aws-enumerator: AWS Service Enumeration

AWS Service Enumeration

The AWS Enumerator was created for service enumeration and info-dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

AWS Enumerator supports more than 600 API Calls ( reading actions Get, List, Describe, etc… ), and will be extended.

The tool provides an interface for result analysis. All results are saved in json files (one-time “Database”).

Install

go get -u github.com/shabarkin/aws-enumerator

Use

credentials setup

To setup credentials, you should use cred subcommand and supply credentials:

It creates a .env file, which is loaded to global variables each time you call enum subcommand.

WARNING: If you set these values AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN in global variables manually before running the tool, it will not be able to load AWS Credentials specified in .env file ( It can’t overwrite global variables ).

Enumeration

To enumerate all services, you should use enum subcommand and supply all value or iam,s3, sts, rds ( no spaces between commas ), etc. …

If you want to check specific services (up to 10 ):

(-speed flag is optional, the default value is normal ) There are 3 options slow, normal, fast

Analysis

To analyse the collected information, you should use dump subcommand: ( Use all for a quick overview of available API calls )

Analyze specific services (up to 10) iam,s3,sts, etc …

To filter API calls, you should use -filter option, start typing the name of API call (GetA …):

To retrieve the result of the API call, you should use -print option

Copyright (c) 2021 Pavel Shabarkin

Source: https://github.com/shabarkin/