I’ve been using and collecting a list of helpful tools for AWS security. This list is about the ones that I have tried at least once and I think they are good to look at for your own benefit and most important: to make your AWS cloud environment more secure.

They are not in any specific order, I just wanted to group them somehow. I have my favorites depending on the requirements but you can also have yours once you test them.

Feel free to send a pull request for improvements or add more tools (open source only in this list) here:

New additions at https://github.com/toniblyx/my-arsenal-of-aws-security-tools

Defensive (Hardening, Security Assessment, Inventory)

Scout2 : https://github.com/nccgroup/Scout2 – Security auditing tool for AWS environments (Python)

: https://github.com/nccgroup/Scout2 – Security auditing tool for AWS environments (Python) Prowler : https://github.com/toniblyx/prowler – CIS benchmarks and additional checks for security best practices in AWS (Shell Script)

: https://github.com/toniblyx/prowler – CIS benchmarks and additional checks for security best practices in AWS (Shell Script) Scans : https://github.com/cloudsploit/scans – AWS security scanning checks (NodeJS)

: https://github.com/cloudsploit/scans – AWS security scanning checks (NodeJS) CloudMapper : https://github.com/duo-labs/cloudmapper – helps you analyze your AWS environments (Python)

: https://github.com/duo-labs/cloudmapper – helps you analyze your AWS environments (Python) CloudTracker : https://github.com/duo-labs/cloudtracker – helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python)

: https://github.com/duo-labs/cloudtracker – helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies (Python) AWS Security Benchmarks : https://github.com/awslabs/aws-security-benchmark – scrips and templates guidance related to the AWS CIS Foundation framework (Python)

: https://github.com/awslabs/aws-security-benchmark – scrips and templates guidance related to the AWS CIS Foundation framework (Python) AWS Public IPs : https://github.com/arkadiyt/aws_public_ips – Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby)

: https://github.com/arkadiyt/aws_public_ips – Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services (Ruby) PMapper : https://github.com/nccgroup/PMapper – Advanced and Automated AWS IAM Evaluation (Python)

: https://github.com/nccgroup/PMapper – Advanced and Automated AWS IAM Evaluation (Python) AWS-Inventory : https://github.com/nccgroup/aws-inventory – Make a inventory of all your resources across regions (Python)

: https://github.com/nccgroup/aws-inventory – Make a inventory of all your resources across regions (Python) Resource Counter: https://github.com/disruptops/resource-counter – Counts number of resources in categories across regions

Offensive:

weirdALL : https://github.com/carnal0wnage/weirdAAL – AWS Attack Library

: https://github.com/carnal0wnage/weirdAAL – AWS Attack Library Pacu : https://github.com/RhinoSecurityLabs/pacu – AWS penetration testing toolkit

: https://github.com/RhinoSecurityLabs/pacu – AWS penetration testing toolkit Cred Scanner : https://github.com/disruptops/cred_scanner

: https://github.com/disruptops/cred_scanner AWS PWN : https://github.com/dagrz/aws_pwn

: https://github.com/dagrz/aws_pwn Cloudfrunt : https://github.com/MindPointGroup/cloudfrunt

: https://github.com/MindPointGroup/cloudfrunt Cloudjack : https://github.com/prevade/cloudjack

: https://github.com/prevade/cloudjack Nimbostratus : https://github.com/andresriancho/nimbostratus

: https://github.com/andresriancho/nimbostratus

Continuous Security Auditing:

Security Monkey : https://github.com/Netflix/security_monkey

: https://github.com/Netflix/security_monkey Krampus (as Security Monkey complement) https://github.com/sendgrid/krampus

(as Security Monkey complement) https://github.com/sendgrid/krampus Cloud Inquisitor : https://github.com/RiotGames/cloud-inquisitor

: https://github.com/RiotGames/cloud-inquisitor CloudCustodian : https://github.com/capitalone/cloud-custodian

: https://github.com/capitalone/cloud-custodian Disable keys after X days : https://github.com/te-papa/aws-key-disabler

: https://github.com/te-papa/aws-key-disabler Repokid Least Privilege: https://github.com/Netflix/repokid

Least Privilege: https://github.com/Netflix/repokid Wazuh CloudTrail module: https://documentation.wazuh.com/current/amazon/index.html

DFIR:

AWS IR : https://github.com/ThreatResponse/aws_ir – AWS specific Incident Response and Forensics Tool

: https://github.com/ThreatResponse/aws_ir – AWS specific Incident Response and Forensics Tool Margaritashotgun : https://github.com/ThreatResponse/margaritashotgun – Linux memory remote acquisition tool

: https://github.com/ThreatResponse/margaritashotgun – Linux memory remote acquisition tool LiMEaide : https://kd8bny.github.io/LiMEaide/ – Linux memory remote acquisition tool

: https://kd8bny.github.io/LiMEaide/ – Linux memory remote acquisition tool Diffy: https://github.com/Netflix-Skunkworks/diffy – Triage tool used during cloud-centric security incidents

Development Security:

CFN NAG : https://github.com/stelligent/cfn_nag – CloudFormation security test (Ruby)

: https://github.com/stelligent/cfn_nag – CloudFormation security test (Ruby) Git-secrets : https://github.com/awslabs/git-secrets

: https://github.com/awslabs/git-secrets Repository of sample Custom Rules for AWS Config: https://github.com/awslabs/aws-config-rules

S3 Buckets Auditing:

Training:

Others: