Projects

Browser-based security scanner to detect exposed sensitive files on domains and IPs including Git repositories, .env files, config files, SSH keys, cloud credentials, and API endpoints. Scans 100+ dangerous paths with direct file download capability. No data uploaded to servers.

Free Infrastructure as Code security scanner for Terraform, Kubernetes, Docker, and CloudFormation files with PDF reporting. Everything runs in your browser - no data leaves your device.

Official website for Container Security Village: a community where Kubernetes and container meets security.

A lightweight CLI tool for white-box testing, focused on enumerating, listing, and auditing Kubernetes resources in Amazon EKS. Offers features such as node listing, RBAC auditing, image reporting, and advanced security checks including AWS IAM Role permissions, volume mounts, secrets, and storage configurations. Demonstrated at Black Hat Europe Arsenal 2025.

An official OWASP project - an intentionally vulnerable Google Kubernetes Engine (GKE) cluster designed for hands-on security testing and learning. Explore real-world GKE misconfigurations, GCP IAM pitfalls, and end-to-end attack chains from web app compromise to full GKE cluster takeover. Installation guide available at gkegoat.peachycloudsecurity.com.

A carefully chosen collection of cloud security-related interview questions and scenarios. This resource helps explore different areas of safeguarding cloud systems, whether you are evaluating the skills of possible applicants or preparing for a cloud security interview. Covers AWS, GCP, Azure, Kubernetes, DevSecOps, and more.

An official OWASP project - a deliberately vulnerable EKS cluster environment to explore AWS cloud-native security through hands-on attack and defense labs. Features comprehensive documentation covering container security, ECR exploitation, EKS misconfigurations, scanning, auditing, and runtime defense. Full walkthrough available at eksgoat.peachycloudsecurity.com.

An intentionally vulnerable serverless application designed for security professionals to learn AWS Lambda pentesting. Demonstrates injection vulnerabilities, SSRF, command execution, ReDoS, Python deserialization, and misconfigured IAM permissions.

An Ansible role for auditing and hardening Linux platforms (Ubuntu and CentOS) according to CIS benchmark. Covers special purpose services, logging and auditing, filesystem configuration, network security, and mandatory access control. Created as an open source contribution to Opstree.