Jump to content
Nytro

Cloud Security Tools

Recommended Posts

Cloud Security Tools

This page is a directory of open source cloud security tools I collected, organized by categories. If I've used a tool I usually publish my notes about it in its own page.

If you know a tool that is not listed here let me know!

TOOLS

aardvark

Aardvark is a multi-account AWS IAM Access Advisor API
🔗aws iam

actionhero

Action Hero is a sidecar style utility to assist with creating least privilege IAM Policies for AWS.
🔗aws iam

Adaz

🔧 Automatically deploy customizable Active Directory labs in Azure
🔗azure

AirIAM

Least privilege AWS IAM Terraformer
🔗declarative-infra terraform aws iam

aks-checklist

The AKS Checklist
🔗azure k8s

amazon-s3-find-and-forget

Amazon S3 Find and Forget is a solution to handle data erasure requests from data lakes stored on Amazon S3, for example, pursuant to the European General Data Protection Regulation (GDPR)
🔗aws

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
🔗,

automated-cloud-advisor

Automated Cloud Advisor is a extensible tool that aims at facilitating cost optimization in AWS, by collecting data for resources that are under utilized. In addition, this is a great learning tool for new DevOps/Cloud engineers that want to start automating things in AWS.
🔗aws

autovpn

Create On Demand Disposable OpenVPN Endpoints on AWS.
🔗aws

aws-auto-remediate

Open source application to instantly remediate common security issues through the use of AWS Config
🔗aws

aws-billing-slack-lambda

Simple AWS Lambda powered Slack bot that reports your AWS Costs for the current month to a channel
🔗aws

aws-iam-authenticator

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
🔗aws iam k8s

aws-lambda-api-call-recorder

A recorder of AWS API calls for Lambda functions
🔗aws

aws-recon

Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
🔗aws

aws-s3-virusscan

Antivirus for Amazon S3 buckets
🔗aws

aws-sso-credential-process

Bring AWS SSO-based credentials to the AWS SDKs until they have proper support
🔗aws

aws_exposable_resources

Resource types that can be publicly exposed on AWS
🔗aws

aws_key_triage_tool

Script to automate initial triage/enumeration on a set of aws keys in an input file.
🔗aws

capsule

Kubernetes multi-tenant Operator
🔗k8s

cdkgoat

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
🔗aws

cfngoat

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
🔗aws declarative-infra

chart-testing

CLI tool for linting and testing Helm charts
🔗k8s

cloudformation-guard

A set of tools to check AWS CloudFormation templates for policy compliance using a simple, policy-as-code, declarative syntax
🔗aws declarative-infra

cloudkeeper

Cloudkeeper - Housekeeping for Clouds
🔗,

CloudShell

Container Image for Azure Cloud Shell (https://azure.microsoft.com/en-us/features/cloud-shell/)
🔗azure containers

cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
🔗aws iam

cloudtracker

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
🔗iam

container-diff

container-diff: Diff your Docker containers
🔗docker containers

container-scan

A GitHub action to help you scan your docker image for vulnerabilities
🔗docker containers

CONVEX

CONVEX is a group of CTFs that are independently deployable into participant Azure environments.
🔗azure

copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate.
🔗aws containers

dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
🔗docker containers

dast-operator

Dynamic Application and API Security Testing
🔗,

DefendTheFlag

Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products.
🔗azure

detection-rules

Rules for Elastic Security's detection engine
🔗,

docker-slim

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
🔗docker containers

dockerfile-security

A collection of OPA rules to statically analyze Dockerfiles to improve security
🔗declarative-infra docker containers

dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
🔗docker containers

Dragonfly

Dragonfly is an intelligent P2P based image and file distribution system.
🔗,

gatekeeper

Gatekeeper - Policy Controller for Kubernetes
🔗k8s

gcp-iam-role-permissions

Exports primitive and predefined GCP IAM Roles and their permissions
🔗gcp iam

gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
🔗aws

goldpinger

Debugging tool for Kubernetes which tests and displays connectivity between nodes in the cluster.
🔗k8s

