iam-vulnerable
IAM playground
A tool to create a vulnerable AWS IAM configuration playground
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
479 stars
18 watching
84 forks
Language: HCL
last commit: 10 months ago
Linked from 2 awesome lists
teamssix/awesome-cloud-security
vavkamil/awesome-vulnerable-appsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 tenable/kaimonkey | A toolset providing vulnerable cloud infrastructure as code to analyze and secure infrastructure-as-code threats | 96 |
 rhinosecuritylabs/aws-iam-privilege-escalation | A collection of research and documentation on methods for exploiting weaknesses in AWS IAM to gain unauthorized access | 897 |
 bridgecrewio/airiam | Automates least privilege AWS IAM configuration management by detecting and replacing unnecessary resources with Terraform models | 776 |
 salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 1,998 |
 awslabs/aws-iam-generator | Automates AWS IAM user and group creation based on configuration files. | 240 |
 aif4thah/vulnerablelightapp | A vulnerable backend application designed to be hacked and used for educational purposes | 28 |
 0ang3el/aem-hacker | Automated vulnerability scanning toolset for Adobe Experience Manager web applications. | 765 |
 wickett/lambhack | A vulnerable serverless application in AWS Lambda demonstrating various security vulnerabilities | 94 |
 avishayil/caponeme | A proof-of-concept vulnerable web application demonstrating the Capital One breach on an AWS account. | 241 |
| salesforce/terraform-provider-policyguru | Generates and manages least privilege IAM policies using an external audit service | 30 |
 flosell/iam-policy-json-to-terraform | Converts an IAM Policy in JSON format into a Terraform aws_iam_policy_document | 780 |
 qazbnm456/vwgen | Automates the creation of vulnerable web applications for testing and security research purposes. | 84 |
| rhinosecuritylabs/gcp-iam-privilege-escalation | A collection of GCP IAM privilege escalation methods and their associated tools | 343 |
| bishopfox/cloudfox | An open-source tool to help penetration testers gather information about cloud environments and identify potential vulnerabilities. | 1,953 |
| bishopfox/smogcloud | Automatically identifies and monitors cloud assets exposed to the internet without authorization | 332 |