Pacu can be used to test an AWS account. Setup:
- Login via the AWS cli and create/reuse a profile:
aws configure --profile $profile - Start pacu
- Import the access and secret key and other profile settings from the AWS CLI with
import_keys $profile
Unauthorized enumeration
Requires only an AWS access key and secret key.
Enumerate roles. Create a list with possible roles to check.
run iam__enum_roles --word-list /tmp/roles.txt --account-id $accountId
Enumerate users which belong to a (previously found) role. Create also a list of possible user names.
run iam__enum_users --word-list /tmp/users.txt --role-name $role --account-id $accountId
Enumerate snapshots. $keyword is something which is e.g. in a S3 bucket name.
run ebs__enum_snapshots_unauth --keyword $keyword --account-id $accountId --account-id-wordlist $accountIdWordlist
Various
To see the whole response: Select the area:
services
and then request the data from one area:
data iam
To assume a previously found role, use
assume_role arn:aws:iam::$accountID:role/$roleName
Leave a Reply
You must be logged in to post a comment.