AWS Arsenal
Discovery:
Generate a report of all S3 buckets for an account: https://github.com/bear/s3scan
Find open S3 buckets: https://github.com/sa7mon/S3Scanner
Generate Network Diagrams: https://github.com/duo-labs/cloudmapper
Cred Scanner: https://github.com/disruptops/cred_scanner
IP finder: https://github.com/arkadiyt/aws_public_ips
Tools:
Disable Access Keys after X days; https://github.com/te-papa/aws-key-disabler
Secrets Management; https://github.com/awslabs/git-secrets
Least Privilege: https://github.com/Netflix/repokid
Resource Counter: https://github.com/disruptops/resource-counter
IAM Access Advisor: https://github.com/Netflix-Skunkworks/aardvark
Auditing & Testing:
Scout2: https://github.com/nccgroup/Scout2
Prowler: https://github.com/toniblyx/prowler
cfn-nag: https://github.com/stelligent/cfn_nag
Config Engine for Compliance As Code: https://github.com/awslabs/aws-config-engine-for-compliance-as-code
Policy changes & Insecure config: https://github.com/Netflix/security_monkey
Policy & Encryption; https://github.com/capitalone/cloud-custodian
Cloud Inquisitor; https://github.com/RiotGames/cloud-inquisitor
Privilege Escalation; https://github.com/RhinoSecurityLabs/Security-Research/tree/master/tools/aws-pentest-tools
Training:
http://flaws.cloud/
Offensive:
AWS Attack Library; https://github.com/carnal0wnage/weirdAAL/wiki
![AWS 云上安全指南一 云安全概述二 云上安全分类三 安全模型四 安全架构最佳实践五 反思[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)