Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-24 03:21:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

evaluate-iam-role: support for wildcarded permissions

Browse Source
This commit is contained in:
mgeeky 2019-12-03 16:52:32 +01:00
parent e3fc9a5e0e
commit 4ffdcef947
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
clouds/aws/evaluate-iam-role.sh
View File

@ -9,6 +9,7 @@ PROFILE=$1
ROLE_NAME=$2 ROLE_NAME=$2
known_dangerous_permissions=( known_dangerous_permissions=(
"*:*"
"iam:CreatePolicyVersion" "iam:CreatePolicyVersion"
"iam:SetDefaultPolicyVersion" "iam:SetDefaultPolicyVersion"
"iam:PassRole" "iam:PassRole"
@ -63,6 +64,8 @@ for policy in "${attached_role_policies[@]}" ; do
for dangperm in "${known_dangerous_permissions[@]}"; do for dangperm in "${known_dangerous_permissions[@]}"; do
if echo "$dangperm" | grep -iq $perm ; then if echo "$dangperm" | grep -iq $perm ; then
dangerous_permissions+=("$perm") dangerous_permissions+=("$perm")
elif echo "$perm" | grep -qP "\w+:\*"; then
dangerous_permissions+=("$perm")
fi fi
done done
done done
@ -71,7 +74,8 @@ done
if [[ ${#dangerous_permissions[@]} -gt 0 ]]; then if [[ ${#dangerous_permissions[@]} -gt 0 ]]; then
echo -e "\n\n=============== Detected dangerous permissions granted ===============" echo -e "\n\n=============== Detected dangerous permissions granted ==============="
for dangperm in "${dangerous_permissions[@]}"; do sorted=($(echo "${dangerous_permissions[@]}" | tr ' ' '\n' | sort -u ))
for dangperm in "${sorted[@]}"; do
echo -e "\t$dangperm" echo -e "\t$dangperm"
done done
else else