Cloudsplaining
Analyzes AWS IAM policies for dangerous privileges, resource exposure, and data-exfiltration patterns—outputs Markdown/HTML reports.
Why it is included
Widely cited open IAM report generator complementing Prowler/Steampipe for identity-centric reviews.
Best for
IAM reviews before production rollout or during incident hardening on AWS.
Strengths
- Policy parsing depth
- Human-readable reports
- Integrates with policy files
Limitations
- AWS IAM focus only; not a full CSPM
Good alternatives
Prowler IAM checks · IAM Access Analyzer · manual review
Related tools
Security & Privacy
Pacu
Rhino Security Labs offensive AWS testing framework: modules for privilege escalation, persistence, data exfiltration, and service-specific attacks.
Security & Privacy
Prowler
Open cloud security assessment for AWS, Azure, GCP, and M365: CIS, PCI, HIPAA-style checks and compliance reports.
Security & Privacy
Cartography
Lyft’s tool to sync AWS, GCP, Azure, GitHub, and more into a Neo4j graph for attack-path and permission analysis.
Security & Privacy
ScoutSuite
Multi-cloud security auditing: AWS, Azure, GCP, Alibaba—HTML reports highlighting misconfigurations and risky resources.
Security & Privacy
HashiCorp Vault
Secrets management, encryption as a service, PKI, identity plugins, and dynamic credentials for apps and platforms.
Security & Privacy
kube-hunter
Penetration testing tool for Kubernetes clusters: active hunting modules for API exposure, services, and misconfigs.