aws_pwn
A collection of AWS penetration testing junk
Category | Penetration Testing Tools |
---|---|
Community Stars | 1179 |
Last Commit | 7 years ago |
Last page update | 19 days ago |
Pricing Details | Free |
Target Audience | Penetration testers, security researchers, AWS administrators. |
The aws_pwn
toolset is designed for identifying and exploiting vulnerabilities in AWS environments, a task that is increasingly complex due to the vast array of services and configurations available in AWS.
Technically, aws_pwn
is a collection of scripts and tools designed for penetration testing and reconnaissance within AWS. The architecture relies on Python scripts that interact with AWS APIs to perform various tasks such as disrupting CloudTrail logging, dumping account data, elevating privileges, and exfiltrating data. For example, the disrupt_cloudtrail.py
script can cripple CloudTrail logging, while dump_account_data.sh
gathers extensive account information through multiple read, list, get, and describe functions, although this is quite noisy and visible in logs. The assume_roles.py
script allows testers to assume all roles in an account, and add_iam_policy.py
can attach highly privileged policies to users, roles, or groups.
Operationally, using aws_pwn
requires careful consideration of detection and evasion techniques. Many of the scripts are noisy and can trigger security alerts, so testers must be prepared to handle the visibility of their actions. The tools also require proper AWS credentials setup and may need frequent updates as AWS services and security measures evolve. Limitations include the potential for AWS to change its APIs or security features, rendering some scripts ineffective, and the need for contributors to maintain and update the tools.
Specific technical details include the use of AWS CLI and SDKs for API interactions, with scripts often relying on boto3
and other Python libraries. The tools can handle various AWS services like EC2, IAM, CloudFormation, and S3, but their effectiveness can vary based on the specific AWS environment and its security posture. For instance, the backdoor_all_roles.py
script adds trust relationships to roles, but this requires editing the script to set the correct role ARNs, highlighting the need for customization and careful execution.