my-arsenal-of-aws-security-tools vs iamzero

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

my-arsenal-of-aws-security-tools		iamzero
	Project
6	Mentions	4
8,692	Stars	236
-	Growth	0.0%
5.1	Activity	0.0
3 months ago	Latest Commit	about 1 year ago
Shell	Language	Go
Apache License 2.0	License	Apache License 2.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

my-arsenal-of-aws-security-tools

Posts with mentions or reviews of my-arsenal-of-aws-security-tools. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-03-06.

Open source alternative cloud security tool that works like Wiz/Lacework/Aqua
8 projects | /r/cybersecurity | 6 Mar 2023

I'm a biased vendor, but for OSS I prefer Prowler... (has a commercial tier we technically compete with but the OSS is strong and I really like the people there). Tony, who runs Prowler, also maintains an amazing list of OSS tools in multiple categories. https://github.com/toniblyx/my-arsenal-of-aws-security-tools It's hard to keep up to date but I don't know of any other list that comes close.
How to conduct security assesment of AWS?
3 projects | /r/AskNetsec | 8 Dec 2022
Using Prowler to Audit your AWS account for vulnerabilities.
2 projects | dev.to | 5 May 2022

Few days ago I came across this repository and I found Prowler(Go Star the repo).
GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
1 project | /r/purpleteamsec | 18 Jan 2022
Aws Cloud Security
1 project | /r/aws | 12 Jul 2021

Your question is lacking some context or detail, none the less here is a great repo of AWS security tools to play with: https://github.com/toniblyx/my-arsenal-of-aws-security-tools
We launched a free cloud security and compliance tool
1 project | /r/devops | 14 Jan 2021

Tons of great stuff here too: https://github.com/toniblyx/my-arsenal-of-aws-security-tools

iamzero

Posts with mentions or reviews of iamzero. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-08-11.

Is there a way to test policies without the AWS policy simulator? maybe an API or library?
2 projects | /r/aws | 11 Aug 2022
AWS IAM Recorder
2 projects | /r/aws | 12 Jan 2022

You probably want https://github.com/iann0036/iamlive or https://iamzero.dev/
IAM Zero: I built a tool which automatically suggests least-privilege IAM policies for AWS CDK infrastructure
2 projects | /r/aws | 26 Aug 2021

A few months ago I made some posts about tooling I built called IAM Zero to make least-privilege IAM policy generation easier [1] [2]. Since then, I have found a co-founder and we have been working full-time on making least-privilege policies easier with our open source tools.
IAM Zero: I released a tool which automatically suggests least-privilege IAM policies
1 project | /r/aws | 24 May 2021

The initial release has automatic least-privilege advisories for S3 and DynamoDB, and will be scaled out to support all AWS services prior to a stable release. IAM Zero currently supports applications and scripts written in Python with support for other languages coming soon. Support for generating infrastructure-as-code deployment roles and requesting roles through the AWS web console are on the roadmap.

What are some alternatives?

When comparing my-arsenal-of-aws-security-tools and iamzero you can also consider the following projects:

Android-PIN-Bruteforce - Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

stratus-red-team - :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy

MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics

aws-sso-cli - A powerful tool for using AWS Identity Center for the CLI and web console.

cfn-security - A simple GitHub Action for AWS CloudFormation static code analysis to improve infrastructure-as-code security.

SkyArk - SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

parliament - AWS IAM linting library

trailscraper - A command-line tool to get valuable information out of AWS CloudTrail

terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.