mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-24 18:09:45 +01:00
evaluate-iam-role: support for wildcarded permissions
This commit is contained in:
parent
e3fc9a5e0e
commit
4ffdcef947
@ -9,6 +9,7 @@ PROFILE=$1
|
||||
ROLE_NAME=$2
|
||||
|
||||
known_dangerous_permissions=(
|
||||
"*:*"
|
||||
"iam:CreatePolicyVersion"
|
||||
"iam:SetDefaultPolicyVersion"
|
||||
"iam:PassRole"
|
||||
@ -63,6 +64,8 @@ for policy in "${attached_role_policies[@]}" ; do
|
||||
for dangperm in "${known_dangerous_permissions[@]}"; do
|
||||
if echo "$dangperm" | grep -iq $perm ; then
|
||||
dangerous_permissions+=("$perm")
|
||||
elif echo "$perm" | grep -qP "\w+:\*"; then
|
||||
dangerous_permissions+=("$perm")
|
||||
fi
|
||||
done
|
||||
done
|
||||
@ -71,7 +74,8 @@ done
|
||||
|
||||
if [[ ${#dangerous_permissions[@]} -gt 0 ]]; then
|
||||
echo -e "\n\n=============== Detected dangerous permissions granted ==============="
|
||||
for dangperm in "${dangerous_permissions[@]}"; do
|
||||
sorted=($(echo "${dangerous_permissions[@]}" | tr ' ' '\n' | sort -u ))
|
||||
for dangperm in "${sorted[@]}"; do
|
||||
echo -e "\t$dangperm"
|
||||
done
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user