diff --git a/clouds/aws/README.md b/clouds/aws/README.md index b435022..30c3d7c 100644 --- a/clouds/aws/README.md +++ b/clouds/aws/README.md @@ -1,6 +1,9 @@ ## AWS-related penetration testing scripts, tools and Cheatsheets + +- **`assume-role-helper.sh`** - Calls `aws sts assume-role` using MFA token in order to retrieve session credentials and reformat it into `~/.aws/credentials` file format. That eases copy-and-paste of credentials provided by Assume Role facility into credentials file format. Having creds reformatted, tools such as _s3tk_ that are unable to process MFA tokens could be used using preconfigured profile creds. + - **`disruptCloudTrailByS3Lambda.py`** - This script attempts to disrupt CloudTrail by planting a Lambda function that will delete every object created in S3 bucket bound to a trail. As soon as CloudTrail creates a new object in S3 bucket, Lambda will kick in and delete that object. No object, no logs. No logs, no Incident Response :-) One will need to pass AWS credentials to this tool. Also, the account affected should have at least following permissions: @@ -317,8 +320,6 @@ drwxr-xr-x 3 root root 4096 lis 4 16:18 home - **`find-exposed-resources.sh`** - Utterly simple script enumerating some of the resources that could be publicly shared which would count as a security misconfiguration. -- **`get-session-creds-in-config-format.sh`** - Calls `aws sts assume-role` using MFA token in order to then retrieve session credentials and reformat it into `~/.aws/credentials` file format. Having that it's easy to copy-and-paste that script's output into credentials file. Then tools such as _s3tk_ that are unable to process MFA tokens may just use preconfigured profile creds. - - **`identifyS3Bucket.rb`** - This script attempts to identify passed name whether it resolves to a valid AWS S3 Bucket via different means. This script may come handy when revealing S3 buckets hidden behind HTTP proxies. - **`pentest-ec2-instance`** - A set of utilities for quick starting, ssh-ing and stopping of a single temporary EC2 instance intended to be used for Web out-of-band tests (SSRF, reverse-shells, dns/http/other daemons). diff --git a/clouds/aws/get-session-creds-in-config-format.sh b/clouds/aws/assume-role-helper.sh similarity index 100% rename from clouds/aws/get-session-creds-in-config-format.sh rename to clouds/aws/assume-role-helper.sh