AWS Arsenal

Discovery:

Generate a report of all S3 buckets for an account: https://github.com/bear/s3scan

Find open S3 buckets: https://github.com/sa7mon/S3Scanner

Generate Network Diagrams: https://github.com/duo-labs/cloudmapper

Cred Scanner: https://github.com/disruptops/cred_scanner

IP finder: https://github.com/arkadiyt/aws_public_ips

Tools:

Disable Access Keys after X days; https://github.com/te-papa/aws-key-disabler

Secrets Management; https://github.com/awslabs/git-secrets

Least Privilege: https://github.com/Netflix/repokid

Resource Counter: https://github.com/disruptops/resource-counter

IAM Access Advisor: https://github.com/Netflix-Skunkworks/aardvark

Auditing & Testing:

Scout2: https://github.com/nccgroup/Scout2

Prowler: https://github.com/toniblyx/prowler

cfn-nag: https://github.com/stelligent/cfn_nag

Config Engine for Compliance As Code: https://github.com/awslabs/aws-config-engine-for-compliance-as-code

Policy changes & Insecure config: https://github.com/Netflix/security_monkey

Policy & Encryption; https://github.com/capitalone/cloud-custodian

Cloud Inquisitor; https://github.com/RiotGames/cloud-inquisitor

Privilege Escalation; https://github.com/RhinoSecurityLabs/Security-Research/tree/master/tools/aws-pentest-tools

Training:

http://flaws.cloud/

Offensive:

AWS Attack Library; https://github.com/carnal0wnage/weirdAAL/wiki