misconfiguration

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Tfsec is now part of Trivy

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Kubernetes-native security toolkit

Windows Local Privilege Escalation Cookbook

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

⛅️🔐 Security Requirements for Yandex.Cloud configuration: IAM, network access, key management, Kubernetes, audit logs.

Plugin for YATAS that audits AWS accounts for misconfiguration and security issues

DroidSniper - Misconfigured Android Debug Bridge Scanner

Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.

A tool to find .git folder exposed due to server misconfiguration.

Fast CORS Misconfiguration Scanner

Env Breaker adalah Pemindaian dan deteksi file .env pada situs-situs target. Skrip ini membantu mengidentifikasi kemungkinan kebocoran informasi sensitif yang terkait dengan file .env

Plugin for YATAS that audits GCP projects for misconfiguration and security issues

This script automate exploit only cloud service

SecretKeeper is a tool for detecting secrets and misconfigurations on your Git repositories (Bitbucket and GitHub).

Global Misconfig Finder (web)