Pacu

Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more.

Key Features

• Comprehensive AWS security-testing toolkit, supported by a leading cybersecurity firm.
• Wide range of powerful scanning and exploitation capabilities offer by 36 modules (and counting)* which can be chained together.
• Open-source and modular structure allows easy auditing and community-driven improvement.

Pacu’s Modular Power

Pacu uses a range of plug-in modules to assist an attacker in the enumeration, privilege escalation, data exfiltration, service exploitation, and log manipulation within AWS environments. At present, Pacu has 36 modules for executing AWS attacks, but we’ll be working hard to add more modules in the future, and suggestions for new modules (or even contributions of whole completed modules) are welcome.

In order to keep pace with ongoing AWS product developments, we’ve designed Pacu from the ground up with extensibility in mind. A common syntax and data structure keep modules easy to build and expand on – no need to specify AWS regions or make redundant permission checks between modules. A local SQLite database is used to manage and manipulate retrieved data, minimizing API calls (and associated logs). Reporting and attack auditing is also built into the framework; Pacu assists the documentation process through command logging and exporting, helping build a timeline for the testing process.

We’ll be working on improving Pacu’s core capabilities and building out a well-documented ecosystem so that cybersecurity researchers and developers can make new modules quickly and easily.

Changelog v1.5

• Clean up README by @DaveYesland in #382
• fix #329 key error issue with iam__privesc_scan by @DaveYesland in #386
• Fix #359 #215 update region updating/handeling and remove region filters by @DaveYesland in #379
• Remove old install method by @DaveYesland in #383
• Enhancement/remove version check add get version by @DaveYesland in #381
• Make pacu version expand in workflow for docker version by @DaveYesland in #387
• Fix #388 by @DaveYesland in #389
• Fix #309 and update some functionality by @DaveYesland in #390

Installation

> git clone https://github.com/RhinoSecurityLabs/pacu
> cd pacu
> bash install.sh
> python3 pacu.py

Tutorial

Copyright (C) 2018 Rhino Security Labs, Inc.