enumerate-iam

The enumerate-iam tool is designed for determining the exact permissions associated with a given set of AWS credentials, which is often unclear even to those who possess the credentials. This tool employs a brute-force approach to enumerate these permissions by attempting all non-destructive API calls (specifically, list*, describe*, and get* actions) allowed by the IAM policy.

Technically, the tool relies on a Python script that integrates with the AWS SDK to generate a comprehensive list of API endpoints. The generate_bruteforce_tests.py script uses the AWS SDK documentation to create a dictionary of API calls, which are then tested against the provided AWS credentials. This approach ensures that the tool remains up-to-date with new AWS services and endpoints, as it can be updated by re-running the script against the latest AWS SDK documentation.

Operationally, the tool is designed to be efficient and programmatic. It uses threads to improve performance and provides detailed logging and output in a Python dictionary format, making it easy to integrate with other security tools and scripts. However, it is important to note that the tool can be resource-intensive and may hang or slow down when testing a large number of API calls, particularly if the credentials have extensive permissions.

Key technical details include the use of non-destructive API calls to avoid any potential impact on the AWS environment, and the ability to specify session tokens and regions for more granular testing. The tool also emphasizes real-time enumeration over historical analysis, providing immediate insights into the current permission set associated with the credentials.