awesome-cloud-security
Cloud Security Toolkit
A curated collection of cloud security resources and tools for assessing and securing cloud environments.
🛡️ Awesome Cloud Security Resources ⚔️
2k stars
44 watching
319 forks
last commit: about 1 month ago
Linked from 1 awesome list
awsaws-securityazureazure-securitycloud-computingcloud-securitycybersecuritygcpgcp-securitysecurity
Standards / Compliances | |||
CSA STAR | |||
ISO/IEC 27017:2015 | |||
ISO/IEC 27018:2019 | |||
MTCS SS 584 | |||
Standards / Benchmarks | |||
CIS Benchmark | |||
Tools / Infrastructure | |||
aws_pwn | 1,174 | over 1 year ago | : A collection of AWS penetration testing junk |
aws_ir | 344 | over 3 years ago | : Python installable command line utility for mitigation of instance and key compromises |
aws-firewall-factory | 237 | 9 days ago | : Deploy, update, and stage your WAFs while managing them centrally via FMS |
aws-vault | 8,554 | 5 months ago | : A vault for securely storing and accessing AWS credentials in development environments |
awspx | 924 | about 2 years ago | : A graph-based tool for visualizing effective access and resource relationships within AWS |
azucar | 565 | about 2 years ago | : A security auditing tool for Azure environments |
checkov | 7,214 | 5 days ago | : A static code analysis tool for infrastructure-as-code |
cloud-forensics-utils | 467 | 7 days ago | : A python lib for DF & IR on the cloud |
Cloud-Katana | 250 | 9 months ago | : Automate the execution of simulation steps in multi-cloud and hybrid cloud environments |
cloudlist | 871 | 5 days ago | : Listing Assets from multiple Cloud Providers |
Cloud Sniper | 182 | 8 months ago | : A platform designed to manage Cloud Security Operations |
Cloudmapper | 6,017 | 5 months ago | : Analyze your AWS environments |
Cloudmarker | 219 | 4 months ago | : A cloud monitoring tool and framework |
Cloudsploit | 3,372 | 14 days ago | : Cloud security configuration checks |
CloudQuery | 5,913 | 5 days ago | : Open source cloud asset inventory with set of pre-baked SQL for security and compliance |
Cloud-custodian | 5,488 | 5 days ago | : Rules engine for cloud security, cost optimization, and governance |
consoleme | 3,153 | 5 months ago | : A Central Control Plane for AWS Permissions and Access |
cs suite | 1,145 | about 2 years ago | : Tool for auditing the security posture of AWS/GCP/Azure |
Deepfence ThreatMapper | 4,861 | 5 days ago | : Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless |
dftimewolf | 299 | 5 days ago | : A multi-cloud framework for orchestrating forensic collection, processing and data export |
diffy | 635 | 11 months ago | : Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix |
ElectricEye | 966 | 9 days ago | : Continuously monitor AWS services for configurations |
Forseti security | 1,276 | over 1 year ago | : GCP inventory monitoring and policy enforcement tool |
Hammer | 437 | over 1 year ago | : A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources |
kics | 2,117 | 9 days ago | : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code |
Matano | 1,482 | 5 months ago | : Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code |
Metabadger | 141 | 9 months ago | : Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2) |
Open policy agent | : Policy-based control tool | ||
pacbot | 1,290 | about 2 years ago | : Policy as Code Bot |
pacu | 4,422 | about 1 month ago | : The AWS exploitation framework |
PMapper | 1,436 | 5 months ago | : A tool for quickly evaluating IAM permissions in AWS |
Prowler | 10,941 | 4 days ago | : Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool |
ScoutSuite | 6,794 | 28 days ago | : Multi-cloud security auditing tool |
Security Monkey | 4,353 | almost 4 years ago | : Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time |
SkyWrapper | 104 | over 3 years ago | : Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS |
