misconfiguration

There are 7 repositories under misconfiguration topic.

• aquasecurity / trivy

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  containersdevsecopsdockergogolanghacktoberfestiacinfrastructure-as-codekubernetesmisconfigurationsecuritysecurity-toolsvulnerabilityvulnerability-detectionvulnerability-scanners
  Language:Go 29734
• tfsec

  aquasecurity / tfsec

  Tfsec is now part of Trivy

  awsazurecicompliancedevopsdevsecopsdigitaloceangogoogle-cloud-platformhacktoberfestinfrastructure-as-codelintermisconfigurationscannersecuritystatic-analysisterraformterraform-securityvulnerability-scanners
  Language:Go 6914
• SUDO_KILLER

  TH3xACE / SUDO_KILLER

  A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

  sudo-exploitationabuse-sudoctfexploitscvepentestpentest-toolprivilege-escalationsudolinux-exploitsmisconfigurationoscposcp-toolsoscp-journeyoscp-prep
  Language:Shell 2389

• aquasecurity / trivy-operator

  Kubernetes-native security toolkit

  cloud-nativegolangkubernetesmisconfigurationoctoberfestoperatorsecuritysecurity-toolsvulnerability-detectionvulnerability-scanners
  Language:Go 1671

• nickvourd / Windows-Local-Privilege-Escalation-Cookbook

  Windows Local Privilege Escalation Cookbook

  cheatsheetlocal-administrationlocal-privilege-escalationoscposcp-preposepprivilege-escalationwindowsosep-prepadministratoradministrator-privilegescmdmicrosoftpowershellcookbooklpeeoplabmisconfigurationlab-automation
  Language:PowerShell 1207

• firefart / stunner

  Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

  exploitmisconfigurationsecuritystuntestingtoolturnwebrtc
  Language:Go 831

• aquasecurity / chain-bench

  An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  devsecopssoftware-supply-chainsoftware-supply-chain-securitysecurityvulneragocisgolangmisconfigurationopen-policy-agentsecurity-tools
  Language:Go 758

• b3rito / yotter

  yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

  reconsubdomainssubdomainsbrutesubdomain-brutescannerportscannerportscaninformation-gatheringdnslinuxmisconfigurationdirectorybruteforcebruteforce-attacks
  Language:Shell 125

• fatihtokus / scan2html

  A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

  cloudmisconfigurationopensourcereportsbomscansecuritytrivyvulnerabilitycontainersdevopsdevsecopsiacsecopsvulnerability-managementcisacisa-kevepss
  Language:HTML 116

• Vinum-Security / yandex-cloud-security

  ⛅️🔐 Security Requirements for Yandex.Cloud configuration: IAM, network access, key management, Kubernetes, audit logs.

  cloudmisconfigurationsecurityyandex-cloud
  40

• padok-team / yatas-aws

  Plugin for YATAS that audits AWS accounts for misconfiguration and security issues

  awsyatasaudithardeningmisconfigurationsecurity
  Language:Go 14

• K3ysTr0K3R / DroidSniper

  DroidSniper - Misconfigured Android Debug Bridge Scanner

  accessandroidandroid-debug-bridgedevicesmisconfigurationmisconfigurationsreconreconnaissanceremote-code-executionscannerunauthenticated
  Language:Python 13

• Kloudle / aws-iam-large-account-security

  Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.

  awscloud-securitycspmiamidentity-access-managementmisconfigurationsecurity-automationsecurity-scanner
  7

• root4031 / cors_scanner

  Fast CORS Misconfiguration Scanner

  corsmisconfigurationbugbountyhackingpentesting
  Language:Shell 7

• 4lch3mis7 / XGiF

  A tool to find .git folder exposed due to server misconfiguration.

  bugbountybugbounty-toolxgifxposedgitfinderexposed-git-finderxgif-pythonhacking-toolshacking-toolgogolangmisconfigurationserver-misconfiguration
  Language:Go 5

• sicpa-foundations / secretKeeper

  SecretKeeper is a tool for detecting secrets and misconfigurations on your Git repositories (Bitbucket and GitHub).

  bitbucketgithubgitleakshashicorp-vaultmisconfigurationsecrets-scanner
  Language:Python 4

• cehuda1 / env-breaker

  Env Breaker adalah Pemindaian dan deteksi file .env pada situs-situs target. Skrip ini membantu mengidentifikasi kemungkinan kebocoran informasi sensitif yang terkait dengan file .env

  misconfigurationscannervulnerability
  Language:PHP 3

• padok-team / yatas-gcp

  Plugin for YATAS that audits GCP projects for misconfiguration and security issues

  auditgcphardeningmisconfigurationsecurityyatas
  Language:Go 3

• Rozan312 / Cloud-Service-Hunting

  This script automate exploit only cloud service

  cloudsecuritybugbountycloudexploitmisconfigurationautmate
  Language:Python 3

• secshubhamsharma / FireSploit

  FireSploit is a powerful tool for ethical hackers, developers, and security researchers. It helps find and fix misconfigured Firebase databases that are exposing sensitive data to the public. By scanning for open read/write access, it helps you secure your applications and prevent data breaches.

