-security-audit-list.md) (793 ⭐) — A list of Blockchain Security audit companies, solo auditors and where to find all their public audits. - [harisekhon/devops-bash-tools](https://awesome-repositories.com/repository/harisekhon-devops-bash-tools.md) (8,062 ⭐) — DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests - [anaynayak/aws-security-viz](https://awesome-repositories.com/repository/anaynayak-aws-security-viz.md) (721 ⭐) — Visualize your aws security groups. - [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring. The platform distinguishes itself through ad - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essentia - [nozaq/terraform-aws-secure-baseline](https://awesome-repositories.com/repository/nozaq-terraform-aws-secure-baseline.md) (1,197 ⭐) — Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices. - [toniblyx/prowler](https://awesome-repositories.com/repository/toniblyx-prowler.md) (14,005 ⭐) — Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast - [pulumi/pulumi](https://awesome-repositories.com/repository/pulumi-pulumi.md) (24,797 ⭐) — Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific - [accounts-js/accounts](https://awesome-repositories.com/repository/accounts-js-accounts.md) (1,501 ⭐) — Fullstack authentication and accounts-management for GraphQL and REST. - [chatwoot/chatwoot](https://awesome-repositories.com/repository/chatwoot-chatwoot.md) (31,959 ⭐) — Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an eve - [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orches - [z0ph/aws-security-toolbox](https://awesome-repositories.com/repository/z0ph-aws-security-toolbox.md) (284 ⭐) — AWS Security Tools (AST) in a simple Docker container. :package: - [dxa4481/trufflehog](https://awesome-repositories.com/repository/dxa4481-trufflehog.md) (26,790 ⭐) — TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t - [be-bold/terraform-aws-account-lookup](https://awesome-repositories.com/repository/be-bold-terraform-aws-account-lookup.md) (4 ⭐) — This Terraform module allows querying AWS accounts and outputs the accounts in various mappings or as a complete list, with the ability to apply a search filter to the account list and group the accounts by existing tags using a sub-module. - [cloudquery/cloudquery](https://awesome-repositories.com/repository/cloudquery-cloudquery.md) (6,438 ⭐) — CloudQuery is a cloud infrastructure ETL tool and multi-cloud data pipeline designed to collect, synchronize, and normalize resource metadata from various cloud providers and SaaS platforms. It functions as a centralized asset inventory manager and security posture manager, extracting configuration and state data into relational databases, data lakes, or data warehouses. The system distinguishes itself by transforming complex, nested cloud API responses into flat relational tables, enabling the use of standard SQL for asset querying and analysis. It employs a modular plugin system for data ex - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party servi - [chainsulting/smart-contract-security-audits](https://awesome-repositories.com/repository/chainsulting-smart-contract-security-audits.md) (3 ⭐) — Smart Contract Audits (Ethereum, Hyperledger, EOS, Tezos) by a reputable company are an essential part of any smart contract development. While the rise of blockchain presents a unique opportunity to create smart contracts for digital assets, such as Utility or Security token. Smart Contract… - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. - [alfresco/prowler](https://awesome-repositories.com/repository/alfresco-prowler.md) (14,005 ⭐) — Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove - [terraform-aws-modules/terraform-aws-security-group](https://awesome-repositories.com/repository/terraform-aws-modules-terraform-aws-security-group.md) (591 ⭐) — Terraform module to create AWS Security Group resources 🇺🇦 - [aquasecurity/tfsec](https://awesome-repositories.com/repository/aquasecurity-tfsec.md) (7,013 ⭐) — tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt - [toniblyx/my-arsenal-of-aws-security-tools](https://awesome-repositories.com/repository/toniblyx-my-arsenal-of-aws-security-tools.md) (9,460 ⭐) — List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - [trufflesecurity/trufflehog](https://awesome-repositories.com/repository/trufflesecurity-trufflehog.md) (24,630 ⭐) — Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor - [flarum/core](https://awesome-repositories.com/repository/flarum-core.md) (6,729 ⭐) — This project is a self-hosted community engine and forum software designed for hosting threaded discussions. It functions as a JSON API community platform, exposing all data