Pull secrets from an AWS environment

The Serverless Blind XSS App

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Automated Mass Exploiter

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Cloud-related research releases from the Rhino Security Labs team.

Advisories, proof of concept files and exploits that have been made public by @pedrib.

Lesser Known Web Attack Lab

A utility to convert your AWS CLI credentials into AWS console access.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python Fire is a library for automatically generating command line interfaces (CLIs) from absolutely any Python object.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Chaos Injection library for AWS Lambda

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool