pacu v1.4.2 releases: AWS penetration testing toolkit


Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more.


Key Features

  • Comprehensive AWS security-testing toolkit, supported by a leading cybersecurity firm.
  • Wide range of powerful scanning and exploitation capabilities offer by 36 modules (and counting)* which can be chained together.
  • Open-source and modular structure allows easy auditing and community-driven improvement.

Pacu’s Modular Power

Pacu uses a range of plug-in modules to assist an attacker in the enumeration, privilege escalation, data exfiltration, service exploitation, and log manipulation within AWS environments. At present, Pacu has 36 modules for executing AWS attacks, but we’ll be working hard to add more modules in the future, and suggestions for new modules (or even contributions of whole completed modules) are welcome.

In order to keep pace with ongoing AWS product developments, we’ve designed Pacu from the ground up with extensibility in mind. A common syntax and data structure keep modules easy to build and expand on – no need to specify AWS regions or make redundant permission checks between modules. A local SQLite database is used to manage and manipulate retrieved data, minimizing API calls (and associated logs). Reporting and attack auditing is also built into the framework; Pacu assists the documentation process through command logging and exporting, helping build a timeline for the testing process.

We’ll be working on improving Pacu’s core capabilities and building out a well-documented ecosystem so that cybersecurity researchers and developers can make new modules quickly and easily.

Changelog v1.4.2

  • Add ebs__enum_snapshots_unauth Module for Unauthenticated EBS Snapshot Reconnaissance by @Y4nush in #370


> git clone
> cd pacu
> bash
> python3


Copyright (C) 2018 Rhino Security Labs, Inc.