and functionality through a standardized interface to support a single-page application architecture. The system is built to be a multi-language discussion board with integrated localization and language pack support. The platform is defined by a modular architecture that allows for extensive customization through an extension-based plugin system. This extensibility enables the modification of core behavior, the addition - [tech-audit/smart-contract-audits](https://awesome-repositories.com/repository/tech-audit-smart-contract-audits.md) (95 ⭐) — Smart Contract security audit reports - [flarum/framework](https://awesome-repositories.com/repository/flarum-framework.md) (6,727 ⭐) — This project is a self-hosted forum software and extensible community platform designed to facilitate online discussions and member engagement. It functions as a REST API discussion engine, providing a backend that manages community interactions and forum data via a standardized JSON interface for external applications. The platform is distinguished by a modular architecture that allows for deep customization through a package-based extension system and an interface extension framework. It employs an extender-based customization model, enabling external modules to modify internal system behav - [aws-samples/aws-serverless-security-workshop](https://awesome-repositories.com/repository/aws-samples-aws-serverless-security-workshop.md) (543 ⭐) — In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: - [gentilkiwi/mimikatz](https://awesome-repositories.com/repository/gentilkiwi-mimikatz.md) (21,630 ⭐) — Mimikatz is a security research suite designed for auditing Windows authentication and managing system security configurations. It provides a comprehensive framework for extracting sensitive credentials, manipulating process privileges, and managing digital identity assets directly from system memory or offline memory dumps. The project distinguishes itself through advanced system-level exploitation techniques, including runtime process injection, API hooking, and the ability to bypass cryptographic export restrictions. It features a specialized toolkit for Kerberos protocol operations, allow - [1n3/sn1per](https://awesome-repositories.com/repository/1n3-sn1per.md) (10,049 ⭐) — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan - [daytonaio/daytona](https://awesome-repositories.com/repository/daytonaio-daytona.md) (72,416 ⭐) — Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed ac - [welldone-cloud/aws-summarize-account-activity](https://awesome-repositories.com/repository/welldone-cloud-aws-summarize-account-activity.md) (165 ⭐) — Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used. - [aws-samples/network-access-analyzer-multi-account-analysis](https://awesome-repositories.com/repository/aws-samples-network-access-analyzer-multi-account-analysis.md) (42 ⭐) — Identify all permitted data paths originating from the Internet to Network Interfaces within AWS Accounts across the entire AWS Organization. - [appsmithorg/appsmith](https://awesome-repositories.com/repository/appsmithorg-appsmith.md) (40,051 ⭐) — Appsmith is a low-code platform designed for building internal business tools, such as operational dashboards and administrative panels. It enables developers to construct dynamic user interfaces by dragging and dropping modular widgets onto a canvas and binding them directly to backend data sources. The platform utilizes a reactive framework that automatically updates interface elements and triggers functions whenever underlying data or widget properties change, eliminating the need for manual event handling. The platform distinguishes itself through a server-side proxy architecture that exe - [homebrew/brew](https://awesome-repositories.com/repository/homebrew-brew.md) (48,527 ⭐) — Homebrew is a command-line package management tool designed to automate the installation, configuration, and maintenance of software on local development environments. It functions as a cross-platform software distributor, enabling users to install tools from pre-compiled binary archives or source code without requiring administrative privileges. By managing complex dependency trees and versioning, it ensures that software remains consistent and compatible across different system architectures. The project distinguishes itself through a declarative approach to system configuration, allowing u - [awslabs/aws-security-benchmark](https://awesome-repositories.com/repository/awslabs-aws-security-benchmark.md) (620 ⭐) — Open source demos, concept and guidance related to the AWS CIS Foundation framework. - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by a