awesome-cloud-security
Cloud Security Toolkit
A curated collection of cloud security resources and tools for assessing and securing cloud environments.
🛡️ Awesome Cloud Security Resources ⚔️
2k stars
44 watching
317 forks
last commit: 14 days ago
Linked from 1 awesome list
awsaws-securityazureazure-securitycloud-computingcloud-securitycybersecuritygcpgcp-securitysecurity
Standards / Compliances | |||
| CSA STAR | |||
| ISO/IEC 27017:2015 | |||
| ISO/IEC 27018:2019 | |||
| MTCS SS 584 | |||
Standards / Benchmarks | |||
| CIS Benchmark | |||
Tools / Infrastructure | |||
| aws_pwn | 1,173 | about 1 year ago | : A collection of AWS penetration testing junk |
| aws_ir | 344 | over 3 years ago | : Python installable command line utility for mitigation of instance and key compromises |
| aws-firewall-factory | 235 | 7 days ago | : Deploy, update, and stage your WAFs while managing them centrally via FMS |
| aws-vault | 8,510 | 4 months ago | : A vault for securely storing and accessing AWS credentials in development environments |
| awspx | 921 | about 2 years ago | : A graph-based tool for visualizing effective access and resource relationships within AWS |
| azucar | 562 | about 2 years ago | : A security auditing tool for Azure environments |
| checkov | 7,126 | 7 days ago | : A static code analysis tool for infrastructure-as-code |
| cloud-forensics-utils | 464 | about 1 month ago | : A python lib for DF & IR on the cloud |
| Cloud-Katana | 250 | 8 months ago | : Automate the execution of simulation steps in multi-cloud and hybrid cloud environments |
| cloudlist | 858 | 10 days ago | : Listing Assets from multiple Cloud Providers |
| Cloud Sniper | 182 | 7 months ago | : A platform designed to manage Cloud Security Operations |
| Cloudmapper | 6,003 | 4 months ago | : Analyze your AWS environments |
| Cloudmarker | 219 | 3 months ago | : A cloud monitoring tool and framework |
| Cloudsploit | 3,355 | 6 days ago | : Cloud security configuration checks |
| CloudQuery | 5,877 | 6 days ago | : Open source cloud asset inventory with set of pre-baked SQL for security and compliance |
| Cloud-custodian | 5,460 | 7 days ago | : Rules engine for cloud security, cost optimization, and governance |
| consoleme | 3,141 | 5 months ago | : A Central Control Plane for AWS Permissions and Access |
| cs suite | 1,144 | almost 2 years ago | : Tool for auditing the security posture of AWS/GCP/Azure |
| Deepfence ThreatMapper | 4,837 | 6 days ago | : Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless |
| dftimewolf | 296 | 7 days ago | : A multi-cloud framework for orchestrating forensic collection, processing and data export |
| diffy | 635 | 11 months ago | : Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix |
| ElectricEye | 959 | 11 days ago | : Continuously monitor AWS services for configurations |
| Forseti security | 1,276 | over 1 year ago | : GCP inventory monitoring and policy enforcement tool |
| Hammer | 436 | over 1 year ago | : A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources |
| kics | 2,093 | 7 days ago | : Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code |
| Matano | 1,470 | 4 months ago | : Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code |
| Metabadger | 138 | 8 months ago | : Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2) |
| Open policy agent | : Policy-based control tool | ||
| pacbot | 1,287 | almost 2 years ago | : Policy as Code Bot |
| pacu | 4,391 | 7 days ago | : The AWS exploitation framework |
| PMapper | 1,431 | 4 months ago | : A tool for quickly evaluating IAM permissions in AWS |
| Prowler | 10,839 | 6 days ago | : Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool |
| ScoutSuite | 6,730 | about 2 months ago | : Multi-cloud security auditing tool |
| Security Monkey | 4,357 | almost 4 years ago | : Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time |
| SkyWrapper | 104 | over 3 years ago | : Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS |
| Smogcloud | 332 | over 4 years ago | : Find cloud assets that no one wants exposed |
