kCTF is a Kubernetes-based infrastructure for CTF competitions. For documentation, see

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

A collection of themes for kitty terminal 😻

cloudquery transforms your cloud infrastructure into queryable SQL or Neo4j tables for easy monitoring, governance and security.

A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

AWS SDK for the Go programming language.

Multi-Cloud Security Auditing Tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

🔦 All the world's indeed a stage and we are merely players

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.

Scan for open AWS S3 buckets and dump the contents

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

🌷 Distraction-free writing in Vim

A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure