awsEnum - Enumerate AWS Cloud Resources Based On Provided Credential
Enumrate AWS services! with no nosies
awsEnum is a python script enumrate AWS services through the provided credential.
▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ ██ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █ █ █ ██ █▄█ █ █ █▄▄▄▄▄█ █▄▄▄█ █ █▄█ █ ██ █ █▄▄▄▄▄ █ ▄▄▄█ ▄ █ █ ██ ▄ █ ▄ █▄▄▄▄▄█ █ █▄▄▄█ █ █ █ █ ██▄██ ██▄█ █▄▄█▄▄█ █▄▄█▄▄▄▄▄▄▄█▄▄▄▄▄▄▄█▄█ █▄▄█▄▄▄▄▄▄▄█▄█ █▄█--------------------------------------------------------If you are looking to enumerate AWS services. So, welcometo awsEnum, awsEnum is a python script trying to facilitate the enumerate phase of AWS cloud with the lowest possibleheadache and less noise. Therefore we are not supporting the `all` mode. --------------------------------------------------- --------------------------------------------- developed by bassammaged (@kemet) version: 0.1 Beta--------------------------------------------------------[!] Make sure you already defined credential profile via AWS CLI.usage: run.py [-h] [-p profile_name] [-r region_name] [-v | --verbose | --no-verbose] [-t TRIES] aws_service_namepositional arguments: aws_service_name Specify the aws service for enumration. Supported services are: ['ec2', 'iam', 's3'] (default: all)options: -h, --help show this help message and exit -p profile_name, --profile profile_name specify aws credential profile that will be used through the enumeration. (default: default) -r region_name, --region region_name specify aws region. (default: eu-central-1) -v, --verbose, --no-verbose Allows the script to print out t he message level start with debug. (default: False) -t TRIES, --tries TRIES set maximum tries. (default: 1000)
Disclaimer
awsEnum
is in beta version and is supposed to be free of issues but if any issues encountered, please submit the ticket,awsEnum
is coded and published to be used in partical circumstances:
- Engaging in penetration testing activity.
- Carry on Bug hunting activity.
- AWS cloud security Audit.
- Any other legal activity that already approved by the owner of the asset.
awsEnum
is craeted to work under hoodie, which means there's no intention to support all
mode.
Features
- Connect to aws service through
boto3
, on other word! signing request. awsEnum
allows user to set the number of requests [By default: 1000].awsEnum
store result intojson
file.- Keep AWS credential within
awscli
confugration and just pass profile_name toawsEnum
. - Supported service:
ec2
,iam
,s3
.
Prerequisites
- Python3
pip
package managerpython3 -m pip install requirements.txt
- Feel Free to use
awsEnum
viarun.py
script
Results and FQAs
[ { "AmiLaunchIndex": 0, "ImageId": "ami-7c803d1c", "InstanceId": "i-05bef8a081f307783", "InstanceType": "t2.micro", "KeyName": "Default", "LaunchTime": "2017-02-12 22:29:24+00:00", "Monitoring": { "State": "disabled" }, "Placement": { "AvailabilityZone": "us-west-2a", "GroupName": "", "Tenancy": "default" }, "PrivateDnsName": "ip-172-31-41-84.us-west-2.compute.internal", "PrivateIpAddress": "172.31.41.84", "ProductCodes": [], "PublicDnsName": "ec2-35-165-182-7.us-west-2.compute.amazonaws.com", "PublicIpAddress": "35.165.182.7", "State": { "Code": 16, "Name": "running" }, "StateTransitionReason": "", "SubnetId": "subnet-d962aa90", " VpcId": "vpc-1052ce77", "Architecture": "x86_64", "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "AttachTime": "2017-02-12 22:29:25+00:00", "DeleteOnTermination": true, "Status": "attached", "VolumeId": "vol-04f1c039bc13ea950" } } ], "ClientToken": "kTOiC1486938563883", "EbsOptimized": false, "Hypervisor": "xen", "IamInstanceProfile": { "Arn": "arn:aws:iam::975426262029:instance-profile/flaws", "Id": "AIPAIK7LV6U6UXJXQQR3Q" }, "NetworkInterfaces": [ { "Association": { "IpOwnerId": "amazon", "PublicDnsName": "ec2-35-165-182-7.us-west-2.compute.amazonaws.com", "PublicIp": "35.165.182.7" }, "Attachment": { "AttachTime": "2017-02-12 22:29:24+00:00", "AttachmentId": "eni-attach-a4901fc2", "DeleteOnTermination": true, "DeviceIndex": 0, "Status": "attached", "NetworkCardIndex": 0 }, "Description": "", "Groups": [ { "GroupName": "launch-wizard-1", "GroupId": "sg-490f6631" } ], "Ipv6Addresses": [], "MacAddress": "06:b0:7a:92:21:cf", "NetworkInterfaceId": "eni-c26ed780", "OwnerId": "975426262029", "PrivateDnsName": "ip-172-31-41-84.us-west-2.compute.internal", "PrivateIpAddress": "172.31.41.84", "PrivateIpAddresses": [ { "Association": { "IpOwnerId": "amazon", "PublicDnsName": "ec2-35-165-182-7.us-west-2.compute.amazonaws.com", "PublicIp": "35.165.182.7" }, "Primary": true, "PrivateDnsName": "ip-172-31-41-84.us-west-2.compute.internal", "PrivateIpAddress": "172.31.41.84" } ], "SourceDestCheck": true, "Status": "in-use", "SubnetId": "subnet-d962aa90", "VpcId": "vpc-1052ce77", "InterfaceType": "interface" } ], "RootDeviceName": "/dev/sda1", "RootDeviceType": "e bs", "SecurityGroups": [ { "GroupName": "launch-wizard-1", "GroupId": "sg-490f6631" } ], "SourceDestCheck": true, "VirtualizationType": "hvm", "CpuOptions": { "CoreCount": 1, "ThreadsPerCore": 1 }, "CapacityReservationSpecification": { "CapacityReservationPreference": "open" }, "HibernationOptions": { "Configured": false }, "MetadataOptions": { "State": "applied", "HttpTokens": "optional", "HttpPutResponseHopLimit": 1, "HttpEndpoint": "enabled", "HttpProtocolIpv6": "disabled", "InstanceMetadataTags": "disabled" }, "EnclaveOptions": { "Enabled": false }, "Platform Details": "Linux/UNIX", "UsageOperation": "RunInstances", "UsageOperationUpdateTime": "2017-02-12 22:29:24+00:00", "PrivateDnsNameOptions": {}, "MaintenanceOptions": { "AutoRecovery": "default" } }]
To-Do
- Support
s3
services. - Support
iam
services.
Via: www.kitploit.com
awsEnum - Enumerate AWS Cloud Resources Based On Provided Credential
Reviewed by Zion3R
on
8:33
Rating: