pacu
awspx
pacu | awspx | |
---|---|---|
10 | 1 | |
4,037 | 865 | |
1.4% | 0.0% | |
8.6 | 10.0 | |
1 day ago | over 1 year ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pacu
-
De um mimo até a elevação de privilégios na Cloud
Pra isso, usei a belíssima ferramenta Pacu https://github.com/RhinoSecurityLabs/pacu.
-
Should I be afraid of aws cloud as a security analyst?
ScoutSuite and Pacu (or Lava for Azure) are great tools and it's worth learning what they can do.
-
How do I build a network on AWS to capture flow data?
Not related to your original question, but you might want to take a look at pacu for simulating attacks.
- Pacu: The Open Source AWS Exploitation Framework
-
New Tools in Kali Linux 2021.2
CloudBrute - To find company(mostly cloud hence the name) infrastructure files and arch to a certain extent Dirsearch - Yet another web app path scanner like Gobuster/Dirbuster FeroxBuster - Rust based tool to perform forced browsing(read about it on GitHub Ghidra - Binary disassembler and decompiler (alternatives are gdb and ISA) Pacu - AWS exploitation framework GitHub Pirates - Kali package tracker(maybe like yay or pacman,not too sure on that one) quark-engine - android malware analysis system here Viscose - very popular and good code editor
- 🏹 Pacu: Framework de explotación de AWS #SeguridadOfensiva
-
Conducting a vulnerability scan on an AWS VPC
We're starting to work with Pacu for AWS testing. It's a bit more targeted to exploitation than vulnerability testing. https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
- RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
awspx
-
Open-source IAM Access Visualizer
Looks similar to awspx. Always good to have more visualisation tools
What are some alternatives?
ScoutSuite - Multi-Cloud Security Auditing Tool
policy_sentry - IAM Least Privilege Policy Generator
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
AWSXenos - AWSXenos will list all the trust relationships in all the IAM roles and S3 buckets
lava - Microsoft Azure Exploitation Framework
AirIAM - Least privilege AWS IAM Terraformer
quark-engine - Dig Vulnerabilities in the BlackBox
aws-security-reference-architecture-examples - Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.
aws-well-architected-labs - Hands on labs and code to help you learn, measure, and build using architectural best practices.
introspector - A schema and set of tools for using SQL to query cloud infrastructure.