Pacu can be used to test an AWS account. Setup: Unauthorized enumeration Requires only an AWS access key and secret key. Enu­mer­ate roles. Cre­ate a list with pos­si­ble roles to check. run iam__enum_roles --word-list /tmp/roles.txt --account-id $accountId Enu­mer­ate users which belong to a (pre­vi­ous­ly found) role. Cre­ate also a list of pos­si­ble user names. run iam__enum_users --word-list…