30 open-source projects similar to awslabs/aws-security-benchmark, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Aws Security Benchmark alternative.
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Cloud Security Posture Management (CSPM)
SkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWS
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul
A tool for quickly evaluating IAM permissions in AWS.
Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
Kube-hunter is a security scanner and vulnerability hunter for Kubernetes clusters. It operates as a cloud-native penetration tool designed to identify security weaknesses, infrastructure misconfigurations, and exploitable gaps by simulating attacker techniques. The tool distinguishes itself through a dual-mode scanning engine that executes both remote external probes and internal network scans. It features identity-based impersonation, allowing it to use service account tokens and pod identities to simulate security access from specific cluster roles and determine the potential blast radius
kube-bench is a Kubernetes security benchmark scanner and configuration auditor. It verifies if a cluster adheres to the Center for Internet Security standards and other hardening guides to identify security misconfigurations and vulnerabilities. The tool operates as a containerized security scanner, utilizing host namespaces to analyze nodes and control plane components without requiring the installation of binaries directly on the host. It supports multiple Kubernetes distributions, applying environment-specific benchmarks to ensure auditing accuracy for managed services. The project cover
OSS Browser 提供类似windows资源管理器功能。用户可以很方便的浏览文件,上传下载文件,支持断点续传等。
A simple library to generate IAM policy statements with no need to remember all the actions APIs
CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
CDK is a specialized toolset for container security auditing, container escape exploitation, and cloud infrastructure pentesting. It provides a collection of scripts and tools designed to identify and exploit vulnerabilities in container runtimes to break out of isolated environments and execute commands on the underlying host operating system. The project features a dedicated Docker runtime exploit suite for abusing the Docker API, procfs, and cgroups to gain unauthorized host-level access. It includes specific techniques for bypassing isolation via LXCFS, user namespace exploitation, and ho
问脉已接入 openai, 可以使用 openai 对扫描的结果进行人性化分析,让您更加清晰的了解本次扫描发现了哪些风险。
1. The ADTimeline PowerShell script 1. Description 2. Prerequisites 3. Usage 4. Files generated 5. Custom groups 2. The ADTimeline App for Splunk 1. Description 2. Sourcetypes 3. AD General information dashboards 4. AD threat hunting dashboards 5. Enhance your traditional event logs threat…
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.