diff --git a/AWS Amazon Bucket S3/README.md b/AWS Amazon Bucket S3/README.md index 6d61811..6f14f72 100644 --- a/AWS Amazon Bucket S3/README.md +++ b/AWS Amazon Bucket S3/README.md @@ -2,7 +2,6 @@ ## Summary -- [Tools](#tools) - [AWS Configuration](#aws-configuration) - [Open Bucket](#open-bucket) - [Basic tests](#basic-tests) @@ -13,36 +12,6 @@ - [AWS - Extract Backup](#aws---extract-backup) - [Bucket juicy data](#bucket-juicy-data) -## Tools - -- [Pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments](https://github.com/RhinoSecurityLabs/pacu) -- [Bucket Finder - Search for readable buckets and list all the files in them](https://digi.ninja/) - ```powershell - wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2 - ./bucket_finder.rb my_words - ./bucket_finder.rb --region ie my_words - US Standard = http://s3.amazonaws.com - Ireland = http://s3-eu-west-1.amazonaws.com - Northern California = http://s3-us-west-1.amazonaws.com - Singapore = http://s3-ap-southeast-1.amazonaws.com - Tokyo = http://s3-ap-northeast-1.amazonaws.com - - ./bucket_finder.rb --download --region ie my_words - ./bucket_finder.rb --log-file bucket.out my_words - ``` -- [Boto3 - Amazon Web Services (AWS) SDK for Python](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) - ```python - import boto3 - # Create an S3 client - s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1') - - try: - result = s3.list_buckets() - print(result) - except Exception as e: - print(e) - ``` -- [s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files](https://github.com/nccgroup/s3_objects_check) ## AWS Configuration diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index 1fc6c16..ad2af2e 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -36,7 +36,7 @@ ## Tools -* **SkyArk** - Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins. +* **SkyArk** : Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins. Require: - Read-Only permissions over IAM service @@ -52,7 +52,7 @@ PS C> Scan-AWShadowAdmins ``` -* **Pacu** - Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. +* **Pacu** : Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. Require: - AWS Keys @@ -68,6 +68,34 @@ # https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details ``` +* **Bucket Finder** : Search for readable buckets and list all the files in them https://digi.ninja/ + ```powershell + wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2 + ./bucket_finder.rb my_words + ./bucket_finder.rb --region ie my_words + US Standard = http://s3.amazonaws.com + Ireland = http://s3-eu-west-1.amazonaws.com + Northern California = http://s3-us-west-1.amazonaws.com + Singapore = http://s3-ap-southeast-1.amazonaws.com + Tokyo = http://s3-ap-northeast-1.amazonaws.com + + ./bucket_finder.rb --download --region ie my_words + ./bucket_finder.rb --log-file bucket.out my_words + ``` + +* **Boto3** : Amazon Web Services (AWS) SDK for Python https://boto3.amazonaws.com/v1/documentation/api/latest/index.html + ```python + import boto3 + # Create an S3 client + s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1') + + try: + result = s3.list_buckets() + print(result) + except Exception as e: + print(e) + ``` + * **Prowler** : AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Require: - arn:aws:iam::aws:policy/SecurityAudit @@ -106,7 +134,7 @@ pmapper argquery --principal '*' --resource user/PowerUser --preset connected ``` -* **ScoutSuite** : https://github.com/nccgroup/ScoutSuite/wiki +* **ScoutSuite** : Multi-Cloud Security Auditing Tool https://github.com/nccgroup/ScoutSuite/wiki ```powershell $ git clone https://github.com/nccgroup/ScoutSuite $ python scout.py PROVIDER --help @@ -115,7 +143,7 @@ $ python scout.py azure --cli ``` -* **s3_objects_check** : https://github.com/nccgroup/s3_objects_check +* **s3_objects_check** : Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files ```powershell $ git clone https://github.com/nccgroup/s3_objects_check && cd s3_objects_check $ python3 -m venv env && source env/bin/activate