Cloud Audit

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation across 47 checks and 15 AWS resource types.

Scans AWS accounts for security misconfigurations across IAM, S3, EC2, VPC, RDS, Lambda, ECS, CloudTrail, GuardDuty, KMS, and more. Correlates individual findings into exploitable attack paths using 16 MITRE ATT&CK-based rules, estimates breach costs in dollar amounts per finding, and provides copy-paste CLI commands and Terraform HCL for every remediation. Includes built-in scan diff to track security drift between runs, supports multiple output formats (HTML, JSON, SARIF, Markdown), and exposes six MCP tools for AI-assisted scanning: scan_aws, get_findings, get_attack_chains, get_remediation, get_health_score, and list_checks.