-
- Current Site
Security Training- Choose a different site Help
Security Certification
Internet Storm Center
College Cybersecurity Programs
Security Awareness Training
Blue Team Operations
Forensics & Incident Response
Offensive Operations
Industrial Control Systems
Cloud Security
Cybersecurity Leadership
Government Private Training
Home > Tools
Cloud Security Tools
SANS Instructors have built more than 150 open source tools that support your work and help you implement better security. Here is a list of cloud security specific ones.
Puma Scan
By Eric Johnson
Puma Scan is an open source software security analyzer for C# applications. Puma Scan provides a Visual Studio extension for scanning source code in the development environment and displaying vulnerabilities as spell check and compiler warnings.
Serverless Prey
By Eric Johnson & Brandon Evans
Serverless Prey is a collection of serverless functions (FaaS) for GCP Functions, Azure Functions, and AWS Lambda. Once launched to the environment and invoked, these functions establish a TCP reverse shell for the purposes of introspecting the container runtimes of the various function runtimes.
Learn More about Serverless Prey
cx-scan
By Dave Hazar
This project helps automate onboarding and scanning in Checkmarx (on-premise only) and enables the use of instance profiles with cross-account access to AWS CodeCommit repositories. This enables organizations to onboard projects without gathering and maintaining credentials for every repository. It also can allow developers to set up webhooks or triggers to kick off incremental or full scans if deployed appropriately.
Kubesec
By ControlPlane & Andy Martin
Kubesec is security risk analysis for Kubernetes resources, as a web service or admission controller. It takes a Kubernetes pod-like resource as input, and returns a score based on the security configuration. If the configuration is too risky and the score too low, the deployment fails.
Kubernetes Simulator
By ControlPlane & Andy Martin
Simulator is a Kubernetes Security Training Platform. It teaches Red and Blue teams to exploit and mitigate security vulnerabilities in a Kubernetes cluster with real-world infrastructure and configuration, leading to experience usually only found whilst attacking and maintaining production systems.
Learn More about Kubernetes Simulator
netassert
By ControlPlane & Andy Martin
This is a security testing framework for fast, safe iteration on firewall, routing, and NACL rules for Kubernetes (Network Policies, services) and non-containerized hosts (cloud provider instances, VMs, bare metal). It aggressively parallelizes nmap to test outbound network connections and ports from any accessible host, container, or Kubernetes pod by joining the same network namespace as the instance under test.
Review Security Groups
By Ben Allen
A small set of scripts to summarize AWS Security Groups, and generate visualizations of the rules.
