30 open-source projects similar to cloudsploit/scans, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Scans alternative.
ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Pacu is an exploitation framework designed for auditing and testing the security of Amazon Web Services environments. It serves as a cloud penetration testing tool and resource enumerator used to identify misconfigurations, map attack surfaces, and execute privilege escalation paths. The framework provides specialized capabilities for post-exploitation and red team operations, including establishing persistence through identity and access management backdooring. It distinguishes itself with a plugin-based module system that allows for the development of custom tasks and the orchestration of A
Enumerate the permissions associated with AWS credential set
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
Find interesting Amazon S3 Buckets by watching certificate transparency logs.
A tool for quickly evaluating IAM permissions in AWS.
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Open source demos, concept and guidance related to the AWS CIS Foundation framework.
SkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWS
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
Exphub is a CVE exploit script library and enterprise software vulnerability suite designed to verify and exploit known security flaws in server environments such as WebLogic, Struts2, Tomcat, and JBoss. It functions as a remote code execution toolkit and a web shell deployment framework for triggering unauthorized command execution and establishing persistent access on remote systems. The project includes specialized utilities for internal network reconnaissance, specifically using server-side request forgery to scan for open ports and services. It further provides mechanisms for bypassing a
Monkey is an adversary emulation platform and breach and attack simulation tool designed to test network defenses through automated lateral movement and exploit delivery. It functions as a network security testing system that evaluates security posture by attempting to propagate through vulnerabilities and extract sensitive system credentials. The platform distinguishes itself by simulating specific real-world attacker behaviors, such as ransomware encryption, cryptojacking, and the theft of browser-stored credentials and secure shell keys. It utilizes binary hash randomization to evade antiv
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
Flan is a containerized network vulnerability scanner and security auditor. It identifies open ports and service versions across a network to detect known security weaknesses and misconfigurations. The system is designed to run within isolated container environments, utilizing configuration maps to manage target lists and secrets. It includes a dedicated mechanism for archiving scan output files and security analysis data to remote S3 buckets for long-term storage. The tool generates formatted vulnerability summaries and security reports in multiple document formats for technical analysis. I
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
https://www.reddit.com/r/django/comments/87qcf4/28165thousanddjangorunningserversareexposed/ https://twitter.com/6ix7ine/status/978598496658960384?lang=en
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best tu upload web shells or any malicious file…
Tools for fingerprinting and exploiting Amazon cloud infrastructures
OSS Browser 提供类似windows资源管理器功能。用户可以很方便的浏览文件,上传下载文件,支持断点续传等。