GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → shabarkin → aws-enumerator

shabarkin / aws-enumerator

Licence: GPL-3.0 License
The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

awssecuritysecurity-auditcloudhackingsecurity-tools

Projects that are alternatives of or similar to aws-enumerator

Spydan
A web spider for shodan.io without using the Developer API.
Stars: ✭ 30 (-68.09%)
Mutual labels:  security-audit
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-74.47%)
Mutual labels:  security-audit
LightVerifier
Simple and scalable Linux tools for verifying TPM-based remote attestations 🔬⚖️🔐⛓📏📜
Stars: ✭ 18 (-80.85%)
Mutual labels:  security-audit
RockYou2021.txt
RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!
Stars: ✭ 288 (+206.38%)
Mutual labels:  security-audit
CIS-Ubuntu-20.04-Ansible
Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
Stars: ✭ 150 (+59.57%)
Mutual labels:  security-audit
cnitch
Container Snitch checks running processes under the Docker Engine and alerts if any are found to be running as root
Stars: ✭ 68 (-27.66%)
Mutual labels:  security-audit
docker-wallarm-node
⚡️ Docker official image for Wallarm Node. API security platform agent.
Stars: ✭ 18 (-80.85%)
Mutual labels:  security-audit
KInspector
KInspector is an application for analyzing health, performance and security of your Kentico solution.
Stars: ✭ 54 (-42.55%)
Mutual labels:  security-audit
kcare-uchecker
A simple tool to detect outdated shared libraries
Stars: ✭ 174 (+85.11%)
Mutual labels:  security-audit
dependency-check-py
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (-53.19%)
Mutual labels:  security-audit
ehids
A Linux Host-based Intrusion Detection System based on eBPF.
Stars: ✭ 210 (+123.4%)
Mutual labels:  security-audit
clair-cicd
Making CoreOS' Clair easily work in CI/CD pipelines
Stars: ✭ 27 (-71.28%)
Mutual labels:  security-audit
cpan-audit
Check CPAN modules for known security vulnerabilities
Stars: ✭ 27 (-71.28%)
Mutual labels:  security-audit
Logmira
Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.
Stars: ✭ 46 (-51.06%)
Mutual labels:  security-audit
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-61.7%)
Mutual labels:  security-audit
MailRipV3
SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-70.21%)
Mutual labels:  security-audit
pci
Packet communication investigator
Stars: ✭ 82 (-12.77%)
Mutual labels:  security-audit
gcp-firewall-enforcer
A toolbox to enforce firewall rules across multiple GCP projects.
Stars: ✭ 77 (-18.09%)
Mutual labels:  security-audit
Security4Delphi
Enables and use of the concept of security in your Delphi applications
Stars: ✭ 39 (-58.51%)
Mutual labels:  security-audit
pentesting-multitool
Different utility scripts for pentesting and hacking.
Stars: ✭ 39 (-58.51%)
Mutual labels:  security-audit
View All Similar Projects ➔

AWS Service Enumeration

Disclaimer

The tool is in beta stage (testing in progress), no destructive API Calls used ( read only actions ). I hope, there will be no issues with the tool. If any issues encountered, please submit the ticket.

Description

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

AWS Enumerator supports more than 600 API Calls ( reading actions Get, List, Describe etc... ), and will be extended.

The tool provides interface for result analysis. All results are saved in json files (one time "Database").

Install

If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):

go get -u github.com/shabarkin/aws-enumerator

Basic Usage

Credentials setup

To setup credentials, you should use cred subcommand and supply credentials:

./aws-enumerator cred -aws_access_key_id AKIA***********XKU -aws_region us-west-2 -aws_secret_access_key kIm6m********************5JPF

_img/Screenshot_2021-04-10_at_14.43.51.png

_img/Screenshot_2021-04-10_at_14.45.51.png

It creates .env file, which is loaded to global variables each time you call enum subcommand.

WARNING: If you set these values AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN in global variables manually before running the tool, it will not be able to load AWS Credentials specified in .env file ( It can't overwrite global variables ).

Enumeration

To enumerate all services, you should use enum subcommand and supply all value or iam,s3,sts,rds ( no spaces between commas ), etc. ...

./aws-enumerator enum -services all

If you want to check specific services (up to 10 ):

./aws-enumerator enum -services iam,sts,rds

_img/Screenshot_2021-04-10_at_13.36.56.png

(-speed flag is optional, the default value is normal ) There are 3 options slow, normal, fast

./aws-enumerator enum -services all -speed slow

Analysis

To analyse the collected information, you should use dump subcommand: ( Use all for quick overview of available API calls )

./aws-enumerator dump -services all

_img/Screenshot_2021-04-10_at_13.56.12.png

Analyze specific services (up to 10) iam,s3,sts, etc ...

./aws-enumerator dump -services iam,s3,sts

_img/Screenshot_2021-04-10_at_14.03.16.png

To filter API calls, you should use -filter option, start typing the name of API call (GetA ...):

./aws-enumerator dump -services iam -filter GetA

_img/Screenshot_2021-04-10_at_14.06.18.png

To retrieve the result of API call, you should use -print option

./aws-enumerator dump -services iam -filter ListS -print

_img/Screenshot_2021-04-10_at_14.08.01.png

Demo Video

Pavel Shabarkin LinkedIn

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].