Cloud Security Python Packages

cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

cleancloud

Shift-left cloud hygiene for AWS, Azure & GCP - deterministic read-only waste detection with no agents, no telemetry, safe for regulated environments.

kosty

AWS Cost Optimization & Security Audit CLI Tool - Identify cost waste, security vulnerabilities, and compliance issues across 16 core AWS services

cloud-audit

Fast, opinionated AWS security scanner. Curated checks. Zero noise. Copy-paste fixes.

consoleme

A Central Control Plane for AWS Permissions and Access

az-rbac-watch

Azure RBAC as Code — drift detection and guardrails

terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

aws-allowlister

Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

graphids

Graph-based cloud intrusion detection using GCN, Transformer autoencoder, and contrastive learning — Scientific Reports 2025

awsxenos

AWSXenos will list all the trust relationships in all the IAM roles, S3 buckets, and more

awsssoreporting

Reports on Users/Group, Permission Sets, and Account Assignments

bedrock-keys-security

Detect phantom IAM users, decode leaked AWS Bedrock API keys, and prevent LLMjacking. CLI + SCPs + SIEM detection rules.

threatmap

IaC threat modeler with STRIDE, MITRE ATT&CK, and PASTA frameworks. REST API, GraphQL, and Docker support for Terraform, CloudFormation, and Kubernetes.

metabadger

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).

pasu

Cloud IAM security guard — scan AWS IAM policies for risks in seconds

ciph

Fast, streaming file encryption for large media files and cloud uploads using modern cryptography.

secure-ec2

CLI tool that helps you to provision EC2 instances securely

scope-forensics

Scope is an open source cloud forensic tool to conduct rapid incident response in Amazon Web Services (AWS).

varc

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

cloudsecure

CLI for the CloudSecure AWS Security Assessment Platform

cloudvault4

AWS S3 bucket scanner | Find exposed S3 buckets, Azure Blob & Google Cloud Storage | Cloud security scanner tool | Bucket enumeration & vulnerability detection

cloudmarker

Cloudmarker - Cloud security monitoring framework.

awscli-plugin-credential-mfa

awscli plugin enabling automatic usage of mfa token