AWS Tools

Defensive:

Scout2: https://github.com/nccgroup/Scout2 – Security auditing tool for AWS environments (Python)

Prowler: https://github.com/toniblyx/prowler – CIS benchmarks and additional checks for security best practices in AWS (Shell Script)

CloudSploit: https://github.com/cloudsploit/scans – AWS security scanning checks (NodeJS)

CloudMapper: https://github.com/duo-labs/cloudmapper – helps you analyze your AWS environments (Python)

CloudTracker: https://github.com/duo-labs/cloudtracker – helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)

AWS Security Benchmarks: https://github.com/awslabs/aws-security-benchmark – scrips and templates guidance related to the AWS CIS Foundation framework (Python)

AWS Public IPs: https://github.com/arkadiyt/awspublicips – Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)

PMapper: https://github.com/nccgroup/PMapper – Advanced and Automated AWS IAM Evaluation (Python)

AWS-Inventory: https://github.com/nccgroup/aws-inventory – Make a inventory of all your resources across regions (Python)

Resource Counter: https://github.com/disruptops/resource-counter – Counts number of resources in categories across regions

Offensive:

weirdALL: https://github.com/carnal0wnage/weirdAAL – AWS Attack Library

Pacu: https://github.com/RhinoSecurityLabs/pacu – AWS penetration testing toolkit

Cred Scanner: https://github.com/disruptops/cred_scanner

AWS PWN: https://github.com/dagrz/aws_pwn

Cloudfrunt: https://github.com/MindPointGroup/cloudfrunt

Cloudjack: https://github.com/prevade/cloudjack

Nimbostratus: https://github.com/andresriancho/nimbostratus

Auditing & Monitoring:

Continuous Security Auditing:

Security Monkey: https://github.com/Netflix/security_monkey

Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus

Cloud Inquisitor: https://github.com/RiotGames/cloud-inquisitor

CloudCustodian: https://github.com/capitalone/cloud-custodian

Disable keys after X days: https://github.com/te-papa/aws-key-disabler

Repokid Least Privilege: https://github.com/Netflix/repokid

Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html

Hammer: https://github.com/dowjones/hammer

Streamalert: https://github.com/airbnb/streamalert

Billing Alerts CFN templates: https://github.com/btkrausen/AWS/tree/master/CloudFormation/Billing%20Alerts