Gas Town - multi-agent workspace manager

GUAC aggregates software security metadata into a high fidelity graph database.

An AWS tool to help you create a point in time assessment of your AWS account using Prowler.

Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.

Fast web fuzzer written in Go

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

A container analysis and exploitation tool for pentesters and engineers.

Paclair is a Python3 Cli tool to interact with Coreos's Clair (https://github.com/coreos/clair).

List of Awesome Asset Discovery Resources

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.

👓 ⏩ A curated list of resources about all things Cloud Run

Fast directory scanning and scraping tool

A tool to bruteforce nameservers when working with subdomain delegations to AWS.

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource

Application Security Automation

Go security checker

A tool to perform Sequential Import Chaining

Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.

The Image Recognition and Processing Backend reference architecture demonstrates how to use AWS Step Functions to orchestrate a serverless processing workflow using AWS Lambda, Amazon S3, Amazon Dy…

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Quickly Search Large DNS Datasets

Scalable fuzzing infrastructure.

Help building an adaptive and fine-grained pod security policy

Some helpful Helm Charts for pentesters

The Marinus NodeJS UI and the supporting Python analysis scripts.

Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.