Displaying 1 to 20 from 23 results

security_monkey - Security Monkey

  •    Python

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.Security Monkey can be extended with custom account types, custom watchers, custom auditors, and custom alerters.

policy_sentry - IAM Least Privilege Policy Generator

  •    Python

IAM Least Privilege Policy Generator. For walkthroughs and full documentation, please visit the project on ReadTheDocs.

cloudsplaining - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report

  •    Javascript

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. For full documentation, please visit the project on ReadTheDocs.

CloudQuery - Transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

  •    Go

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabling you to define security, governance, cost and compliance policies with SQL. CloudQuery comes with built-in policy packs such as: AWS CIS.

terragoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository

  •    HCL

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments

  •    Python

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more. Pacu is a fairly lightweight program, as it requires only Python3.5+ and pip3 to install a handful of Python libraries. Running install.sh will check your Python version and ensure all Python packages are up to date.

AirIAM - Least privilege AWS IAM Terraformer

  •    Python

AirIAM is an AWS IAM to least privilege Terraform execution framework. It compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform that replaces the exiting IAM management method. AirIAM was created to promote immutable and version-controlled IAM management to replace today's manual and error prone methods.

t-vault - Simplified secrets management solution

  •    Java

T-Vault is built to simplify the process of secrets management. We wanted to build an intuitive and easy to use tool that application developers can easily adopt without sacrificing their agility while still following best practices for secrets management. It uses a few open source products internally including, at its heart Hashicorp Vault. Hashicorp vault provides the core functionality of safely storing secrets at rest and access control to those secrets. T-Vault builds on that base to provide a higher-level of abstraction called Safe. Safes are logical abstractions, internally using the concept of paths within vault. T-Vault simplifies the access management to secrets by hiding away all the complexities of managing polices. A very intuitive web UI provides a nice layer of abstraction and hides all the complexities of managing paths, policies, token management, etc. T-Vault introduces two new personas, a 'Safe User' and 'Safe Administrator'. Safe admins will create Safes and grant access to individuals or a LDAP group or an application. Individuals with access to a Safe can use the web UI or API to do CRUD operations on secrets within their Safe.

cloud-security-audit - A command line security audit tool for Amazon Web Services

  •    Go

Cloud Security Audit is a command line tool that scans for vulnerabilities in your AWS Account. In easy way you will be able to identify unsecure parts of your infrastructure and prepare your AWS account for security audit. Currently Cloud Security Audit does not support any package managers, but the work is in progress.

Defensive-S3-Buckets - Defensive S3 Bucket Squating

  •    Shell

In the news everyday are stories of companies leaking data through exposed S3 buckets. One thing I noticed is that a lot of leaks are found using common S3 bucket names, so I had an epiphany in the shower one day and I invented Defensive S3 Bucket Squatting where you preregister and secure the most common S3 bucket names so that no one else can use them. This obviously wont stop your company from still having miss-configured S3 buckets but it should make it harder for bad actors to find them and exploit them.

pacbot - PacBot (Policy as Code Bot)

  •    Java

Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions. PacBot packs in powerful visualization features, it gives a simplified view of compliance and makes it easy to analyze and remediate policy violations. PacBot is more than a tool to manage cloud misconfiguration, it is a generic platform that can be used to do continuous compliance monitoring and reporting for any domain. PacBot's plugin-based data ingestion architecture allows ingesting data from multiple sources. We have built plugins to pull data from Qualys Vulnerability Assessment Platform, Bitbucket, TrendMicro Deep Security, Tripwire, Venafi Certificate Management, Redhat Satellite, Spacewalk, Active Directory and few other custom built internal solutions. We are working to open source these plugins and other tools as well. You could write rules based on data collected by these plugins to get a complete picture of your ecosystem and not just cloud misconfigurations. For example, within T-Mobile, we have implemented a policy to mark all EC2 instances with one or more severity 5 (CVSS score > 7) vulnerabilities as non-compliant.

cis-aws-foundations-baseline - InSpec profile to validate your VPC to the standards of the CIS Amazon Web Services Foundations Benchmark v1

  •    Ruby

This InSpec compliance profile implement the CIS AWS Foundations Benchmark in an automated way to provide security best-practice tests in an AWS environment. InSpec is an open-source run-time framework and rule language used to specify compliance, security, and policy requirements for testing any node in your infrastructure.

badbucket - badbucket checks your s3 bucket for common misconfigurations

  •    Go

badbucket checks your s3 bucket for common misconfigurations

krampus - The original AWS security enforcer™

  •    Python

Krampus is a security solution designed to delete and disable various AWS objects such as EC2 instances, S3 buckets, etc. It accepts a simple list of objects to action in the form of a JSON tasks file, and can be also be used as a cost-control tool. Krampus itself is designed to eliminate threats post by security issues, and does not actually decide whether something is insecure. For that we recommend Netflix's Security Monkey. Setting up Krampus is generally pretty simple and should only take a few minutes. It can be run locally from the command line or from Lambda in AWS. The process involves setting up the correct IAM permissions for Krampus to run, and using a method of your choice to populate an S3 bucket with a JSON tasks file that Krampus can understand (we like Security Monkey). The flow chart below demonstrates how we have chosen to set this up, though any method that generates a tasks file Krampus can understand should be fine.

terraform-provider-policyguru - Terraform provider for Policy Sentry (IAM least privilege generator and auditor)

  •    Go

This is the Terraform Provider for Policy Sentry - the IAM Least Privilege Policy Generator. We have Policy Sentry hosted as a REST API and this Terraform provider points to the REST API.

hammer - Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

  •    Python

Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations. This helps to protect products deployed on cloud by creating secure guardrails. Dow Jones Hammer documentation is available via GitHub Pages at https://dowjones.github.io/hammer/.

cdkgoat - CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository

  •    Python

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. It also shows how Bridgecrew can be used with the AWS CDK to provide CloudFormation template vulnerability scanning at build time, even though no CloudFormation templates exist in the source repository.

cfngoat - Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository


Cfngoat is one of Bridgecrew's "Vulnerable by Design" Infrastructure as Code repositories, a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. Cfngoat was built to enable DevSecOps design and implement a sustainable misconfiguration prevention strategy. It can be used to test a policy-as-code framework like Bridgecrew & Checkov, inline-linters, pre-commit hooks or other code scanning methods.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.