| Steampipe | 6,980 | 8 days ago | : A Postgres FDW that maps APIs to SQL, plus suites of and for AWS/Azure/GCP and many others |
| Terrascan | 4,766 | 9 days ago | : Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure |
| tfsec | 6,718 | about 2 months ago | : Static analysis powered security scanner for Terraform code |
| Zeus | 708 | almost 5 years ago | : AWS Auditing & Hardening Tool |
Tools / Container | |||
| auditkube | 111 | 11 days ago | : Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security |
| Falco | 7,394 | 10 days ago | : Container runtime security |
| mkit | 401 | about 3 years ago | : Managed kubernetes inspection tool |
| Open policy agent | : Policy-based control tool | ||
Tools / SaaS | |||
| aws-allowlister | 224 | over 1 year ago | : Automatically compile an AWS Service Control Policy with your preferred compliance frameworks |
| binaryalert | 1,409 | 11 months ago | : Serverless S3 yara scanner |
| cloudsplaining | 1,998 | 9 days ago | : An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report |
| Cloud Guardrails | 183 | about 1 year ago | : Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives |
| Function Shield | 39 | about 5 years ago | : Protection/destection lib of aws lambda and gcp function |
| FestIN | 230 | almost 4 years ago | : S3 bucket finder and content discover |
| GCPBucketBrute | 483 | over 1 year ago | : A script to enumerate Google Storage buckets |
| IAM Zero | 249 | over 1 year ago | : Detects identity and access management issues and automatically suggests least-privilege policies |
| Lambda Guard | 400 | over 2 years ago | : AWS Lambda auditing tool |
| Policy Sentry | 2,014 | 9 days ago | : IAM Least Privilege Policy Generator |
| S3 Inspector | : Tool to check AWS S3 bucket permissions | ||
| Serverless Goat | 319 | 4 months ago | : A serverless application demonstrating common serverless security flaws |
| SkyArk | 873 | about 2 years ago | : Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS |
Tools / Penetration testing/learning | |||
| AWSGoat | 1,743 | 23 days ago | : AWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations |
| ccat | 589 | about 5 years ago | : Cloud Container Attack Tool |
| CloudBrute | 871 | 4 months ago | : A multiple cloud enumerator |
| cloudgoat | 2,973 | 11 days ago | : "Vulnerable by Design" AWS deployment tool |
| Leonidas | 485 | 3 months ago | : A framework for executing attacker actions in the cloud |
| Pwned Labs | : Free hosted labs for learning cloud security | ||
| Sadcloud | 658 | about 1 year ago | : Tool for spinning up insecure AWS infrastructure with Terraform |
| TerraGoat | 1,154 | 2 months ago | : Bridgecrew's "Vulnerable by Design" Terraform repository |
| WrongSecrets | 1,233 | 6 days ago | : A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support |
Tools / Native tools / AWS | |||
| Artifact | : Compliance report selfservice | ||
| Audit manager | : Continuously audit for AWS usage | ||
| Certificate Manager | : Private CA and certificate management service | ||
| CloudTrail | : Record and log API call on AWS | ||
| Config | : Configuration and resources relationship monitoring | ||
| Elastic Disaster Recovery | : Application recovery service | ||
| Detective | : Analyze and visualize security data and help security investigations | ||
| Firewall Manager | : Firewall management service | ||
| GuardDuty | : IDS service | ||
| CloudHSM | : HSM service | ||
| Inspector | : Vulnerability discover and assessment service | ||
| KMS | : KMS service | ||
| Macie | : Fully managed data security and data privacy service for S3 | ||
| Network Firewall | : Network firewall service | ||
| Secret Manager | : Credential management service | ||
| Security Hub | : Integration service for other AWS and third-party security service | ||
| Shield | : DDoS protection service | ||
| Single Sign-On | : Service of centrally manage access AWS or application | ||
| ThreatMapper | 4,837 | 6 days ago | : Identify vulnerabilities in running containers, images, hosts and repositories |
| VPC Flowlog | : Log of network traffic | ||
| WAF | : Web application firewall service | ||
