Pentest Documentation

Appearance

βš’οΈ Automated Tools ​

AWS environments can be complex, and manually assessing their security can be time-consuming and error-prone. Fortunately, several automated tools are available to help security professionals assess, monitor, and secure AWS environments effectively. Below, we discuss some of the most popular and powerful automated tools for AWS security.

πŸ” PACU ​

PACU is an open-source tool designed for conducting security assessments and penetration tests in AWS environments. It allows security professionals to automate various attack techniques and assess the security posture of an AWS account.

Usage Example ​

To start PACU, run the following command :

bash
pacu

Once inside PACU, you can use various modules to perform specific tasks.

  • Setting the Initial User Access Key :
bash
set_keys
  • Get the Permissions of the Currently Logged-In User :
bash
exec iam__enum_permissions
whoami
  • Enumerate EC2 Instances and Get the Public IP Addresses :
bash
exec ec2__enum
data EC2
  • Enumerate Privilege Escalation Permissions and Exploit Them :
bash
exec iam__privesc_scan

☁️ Cloud_enum ​

Cloud_enum is an open-source tool for enumerating cloud resources in an AWS environment. It is particularly useful for discovering publicly exposed assets and services.

Usage Example ​

bash
cloud_enum -k BUCKET_NAME
bash
[+] Checking for S3 buckets
  OPEN S3 BUCKET: http://**********.s3.amazonaws.com/
      FILES:
      ->http://**********.s3.amazonaws.com/**********
      ->http://**********.s3.amazonaws.com/dev-server-ip.txt
      ->http://**********.s3.amazonaws.com/prod-data.txt
      ->http://**********.s3.amazonaws.com/staging-data.txt

⚜️ ScoutSuite ​

ScoutSuite is an open-source multi-cloud security auditing tool that supports AWS, Azure, and Google Cloud. It allows security professionals to assess the security posture of their cloud environments and identify potential security risks.

Usage Example ​

To run ScoutSuite for an AWS environment, use the following command :

bash
scout aws --access-key-id <AWS_ACCESS_KEY> --secret-access-key <AWS_SECRET_KEY>

🎨 Cloudsplaining ​

Cloudsplaining is an open-source tool for analyzing AWS IAM policies. It helps security professionals identify and mitigate risky permissions that could lead to privilege escalation or other security issues.

Usage Example ​

To analyze IAM policies with Cloudsplaining, use the following command :

bash
cloudsplaining scan --input-file <path_to_iam_policy_file>