govuk-aws

The GOV.UK repository for our Migration to AWS
🔗aws

grype

A vulnerability scanner for container images and filesystems
🔗containers

helm-freeze

Freeze your charts in the wished versions
🔗k8s

http-desync-guardian

Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/spli).
🔗,

iam-policies-cli

A CLI tool for building simple to complex IAM policies
🔗iam

infracost

Cloud cost estimates for Terraform in your CLI and pull requests 💰📉
🔗terraform declarative-infra

k8s-diagrams

A collection of kubernetes-related diagrams
🔗k8s

k8s-snapshots

Automatic Volume Snapshots on Kubernetes.
🔗k8s

kconmon

A Kubernetes node connectivity monitoring tool
🔗k8s

kconnect

Kubernetes Connection Manager CLI
🔗k8s

kip

Virtual-kubelet provider running pods in cloud instances
🔗k8s

konstraint

A policy management tool for interacting with Gatekeeper
🔗,

krane

Kubernetes RBAC static Analysis & visualisation tool
🔗k8s

kube-fluentd-operator

Auto-configuration of Fluentd daemon-set based on Kubernetes metadata
🔗k8s

kube-janitor

Clean up (delete) Kubernetes resources after a configured TTL (time to live)
🔗k8s

kube-prometheus

Use Prometheus to monitor Kubernetes and applications running on Kubernetes
🔗k8s

kubectl-fuzzy

This tool uses fzf(1)-like fuzzy-finder to do partial or fuzzy search of Kubernetes resources. Instead of specifying full resource names to kubectl commands, you can choose them from an interactive list that you can filter by typing a few characters.
🔗k8s

kubectl-images

🕸 Show container images used in the cluster.
🔗k8s containers

kubefs

Mount kubernetes metadata storage as a filesystem
🔗k8s

kubei

Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:
🔗k8s

kuberhealthy

A Kubernetes operator for running synthetic checks as pods. Works great with Prometheus!
🔗k8s

kubernetes-examples

Minimal self-contained examples of standard Kubernetes features and patterns in YAML
🔗k8s

kubernetes-goat

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster.
🔗k8s

litmus

Litmus helps Kubernetes SREs and developers practice chaos engineering in a Kubernetes native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
🔗k8s

lsh

Run interactive shell commands on AWS Lambda
🔗aws

opa-image-scanner

Kubernetes Admission Controller for Image Scanning using OPA
🔗k8s declarative-infra

PowerZure

PowerShell framework to assess Azure security
🔗azure

professional-services

Common solutions and tools developed by Google Cloud's Professional Services team
🔗gcp

rego-policies

Rego policies collection
🔗,

regula

Regula checks Terraform for AWS, Azure and GCP security and CIS compliance using Open Policy Agent/Rego
🔗terraform azure gcp aws declarative-infra

rode

cloud native software supply chain ☁️🔗
🔗,

secrets-store-csi-driver-provider-azure

Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
🔗azure k8s

SFPolDevChk

Salesforce Policy Deviation Checker
🔗,

SimuLand

Cloud Templates and scripts to deploy mordor environments
🔗,

sinker

A tool to sync images from one container registry to another
🔗containers

SkyArk

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
🔗azure aws

spacesiren

A honey token manager and alert system for AWS.
🔗aws

starboard

Kubernetes-native security tool kit
🔗k8s

starboard-octant-plugin

Octant plugin for viewing Starboard security information
🔗,

stash

🛅 Backup your Kubernetes Stateful Applications
🔗k8s

Stormspotter

Azure Red Team tool for graphing Azure and Azure Active Directory objects
🔗azure

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
🔗containers

synator

Synator Kubernetes Secret and ConfigMap synchronizer
🔗k8s

talisman

By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.
🔗,

terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
🔗terraform declarative-infra

trailscraper

A command-line tool to get valuable information out of AWS CloudTrail
🔗aws

tunshell

Remote shell into ephemeral environments 🐚 🦀
🔗,

vector

High-performance, vendor-neutral observability pipelines.
🔗,

version-checker

Kubernetes utility for exposing image versions in use, compared to latest available upstream, as metrics.
🔗k8s

whalescan

Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container
🔗containers

whispers

Identify hardcoded secrets and dangerous behaviours

 

Sursa: https://cloudberry.engineering/tool/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...