Tools / Native tools / Azure | |||
| Application Gateway | : L7 load balancer with optional WAF function | ||
| DDoS Protection | : DDoS protection service | ||
| Dedicated HSM | : HSM service | ||
| Key Vault | : KMS service | ||
| Monitor | : API log and monitoring related service | ||
| Security Center | : Integration service for other Azure and third-party security service | ||
| Sentinel | : SIEM service | ||
Tools / Native tools / GCP | |||
| Access Transparency | : Transparency log and control of GCP | ||
| Apigee Sense | : API security monitoring, detection, mitigation | ||
| Armor | : DDoS protection and WAF service | ||
| Asset Inventory | : Asset monitoring service | ||
| Assured workloads | : Secure and compliant workloads | ||
| Audit Logs | : API logs | ||
| Binanry Authorization | : Binary authorization service for containers and serverless | ||
| Cloud HSM | : HSM service | ||
| Cloud IDS | : IDS service | ||
| Confidential VM | : Encrypt data in use with VM | ||
| Context-aware Access | : Enable zero trust access to applications and infrastructure | ||
| DLP | : DLP service: | ||
| EKM | : External key management service | ||
| Identity-Aware Proxy | : Identity-Aware Proxy for protect the internal service | ||
| KMS | : KMS service | ||
| Policy Intelligence | : Detect the policy related risk | ||
| Security Command Center | : Integration service for other GCP security service | ||
| Security Scanner | : Application security scanner for GAE, GCE, GKE | ||
| Shielded VM | : VM with secure boot and vTPM | ||
| Event Threat Detection | : Threat dection service | ||
| VPC Service Controls | : GCP service security perimeter control | ||
Reading Materials / AWS | |||
| Overiew of AWS Security | |||
| AWS-IAM-Privilege-Escalation by RhinoSecurityLabs | 897 | over 5 years ago | : A centralized source of all AWS IAM privilege escalation methods |
| MITRE ATT&CK Matrices of AWS | |||
| AWS security workshops | |||
| ThreatModel for Amazon S3 | 151 | about 1 year ago | : Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach |
Reading Materials / Azure | |||
| Overiew of Azure Security | |||
| Azure security fundamentals | |||
| MicroBurst by NetSPI | 2,046 | 15 days ago | : A collection of scripts for assessing Microsoft Azure security |
| MITRE ATT&CK Matrices of Azure | |||
| Azure security center workflow automation | 1,704 | 8 days ago | |
Reading Materials / GCP | |||
| Overiew of GCP Security | |||
| GKE security scenarios demo | 94 | 3 months ago | |
| MITRE ATT&CK Matrices of GCP | |||
| Security response automation | 210 | about 1 year ago | |
Reading Materials / Others | |||
| Cloud Security Research by RhinoSecurityLabs | 355 | over 4 years ago | |
| CSA cloud security guidance v4 | |||
| Appsecco provides training | 927 | almost 2 years ago | |
| Cloud Risk Encyclopedia by Orca Security | : 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality | ||
Free Courses | |||
| AWS Security | |||
Paid Courses | |||
| DevSecOps – Kubernetes DevOps & Security | |||
| DevSecOps: Insecure Docker Registry | |||
| Learn Cloud Security, Kubernetes, DevSecOps, and more | |||
| Certified Kubernetes Security Specialist (CKS) | |||
Bootcamps | |||
| On-Demand: DevSecOps: Beginner Edition Bootcamp | |||
| On-Demand: Cloud Security: AWS Edition Bootcamp | |||
| On-Demand: Container Security: Beginner Edition Bootcamp | |||
Trainings | |||
| Attacking and Defending AWS | |||
Certifications | |||
| CCSP – Certified Cloud Security Professional | |||
| AWS Certified Security - Specialty | |||
| Microsoft Certified: Azure Security Engineer Associate | |||
| Certified Kubernetes Security Specialist (CKS) | |||
Resource / AWS | |||
| Bucket search by grayhatwarfare | |||
Resource / Others | |||
| Mapping of On-Premises Security Controls vs. Major Cloud Providers Services | |||
0x4d31/awesome-threat-detection
bishopfox/cloudfox
ydcloudsecurity/cloud-security-guides
rams3sh/aaia
fit2cloud/riskscanner
duo-labs/parliament
summitroute/aws_exposable_resources
iknowjason/ariacloud
dannysteenman/aws-toolbox
datadog/stratus-red-team