Mapping your AWS attack surface

This page summarizes the projects mentioned and recommended in the original post on dev.to
Security steampipe SQL Appsec Fuzzer

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • steampipe-samples

    Examples, samples, snippets and scripts to use with Steampipe.

    • This query will download a list of all public IP addresses tied to the customer’s VPC.

  • ZAP

    The ZAP core project

    • Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • steampipe

    Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

    • An Organization must monitor and understand the network perimeter of their cloud estate. Resources comprising the externally facing network components of your cloud attack surface can be broadly grouped into IP addresses, hostnames, and URLs. In this blog post, we will provide step-by-step instructions for mapping the network aspects of the cloud attack surface using Steampipe.

  • dirsearch

    Web path scanner

    • Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.

  • aquatone

    Discontinued A Tool for Domain Flyovers

    • Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Osquery: An sqlite3 virtual table exposing operating system data to SQL

    14 projects | news.ycombinator.com | 25 Feb 2024

  • How to run an AWS CIS v3.0 assessment in CloudShell

    2 projects | dev.to | 8 Feb 2024

  • Scanning for AWS Security Issues with Trivy

    6 projects | news.ycombinator.com | 16 Aug 2022

  • Compliance as code for AWS

    2 projects | /r/u_steampipeio | 21 Apr 2022

  • ELT as Compliance Enabler: Running Steampipe with Matillion Data Productivity Cloud

    1 project | dev.to | 25 Apr 2024