Home > Tools

Cloud Security Tools

SANS Instructors have built more than 150 open source tools that support your work and help you implement better security. Here is a list of cloud security specific ones.

Puma Scan

By Eric Johnson

Puma Scan is an open source software security analyzer for C# applications. Puma Scan provides a Visual Studio extension for scanning source code in the development environment and displaying vulnerabilities as spell check and compiler warnings.

Learn More about Puma Scan

Serverless Prey

By Eric Johnson & Brandon Evans

Serverless Prey is a collection of serverless functions (FaaS) for GCP Functions, Azure Functions, and AWS Lambda. Once launched to the environment and invoked, these functions establish a TCP reverse shell for the purposes of introspecting the container runtimes of the various function runtimes.

Learn More about Serverless Prey


By Dave Hazar

This project helps automate onboarding and scanning in Checkmarx (on-premise only) and enables the use of instance profiles with cross-account access to AWS CodeCommit repositories. This enables organizations to onboard projects without gathering and maintaining credentials for every repository. It also can allow developers to set up webhooks or triggers to kick off incremental or full scans if deployed appropriately.

Learn More about cx-scan


By ControlPlane & Andy Martin

Kubesec is security risk analysis for Kubernetes resources, as a web service or admission controller. It takes a Kubernetes pod-like resource as input, and returns a score based on the security configuration. If the configuration is too risky and the score too low, the deployment fails.

Learn More about Kubesec

Kubernetes Simulator

By ControlPlane & Andy Martin

Simulator is a Kubernetes Security Training Platform. It teaches Red and Blue teams to exploit and mitigate security vulnerabilities in a Kubernetes cluster with real-world infrastructure and configuration, leading to experience usually only found whilst attacking and maintaining production systems.

Learn More about Kubernetes Simulator


By ControlPlane & Andy Martin

This is a security testing framework for fast, safe iteration on firewall, routing, and NACL rules for Kubernetes (Network Policies, services) and non-containerized hosts (cloud provider instances, VMs, bare metal). It aggressively parallelizes nmap to test outbound network connections and ports from any accessible host, container, or Kubernetes pod by joining the same network namespace as the instance under test.

Learn More about netassert

Review Security Groups

By Ben Allen

A small set of scripts to summarize AWS Security Groups, and generate visualizations of the rules.

Learn More about Review Security Groups