cognito-scanner
Cognito scanner
A tool for testing and exploiting weaknesses in AWS Cognito user authentication systems.
A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation
101 stars
2 watching
3 forks
Language: Python
last commit: 11 months ago
Linked from 1 awesome list
auditcognitocybersecurityscannersecurity-tools
sbilly/awesome-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 ncoblentz/burpmontoyacognito | A Java plugin for analyzing AWS Cognito requests and responses to identify potential vulnerabilities and exploit known issues | 7 |
 capless/warrant | A Python library for working with AWS Cognito user pools and supporting SRP authentication. | 471 |
 aws-samples/amazon-cognito-developer-authentication-sample | Demonstrates developer-authenticated functionality of Amazon Cognito | 99 |
 andresriancho/nimbostratus | Tools to discover vulnerabilities in Amazon cloud infrastructure | 448 |
 edoardottt/cariddi | A tool for crawling and scanning websites for sensitive information such as endpoints, secrets, and tokens. | 1,551 |
 govtech-csg/paddingoraclehunter | An extension for Burp Suite to identify and exploit padding oracle vulnerabilities in cryptographic protocols. | 14 |
 ekultek/zeus-scanner | An advanced reconnaissance utility designed to simplify web application reconnaissance | 964 |
 cyberark/kubiscan | Automates the identification of risky permissions in Kubernetes clusters. | 1,329 |
 mostaphabahadou/postenum | Automates system information gathering after gaining access to a Linux system. | 281 |
 woj-ciech/kamerka-gui | A tool designed to gather and analyze information about industrial control systems and other Internet of Things devices. | 724 |
 rahulpsd18/cognito-backup-restore | A tool for backing up and restoring AWS Cognito User Pools | 197 |
 shivangx01b/corsme | A tool to scan web applications for Cross-Origin Resource Sharing (CORS) misconfigurations. | 169 |
 wafinfo/cobaltstrike | A plugin for Cobalt Strike that automates various tasks such as domain lookup, information gathering, and internal network scanning. | 179 |
| edoardottt/csprecon | Tools for discovering new target domains using Content Security Policy | 385 |
 tcosolutions/betterscan | A toolchain that scans source code and infrastructure IaC for security risks and provides a unified report. | 831 |