Penetration Test / Red Teaming / Purple Team
  • whoami
  • PowerShell for Pentesters
  • Azure AD Penetration Test
    • Intro
    • Initial Access
      • Bypassing MFA with Evilginx2
    • Enumeration
    • Privilege Escalation
    • Tools
  • AWS Penetration Test
    • Intro [WIP]
    • Enumeration
    • Initial Access
    • Privilege Escalation
    • Tools
  • Hackthebox WriteUps
  • Purple Team Exercise
    • Intro
  • Container Security
    • Docker Image Security
    • Docker Basic Commands
      • Docker-Related Attack Vectors
    • Podman Basic Commands
    • Container Breakouts
      • Containerd Attacks
    • Multi Container Setup
    • Securing Docker
Powered by GitBook
On this page
  • ScoutSuite
  • Pacu
  • Pmapper
  • Links
  1. AWS Penetration Test

Tools

PreviousPrivilege EscalationNextHackthebox WriteUps

Last updated 2 years ago

Some tools that you can use during your penetration test on AWS.

ScoutSuite

Pacu

Pmapper

Commands

Copy your env credentials and run these commands

export AWS_ACCESS_KEY_ID="zzzzzzzzz"
export AWS_SECRET_ACCESS_KEY="zzzzzzz"
export AWS_SESSION_TOKEN="zzzzzzzz"

This command will collect information from your 

pmapper graph create

List embedded queries

pmapper query list

Learn privilege escalation paths

pmapper --account "it_will_give_you_after_first_command" query -s 'preset privesc *'

Who can create user in resources. 

pmapper query 'who can do iam:CreateUser'

some refences:

  • https://github.com/nccgroup/PMapper/wiki/Query-Reference

  • https://securityonline.info/pmapper/?utm_content=cmp-true

  • https://www.kitploit.com/2018/08/pmapper-tool-for-quickly-evaluating-iam.html?m=0

Links

https://github.com/toniblyx/my-arsenal-of-aws-security-tools

LogoGitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing ToolGitHub
LogoGitHub - RhinoSecurityLabs/pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.GitHub
LogoGitHub - nccgroup/PMapper: A tool for quickly evaluating IAM permissions in AWS.GitHub