From d4053463cc8be33cdd0164691319303d1a807cb1 Mon Sep 17 00:00:00 2001 From: mgeeky Date: Fri, 19 Jun 2020 14:18:31 +0200 Subject: [PATCH] Renamed get-session-creds-in-config-format.sh to assume-role-helper.sh --- clouds/aws/README.md | 5 +++-- ...ssion-creds-in-config-format.sh => assume-role-helper.sh} | 0 2 files changed, 3 insertions(+), 2 deletions(-) rename clouds/aws/{get-session-creds-in-config-format.sh => assume-role-helper.sh} (100%) diff --git a/clouds/aws/README.md b/clouds/aws/README.md index b435022..30c3d7c 100644 --- a/clouds/aws/README.md +++ b/clouds/aws/README.md @@ -1,6 +1,9 @@ ## AWS-related penetration testing scripts, tools and Cheatsheets + +- **`assume-role-helper.sh`** - Calls `aws sts assume-role` using MFA token in order to retrieve session credentials and reformat it into `~/.aws/credentials` file format. That eases copy-and-paste of credentials provided by Assume Role facility into credentials file format. Having creds reformatted, tools such as _s3tk_ that are unable to process MFA tokens could be used using preconfigured profile creds. + - **`disruptCloudTrailByS3Lambda.py`** - This script attempts to disrupt CloudTrail by planting a Lambda function that will delete every object created in S3 bucket bound to a trail. As soon as CloudTrail creates a new object in S3 bucket, Lambda will kick in and delete that object. No object, no logs. No logs, no Incident Response :-) One will need to pass AWS credentials to this tool. Also, the account affected should have at least following permissions: @@ -317,8 +320,6 @@ drwxr-xr-x 3 root root 4096 lis 4 16:18 home - **`find-exposed-resources.sh`** - Utterly simple script enumerating some of the resources that could be publicly shared which would count as a security misconfiguration. -- **`get-session-creds-in-config-format.sh`** - Calls `aws sts assume-role` using MFA token in order to then retrieve session credentials and reformat it into `~/.aws/credentials` file format. Having that it's easy to copy-and-paste that script's output into credentials file. Then tools such as _s3tk_ that are unable to process MFA tokens may just use preconfigured profile creds. - - **`identifyS3Bucket.rb`** - This script attempts to identify passed name whether it resolves to a valid AWS S3 Bucket via different means. This script may come handy when revealing S3 buckets hidden behind HTTP proxies. - **`pentest-ec2-instance`** - A set of utilities for quick starting, ssh-ing and stopping of a single temporary EC2 instance intended to be used for Web out-of-band tests (SSRF, reverse-shells, dns/http/other daemons). diff --git a/clouds/aws/get-session-creds-in-config-format.sh b/clouds/aws/assume-role-helper.sh similarity index 100% rename from clouds/aws/get-session-creds-in-config-format.sh rename to clouds/aws/assume-role-helper.sh