Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Fl…

GATOR - GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments

Tools and blogs I use to perform GCP red teams

Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)

Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic

Azure Security Resources and Notes

Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.

AzureGoat : A Damn Vulnerable Azure Infrastructure

GCPGoat : A Damn Vulnerable GCP Infrastructure

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Multi-Cloud Security Auditing Tool

A tool for quickly evaluating IAM permissions in AWS.

This repo contains IOC, malware and malware analysis associated with Public cloud

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

A Azure Exploitation Toolkit for Red Team & Pentesters

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps C…

Awesome cloud enumerator

Scan for misconfigured S3 buckets across S3-compatible APIs!

A blazing fast & feature rich Amazon S3 bucket enumerator.

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

AWS IAM Username Enumerator and Password Spraying Tool in Python3

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.