Skip to content

Resources

IP Addresses

Tool Description
UpdateCloudIPs

Enum

Tool Description
aws-recon
  • Darkbit's multi-threaded AWS inventory collection tool
cloud_enum
  • Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and GCP
  • Usage: python cloudenum.py -k keyword
cloud-service-enum
  • Cloud Services Enumeration
aws-inventory
  • Make an inventory of all your resources across regions
  • Usage:
    • $ python aws_inventory.py
    • // Select the generated JSON file when prompted
      $ firefox gui/dist/index.html
resource-counter
  • Counts number of resources in categories across regions
  • Usage: $ python count_resources.py
aws_public_ips
  • Fetch all public IP addresses tied to your AWS account
  • Usage:
    • // Uses default ~/.aws/credentials
      $ aws_public_ips -f json -s apigateway,cloudfront,ec2,elasticsearch,elb,elbv2,lightsail,rds,redshift
    • // With a custom profile
      $ AWS_PROFILE=production aws_public_ips
cloudlist
  • Obtain public assets (hostnames, IPs)

Discover Specific Services

Tool Description
S3Scan
  • Generate a report of all s3 buckets and their permissions (authenticated)
  • Usage: $ python s3scan.py [-f <format>] [-p <profile>]
iam_user_enum
  • Enumerates IAM names from a text file
dufflebag
  • Searches through public EBS snapshots for secrets that may have been accidentally left in

Exploitation

Tool Description
pacu
  • AWS penetration testing toolkit
  • Usage:
    $ python pacu.py
    pacu> import_keys <profile> // Import keys
    pacu> run <module_name> // Modules
cloudjack
  • CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations
  • Usage: $ python cloudjack.py -o json -p default
S3Scanner
  • Scan for open AWS S3 buckets and dump the contents
  • Usage:
    • $ cat names.txt
      flaws.cloud
      google-dev
      testing.microsoft.com
      yelp-production.s3-us-west-1.amazonaws.com
      github-dev:us-east-1
    • // Dump all open buckets, log both open and closed buckets to found.txt
      $ python s3scanner.py --include-closed --out-file found.txt --dump names.txt
    • // Save file listings of all open buckets to file
      $ python s3scanner.py --list names.txt
CCAT
  • Cloud Container Attack Tool (CCAT)
  • A tool for testing security of container environments (ECS, EKS, and ECR)