ScoutSuite
Multi-cloud security auditing: AWS, Azure, GCP, Alibaba—HTML reports highlighting misconfigurations and risky resources.
Why it is included
NCC Group open tool still used for point-in-time cloud reviews.
Best for
Consultants and internal teams needing readable cloud posture reports.
Strengths
- Multi-provider
- Report UX
- API enumeration
Limitations
- Maintenance cadence vs Prowler—compare for your cloud
Good alternatives
Prowler · CloudFox · commercial CSPM
Related tools
Security & Privacy
Prowler
Open cloud security assessment for AWS, Azure, GCP, and M365: CIS, PCI, HIPAA-style checks and compliance reports.
Security & Privacy
Pacu
Rhino Security Labs offensive AWS testing framework: modules for privilege escalation, persistence, data exfiltration, and service-specific attacks.
Security & Privacy
Cloudsplaining
Analyzes AWS IAM policies for dangerous privileges, resource exposure, and data-exfiltration patterns—outputs Markdown/HTML reports.
Security & Privacy
John the Ripper
Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.
Security & Privacy
Lynis
Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.
Security & Privacy
OpenSCAP
SCAP toolkit for compliance scanning: Oval, XCCDF, tailoring files, and remediation snippets (e.g. DISA STIG workflows).