ThunderCloud: Cloud Exploit Framework

ThunderCloud

Cloud Exploit Framework

This framework can find issues like:

1. S3 directory listing due to misconfigured Cloudfront settings
2. Amazon Cognito misconfiguration to generate AWS temporary credentials
3. Public snapshots
4. Generate Account takeover Phishing links for AWS SSO
5. Leaked Keys permission enumeration
6. IAM role privilege escalation
a) From leaked keys
b) Lambda Function

Install

– get project `git clone https://github.com/Rnalter/ThunderCloud.git && cd ThunderCloud/`
– install [virtualenv](https://virtualenv.pypa.io/en/latest/) `pip install virtualenv`
– create a python 3.6 local environment `virtualenv -p python3.6 venv`
– activate the virtual environment `source venv/bin/activate
– install project dependencies `pip install -r requirements.txt`

Use

Copyright (C) 2022 Rnalter

Source: https://github.com/Rnalter/