Deep Dive into AWS Penetration Testing | by Yasser Khan | Jun, 2021
There are many tools that you can use to pentest your AWS integrated services. A different set of tools are available to carry out different types of tests. Here are some of them.
PMapper (Principal Mapper) is a script and library for finding hazards in an AWS account’s AWS Identity and Access Management (IAM) configuration.
Source: https://github.com/nccgroup/PMapper
A Python script that finds all AWS resources created in a given account.
Source:https://github.com/nccgroup/aws-inventory
Using a Ruby script, a brute force attack on an S3 bucket can be carried out.
Source: https://github.com/FishermansEnemy/bucket_finder
A prowler is a command-line tool for implementing AWS Security Best Practices, auditing, and hardening following the CIS AMAZON Web Services Foundations Benchmark.
Source: https://github.com/toniblyx/prowler
Tools for fingerprinting and exploiting Amazon cloud infrastructures. These tools are a PoC which I developed for my “Pivoting in Amazon clouds” talk, developed using the great boto library for accessing Amazon’s API.
Source: https://github.com/andresriancho/nimbostratus
CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.
Source: https://github.com/aquasecurity/cloudsploit
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report.
Source: https://github.com/salesforce/cloudsplaining
Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more.
Source: https://github.com/RhinoSecurityLabs/pacu
For the time being, that’s all for now. The exploitation of S3 buckets, Setting Up and Pen-testing AWS Aurora RDS, Setting up AWS CLI, Assessing and Pen-testing Lambda Services, Assessing AWS API Gateway, Knowing your pentest and the unknowns of AWS pen-testing will be covered in the upcoming blogs.
Thank you for reading my post; please leave a comment below if you have any suggestions 🙂
Thanks,
Yasser Khan
Here is my Twitter handle @N3T_hunt3r Feel free to reach me.
Special Thanks to Jonathan Helmus, For writing an awesome book that has a detailed explanation for performing security assessments of major AWS resources and securing them.
Reference: https://www.packtpub.com/product/aws-penetration-testing/9781839216923