Smogcloud | 332 | over 4 years ago | : Find cloud assets that no one wants exposed |
Steampipe | 7,053 | 5 days ago | : A Postgres FDW that maps APIs to SQL, plus suites of and for AWS/Azure/GCP and many others |
Terrascan | 4,779 | 7 days ago | : Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure |
tfsec | 6,732 | 8 days ago | : Static analysis powered security scanner for Terraform code |
Zeus | 708 | almost 5 years ago | : AWS Auditing & Hardening Tool |
Tools / Container | |||
auditkube | 113 | 9 days ago | : Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security |
Falco | 7,460 | 8 days ago | : Container runtime security |
mkit | 402 | over 3 years ago | : Managed kubernetes inspection tool |
Open policy agent | : Policy-based control tool | ||
Tools / SaaS | |||
aws-allowlister | 224 | over 1 year ago | : Automatically compile an AWS Service Control Policy with your preferred compliance frameworks |
binaryalert | 1,415 | about 1 year ago | : Serverless S3 yara scanner |
cloudsplaining | 2,009 | 13 days ago | : An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report |
Cloud Guardrails | 183 | about 1 year ago | : Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives |
Function Shield | 39 | about 5 years ago | : Protection/destection lib of aws lambda and gcp function |
FestIN | 231 | about 4 years ago | : S3 bucket finder and content discover |
GCPBucketBrute | 494 | over 1 year ago | : A script to enumerate Google Storage buckets |
IAM Zero | 249 | almost 2 years ago | : Detects identity and access management issues and automatically suggests least-privilege policies |
Lambda Guard | 400 | over 2 years ago | : AWS Lambda auditing tool |
Policy Sentry | 2,028 | 13 days ago | : IAM Least Privilege Policy Generator |
S3 Inspector | : Tool to check AWS S3 bucket permissions | ||
Serverless Goat | 320 | 5 months ago | : A serverless application demonstrating common serverless security flaws |
SkyArk | 877 | about 2 years ago | : Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS |
Tools / Penetration testing/learning | |||
AWSGoat | 1,760 | about 2 months ago | : AWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations |
ccat | 595 | about 5 years ago | : Cloud Container Attack Tool |
CloudBrute | 913 | 4 months ago | : A multiple cloud enumerator |
cloudgoat | 2,991 | 11 days ago | : "Vulnerable by Design" AWS deployment tool |
Leonidas | 535 | 19 days ago | : A framework for executing attacker actions in the cloud |
Pwned Labs | : Free hosted labs for learning cloud security | ||
Sadcloud | 666 | about 1 year ago | : Tool for spinning up insecure AWS infrastructure with Terraform |
TerraGoat | 1,159 | 3 months ago | : Bridgecrew's "Vulnerable by Design" Terraform repository |
WrongSecrets | 1,246 | 6 days ago | : A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support |
Tools / Native tools / AWS | |||
Artifact | : Compliance report selfservice | ||
Audit manager | : Continuously audit for AWS usage | ||
Certificate Manager | : Private CA and certificate management service | ||
CloudTrail | : Record and log API call on AWS | ||
Config | : Configuration and resources relationship monitoring | ||
Elastic Disaster Recovery | : Application recovery service | ||
Detective | : Analyze and visualize security data and help security investigations | ||
Firewall Manager | : Firewall management service | ||
GuardDuty | : IDS service | ||
CloudHSM | : HSM service | ||
Inspector | : Vulnerability discover and assessment service | ||
KMS | : KMS service | ||
Macie | : Fully managed data security and data privacy service for S3 | ||
Network Firewall | : Network firewall service | ||
Secret Manager | : Credential management service | ||
Security Hub | : Integration service for other AWS and third-party security service | ||
Shield | : DDoS protection service | ||
Single Sign-On | : Service of centrally manage access AWS or application | ||
