Pentesting-AWS-GovCloud is an open source platform designed for penetration testing activities in the AWS GovCloud environment. The platform includes a Flask-based backend API and a React-based frontend, as well as Kubernetes configuration files for deploying the platform to multiple environments.
- Getting Started
- Architecture
- Installation
- Usage
- Troubleshooting
- Pentesting Best Practices
- Regulatory Compliance
- Contributing
- License
To get started with the platform, please refer to the Installation Guide. This guide will walk you through the steps required to deploy the platform in your AWS GovCloud environment.
- Architecture: Overview of the platform architecture, including the backend API, frontend, and Kubernetes deployment files.
- Installation: Step-by-step guide to deploying the platform in your AWS GovCloud environment.
- Usage: Instructions for using the platform, including how to run scans and generate reports.
- Troubleshooting: Solutions to common issues that may arise during platform deployment or use.
- Pentesting Best Practices: Best practices and guidelines for performing effective and ethical pentesting activities.
- Regulatory Compliance: Information on regulatory compliance requirements and how the platform can be configured to meet those requirements.
Contributions to the platform are welcome and encouraged! Please refer to the Contributing Guidelines for more information on how to contribute.
The platform is released under the MIT License. See the LICENSE file for more information.
https://aws.amazon.com/security/penetration-testing/
pentesting-aws-govcloud
├── README.md
├── LICENSE
├── docs
│ ├── architecture.md
│ ├── installation.md
│ ├── usage.md
│ ├── troubleshooting.md
│ ├── pentesting_best_practices.md
│ ├── regulatory_compliance.md
│ ├── attack_matrix.md
│ └── defend_matrix.md
├── backend
│ ├── api
│ │ ├── pentesting.py
│ │ ├── aws.py
│ │ ├── auth.py
│ │ └── config.py
│ ├── database
│ │ ├── models.py
│ │ └── database.py
│ ├── tests
│ │ ├── test_pentesting.py
│ │ ├── test_aws.py
│ │ └── test_auth.py
│ ├── config
│ │ ├── pentesting_config.yaml
│ │ ├── aws_config.yaml
│ │ └── auth_config.yaml
│ └── requirements.txt
├── frontend
│ ├── src
│ ├── public
│ ├── tests
│ ├── config
│ └── package.json
├── k8s
│ ├── cluster-config
│ ├── istio-config
│ ├── kustomization.yaml
│ ├── cert-manager-config
│ ├── monitoring_logging.yaml
│ ├── security_config.yaml
│ ├── pentesting_deployment.yaml
│ ├── aws_deployment.yaml
│ ├── auth_deployment.yaml
│ └── service.yaml
├── ci_cd_pipeline
│ ├── .travis.yml
│ ├── Jenkinsfile
│ ├── Jenkinsfile.tests
│ ├── Jenkinsfile.build
│ └── Jenkinsfile.deploy
├── data_processing
├── pentesting_tools
│ ├── metasploit
│ ├── nmap
│ ├── burp_suite
│ └── other_tools
├── pentesting_reports
│ ├── vulnerability_scans
│ ├── penetration_tests
│ ├── security_audits
│ └── other_reports
├── attack_matrix
│ ├── initial_access
│ ├── execution
│ ├── persistence
│ ├── privilege_escalation
│ ├── defense_evasion
│ ├── credential_access
│ ├── discovery
│ ├── lateral_movement
│ ├── collection
│ ├── exfiltration
│ ├── command_and_control
│ └── impact
└── defend_matrix
├── prevention
├── detection
├── response
├── adversary_tactics
├── defenders_tactics
├── techniques
├── sub-techniques
├── mitigations
└── references