Awesome security tools

This page is part of the Awesomeness cycle, where I curate lists of projects and ideas Ι find interesting.

Not yet tried

• https://github.com/nozaq/terraform-aws-secure-baseline
• https://github.com/9rnt/poro
• https://twitter.com/liam_galvin/status/1559471247783870464?t=wTpsoGtxkGjse3SghctQYQ&s=03 (Trivy for AWS accounts)
• https://github.com/raspbernetes/k8s-security-policies # CIS Policies for OPA!
• https://github.com/chaos-mesh/chaos-mesh
• https://www.hackread.com/free-best-osint-tools-2021/
• https://github.com/inguardians/peirates
• https://github.com/awslabs/assisted-log-enabler-for-aws
• Securing your AWS landscape
• https://www.kryptoslogic.com/products/telltale/index.html Security host monitoring with a free tier

Talk to your company’s lawyers before using most of these, lol

Tried

https://github.com/brompwnie/botb

Tried to break out of some containers in the EKS clusters of VanMoof with this, but not much worked :/

https://github.com/aquasecurity/kube-bench

Benchmarking tool for the CIS recommendations matching of a K8s cluster. Somewhat useful results, but not too impressive

https://github.com/derailed/popeye

Pretty legit CLI tool (derailed has also made k9s). Findings were decent and actionable, though the RBAC seems to have been subpar somehow because it failed to list all resource types