ThreatMapper | 4,861 | 5 days ago | : Identify vulnerabilities in running containers, images, hosts and repositories |
VPC Flowlog | : Log of network traffic | ||
WAF | : Web application firewall service | ||
Tools / Native tools / Azure | |||
Application Gateway | : L7 load balancer with optional WAF function | ||
DDoS Protection | : DDoS protection service | ||
Dedicated HSM | : HSM service | ||
Key Vault | : KMS service | ||
Monitor | : API log and monitoring related service | ||
Security Center | : Integration service for other Azure and third-party security service | ||
Sentinel | : SIEM service | ||
Tools / Native tools / GCP | |||
Access Transparency | : Transparency log and control of GCP | ||
Apigee Sense | : API security monitoring, detection, mitigation | ||
Armor | : DDoS protection and WAF service | ||
Asset Inventory | : Asset monitoring service | ||
Assured workloads | : Secure and compliant workloads | ||
Audit Logs | : API logs | ||
Binanry Authorization | : Binary authorization service for containers and serverless | ||
Cloud HSM | : HSM service | ||
Cloud IDS | : IDS service | ||
Confidential VM | : Encrypt data in use with VM | ||
Context-aware Access | : Enable zero trust access to applications and infrastructure | ||
DLP | : DLP service: | ||
EKM | : External key management service | ||
Identity-Aware Proxy | : Identity-Aware Proxy for protect the internal service | ||
KMS | : KMS service | ||
Policy Intelligence | : Detect the policy related risk | ||
Security Command Center | : Integration service for other GCP security service | ||
Security Scanner | : Application security scanner for GAE, GCE, GKE | ||
Shielded VM | : VM with secure boot and vTPM | ||
Event Threat Detection | : Threat dection service | ||
VPC Service Controls | : GCP service security perimeter control | ||
Reading Materials / AWS | |||
Overiew of AWS Security | |||
AWS-IAM-Privilege-Escalation by RhinoSecurityLabs | 901 | over 5 years ago | : A centralized source of all AWS IAM privilege escalation methods |
MITRE ATT&CK Matrices of AWS | |||
AWS security workshops | |||
ThreatModel for Amazon S3 | 151 | about 1 year ago | : Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach |
Reading Materials / Azure | |||
Overiew of Azure Security | |||
Azure security fundamentals | |||
MicroBurst by NetSPI | 2,068 | about 1 month ago | : A collection of scripts for assessing Microsoft Azure security |
MITRE ATT&CK Matrices of Azure | |||
Azure security center workflow automation | 1,717 | 6 days ago | |
Reading Materials / GCP | |||
Overiew of GCP Security | |||
GKE security scenarios demo | 94 | 4 months ago | |
MITRE ATT&CK Matrices of GCP | |||
Security response automation | 209 | over 1 year ago | |
Reading Materials / Others | |||
Cloud Security Research by RhinoSecurityLabs | 358 | over 4 years ago | |
CSA cloud security guidance v4 | |||
Appsecco provides training | 928 | about 2 years ago | |
Cloud Risk Encyclopedia by Orca Security | : 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality | ||
Free Courses | |||
AWS Security | |||
Paid Courses | |||
DevSecOps – Kubernetes DevOps & Security | |||
DevSecOps: Insecure Docker Registry | |||
Learn Cloud Security, Kubernetes, DevSecOps, and more | |||
Certified Kubernetes Security Specialist (CKS) | |||
Bootcamps | |||
On-Demand: DevSecOps: Beginner Edition Bootcamp | |||
On-Demand: Cloud Security: AWS Edition Bootcamp | |||
On-Demand: Container Security: Beginner Edition Bootcamp | |||
Trainings | |||
Attacking and Defending AWS | |||
Certifications | |||
CCSP – Certified Cloud Security Professional | |||
AWS Certified Security - Specialty | |||
Microsoft Certified: Azure Security Engineer Associate | |||
Certified Kubernetes Security Specialist (CKS) | |||
Resource / AWS | |||
Bucket search by grayhatwarfare | |||
Resource / Others | |||
Mapping of On-Premises Security Controls vs. Major Cloud Providers Services |