Coder Social home page Coder Social logo

jcsaaddupuy / aws-enumerator Goto Github PK

View Code? Open in Web Editor NEW

This project forked from shabarkin/aws-enumerator

0.0 0.0 0.0 2.1 MB

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

License: GNU General Public License v3.0

Go 100.00%

aws-enumerator's Introduction

AWS Service Enumeration

Disclaimer

The tool is in beta stage (testing in progress), no destructive API Calls used ( read only actions ). I hope, there will be no issues with the tool. If any issues encountered, please submit the ticket.

Description

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

AWS Enumerator supports more than 600 API Calls ( reading actions Get, List, Describe etc... ), and will be extended.

The tool provides interface for result analysis. All results are saved in json files (one time "Database").

Install

If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):

go get -u github.com/shabarkin/aws-enumerator

go install -v github.com/shabarkin/aws-enumerator@latest

Basic Usage

Credentials setup

To setup credentials, you should use cred subcommand and supply credentials:

./aws-enumerator cred -aws_access_key_id AKIA***********XKU -aws_region us-west-2 -aws_secret_access_key kIm6m********************5JPF

_img/Screenshot_2021-04-10_at_14.43.51.png

_img/Screenshot_2021-04-10_at_14.45.51.png

It creates .env file, which is loaded to global variables each time you call enum subcommand.

WARNING: If you set these values AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN in global variables manually before running the tool, it will not be able to load AWS Credentials specified in .env file ( It can't overwrite global variables ).

Enumeration

To enumerate all services, you should use enum subcommand and supply all value or iam,s3,sts,rds ( no spaces between commas ), etc. ...

./aws-enumerator enum -services all

If you want to check specific services (up to 10 ):

./aws-enumerator enum -services iam,sts,rds

_img/Screenshot_2021-04-10_at_13.36.56.png

(-speed flag is optional, the default value is normal ) There are 3 options slow, normal, fast

./aws-enumerator enum -services all -speed slow

Analysis

To analyse the collected information, you should use dump subcommand: ( Use all for quick overview of available API calls )

./aws-enumerator dump -services all

_img/Screenshot_2021-04-10_at_13.56.12.png

Analyze specific services (up to 10) iam,s3,sts, etc ...

./aws-enumerator dump -services iam,s3,sts

_img/Screenshot_2021-04-10_at_14.03.16.png

To filter API calls, you should use -filter option, start typing the name of API call (GetA ...):

./aws-enumerator dump -services iam -filter GetA

_img/Screenshot_2021-04-10_at_14.06.18.png

To retrieve the result of API call, you should use -print option

./aws-enumerator dump -services iam -filter ListS -print

_img/Screenshot_2021-04-10_at_14.08.01.png

Demo Video

Pavel Shabarkin LinkedIn

aws-enumerator's People

Contributors

shabarkin avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.