  bugbounty-toolcybersecurityfirebasemisconfiguration
  Language:Python 3

• Archive-Puma / nucleo

  ⚛️ nucleo is a script that checks common vulnerabilities and security misconfigurations, strongly inspired by nuclei.

  nucleinucleocheckermisconfigurationpentesting
  Language:Shell 2

• codershiyar / WinPrivilegeEscalation

  This repository provides easy-to-follow methods for gaining admin rights (privilege escalation) on Windows 10, 11, and newer systems. Learn how to identify and exploit misconfigurations, weak permissions, and common security flaws to escalate user privileges. Perfect for ethical hackers, penetration testers, and security researchers looking to test

  admin-rightsbypass-admin-rightsescalate-privilagesescalationethical-hackingexploit-developmentmisconfigurationpenetration-testingprivilege-escalationprivilege-escalation-toolsecurity-researchvulnerability-exploitationwindows-10windows-privilege-escalationwindows-security
  Language:HTML 2

• Elymaro / mailynx

  Bash script to detect SPF, DKIM, and DMARC issues that expose domains to spoofing

  auditdkimdnsmailmisconfigurationpentestspfspoofing
  Language:Shell 2

• fagci / gmf

  Global Misconfig Finder (web)

  misconfigurationdirectory-traversalhacking-toolwebserver-securityappsecnetstalking
  Language:Python 2

• ShackWove / NetGun

  NetGun is a free and open source tool for port scanning, services enumeration, misconfigurations testing and CVE research. This is only for testing, official repository: https://github.com/MyCr4ck/NetGun_Classe03

  cve-searchguimisconfigurationport-scannersecuritysecurity-tools
  Language:HTML 2

• ibrahmsql / CloudVault

  AWS S3 bucket scanner | Find exposed S3 buckets, Azure Blob & Google Cloud Storage | Cloud security scanner tool | Bucket enumeration & vulnerability detection

  bucket-scannercloud-securityvulnerability-scanneraws-s3-scannerautomationawsazurebug-bountycybersecuritydevsecopsethical-hackinggoogle-cloudmisconfigurationosintpenetration-testingreconnaissancethreat-hunting
  Language:Python 1

• killukeren / Hosti

  Automation tools untuk mendeteksi celah misconfig Host Header injection

  automationcybersecurity-toolsexploitationmisconfigurationpython3pentestpentesting
  Language:Python 1

• gsscoder / configinsights

  Azure services configuration analyzer

  analyitcsazureconfigurationmisconfiguration
  Language:C# 0

• javelinsoft / CORS-Misconfiguration-test

  CORS Misconfiguration Test

  corsmisconfigurationowasppentest
  Language:HTML 0

• ace-83 / simple-wp-checker

  simple wordpress checker

  misconfigurationwp
  Language:Python

• AWS-Security-Portfolio / s3-security

  Securing S3 buckets: Test public access, apply policies and encryption, and detect misconfigurations with AWS Trusted Advisor. Includes screenshots, policy examples, and clear documentation.

  awsbucket-policycloud-securityencryptionmisconfigurationpublic-accesss3trusted-advisor

• covertlabsaus / S3eker

  A Firebase security scanner that checks for common misconfigurations in Auth, RTDB, Firestore, and Storage, reporting risks in a clear JSON format.

  auditbug-bountycloud-storagefirebasefirestoregcpgoogle-cloudinfoseciosmisconfigurationosintpentestplistrtdbscannersecurity
  Language:Go

• dafneb / MiCloudPurple

  Microsoft Cloud Purple tool

  azureblue-teamentra-identraidm365microsoftmisconfigurationmisconfiguration-detectionoffice365pentestingpurple-teamred-teamcloud
  Language:Python

• MottaSec / Argus-AD

  Argus-AD is a comprehensive Active Directory security assessment tool designed for SYSADMINs and IT Admins to identify misconfigurations, privilege escalation paths, lateral movement opportunities, and hybrid identity issues in their Active Directory environments.

  active-directoryactive-directory-exploitationactive-directory-integrationactive-directory-securityargusauditingblue-teamcybersecurityhybridinfosecmisconfigurationpentestingprivilege-escalationreconred-teamsecuritysysadmin-toolargus-ad
  Language:PowerShell

• UsamaMatrix / cloud-exploit-framework

  ⚠️ Description only - code is confidential. Automates cloud security assessments for AWS, Azure, and GCP to detect misconfigurations and perform controlled exploitation.

  awsazurecloud-auditcloud-securitycybersecuritydevsecopsgcpmisconfigurationpenetration-testing