Exploitation
shimit - A tool that implements the Golden SAML attack.
365-Stealer - 365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
evilnginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
peirates - Kubernetes Penetration Testing tool.
Fuzzers
ffuf - Fast web fuzzer written in Go.
boofuzzer - A fork and successor of the Sulley Fuzzing Framework.
Recon/Enumeration
gobuster - Directory/File, DNS and VHost busting tool written in Go.
Nmap - the Network Mapper.
NimScan - Fast port scanning tool written in NIM.
RustScan - Fast scanning tool written in Rust.
Skanuvaty - DNS/Network/Port Scanner.
massscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
IAMFinder - IAMFinder enumerates and finds users and IAM roles in a target AWS account.
enumerate-iam - Enumerate the permissions associated with AWS credential set.
gowitness - A golang, web screenshot utility using Chrome Headless.
rengine - An automated reconnaissance framework for web applications.
aquatone - A tool for domain flyovers.
kiterunner - Contextual content discovery tool.
cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
BlobHunter - Find exposed data in Azure with this public blob scanner.
Cloud-Katana - A cloud native tool developed from the need to automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
CVE-2021-44228_scanner - Scanners for Jar files that may be vulnerable to CVE-2021-44228.
kube-hunter - Hunt for security weaknesses in Kubernetes clusters.
CeWL - Custom Word List Generator.
password-spraying-list-generator - A script for generating passwords for reverse-bruteforcing attacks.
patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
Resources
MicroBurst - A collection of scripts for assessing Microsoft Azure security.
aws - These are the AWS Postman collections.
CloudGoat - CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool.
tools-repo by mosesrenegade - Statically Compiled Tools that could be used in engagements.
k9s - Kubernetes CLI To Manage Your Clusters In Style!
pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
statistically likely usernames - Wordlists for creating statistically likely username lists for use in password attacks and security testing.
leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
Impacket - A collection of Python classes for working with network protocols.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF.
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices.
AriaCloud - A Docker container for remote penetration testing.
my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
commonspeak2 - Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists.
jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens.
Serverless Prey - Serverless Functions for establishing Reverse Shells to Lambda, Azure Functions, and Google Cloud Functions.
kubernetes-the-hard-way - Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.
Sliver - cross-platform adversary emulation/red team framework.
proxycannon-ng - A private botnet using multiple cloud environments for pentesters and red teamers.