iam-vulnerable
IAM playground
A tool to create a vulnerable AWS IAM configuration playground
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
482 stars
18 watching
85 forks
Language: HCL
last commit: 12 months ago
Linked from 2 awesome lists
teamssix/awesome-cloud-security
vavkamil/awesome-vulnerable-appsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 tenable/kaimonkey | A toolset providing vulnerable cloud infrastructure as code to analyze and secure infrastructure-as-code threats | 96 |
 rhinosecuritylabs/aws-iam-privilege-escalation | A collection of research and documentation on methods for exploiting weaknesses in AWS IAM to gain unauthorized access | 901 |
 bridgecrewio/airiam | Automates removal of unnecessary AWS IAM resources and generates least privilege Terraform configurations. | 778 |
 salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 2,009 |
 awslabs/aws-iam-generator | Automates AWS IAM user and group creation based on configuration files. | 241 |
 aif4thah/vulnerablelightapp | An educational API project designed to demonstrate various vulnerabilities and security flaws in a web application. | 32 |
 0ang3el/aem-hacker | Automated vulnerability scanning toolset for Adobe Experience Manager web applications. | 774 |
 wickett/lambhack | A vulnerable serverless application in AWS Lambda demonstrating various security vulnerabilities | 94 |
 avishayil/caponeme | A proof-of-concept vulnerable web application demonstrating the Capital One breach on an AWS account. | 241 |
| salesforce/terraform-provider-policyguru | Generates and manages least privilege IAM policies using an external audit service | 29 |
 flosell/iam-policy-json-to-terraform | Converts an IAM Policy in JSON format into a Terraform aws_iam_policy_document | 781 |
 qazbnm456/vwgen | Automates the creation of vulnerable web applications for testing and security research purposes. | 84 |
| rhinosecuritylabs/gcp-iam-privilege-escalation | A collection of GCP IAM privilege escalation methods and their associated tools | 351 |
| bishopfox/cloudfox | An open-source tool to help penetration testers gather information about cloud environments and identify potential vulnerabilities. | 1,983 |
| bishopfox/smogcloud | Automatically identifies and monitors cloud assets exposed to the internet without authorization | 332 |