Skip to content



AWS Sec Benchmark
  • Script to evaluate your AWS account against the full CIS Amazon Web Services Foundations Benchmark 1.1
  • Usage: $ python


  • Helps gaining situational awareness in unfamiliar cloud environments and finding exploitable attack paths
  • Introducing: CloudFox
  • Multi-cloud security auditing tool
  • Permissions: SecurityAudit
  • Usage: $ python --provider aws
  • CIS benchmarks and additional checks for security best practices in AWS
  • Permissions: SecurityAudit
  • Usage: $ ./prowler -M html
  • See also aws-security-assessment-solution: an AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks
  • Auditing the security posture of AWS/GCP/Azure infrastructure
  • Permissions: SecurityAudit
  • Usage: $ python -env aws
  • Security scanning checks
  • Permissions: SecurityAudit
  • Usage:
    • // Edit the index.js file with your AWS key and secret
    • // Run a standard scan
      $ node index.js
    • // Run a compliance scan
      $ node index.js --compliance=hipaa
  • Scans accounts for violations of Least Privilege and identifies policies that can lead to Privilege Escalation, Data Exfiltration, Resource Exposure, and Infrastructure Modification
  • Obtain public assets (hostnames, IPs)

Specific Services

LambdaGuard AWS Serverless Security auditing tool designed to provide asset visibility, illustrate service dependencies, and configuration checks from a security perspective
dufflebag Searches through public EBS snapshots for secrets that may have been accidentally left in
s3_objects_check Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files
  • Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts
  • You can also refer to the companion blog post
aws-imds-packet-analyzer A tool that traces TCP interactions with the EC2 Instance Metadata Service (IMDS), assisting in identifying the processes making IMDSv1 calls on a host