From 10e6c075f7bbb393ea078e663e7183842b1c5657 Mon Sep 17 00:00:00 2001 From: lanjelot Date: Sun, 29 Nov 2020 23:22:03 +1100 Subject: [PATCH 1/2] Add tool nccgroup/s3_objects_check --- AWS Amazon Bucket S3/README.md | 1 + Methodology and Resources/Cloud - AWS Pentest.md | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/AWS Amazon Bucket S3/README.md b/AWS Amazon Bucket S3/README.md index e9a574f..6d61811 100644 --- a/AWS Amazon Bucket S3/README.md +++ b/AWS Amazon Bucket S3/README.md @@ -42,6 +42,7 @@ except Exception as e: print(e) ``` +- [s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files](https://github.com/nccgroup/s3_objects_check) ## AWS Configuration diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index 094c10a..1fc6c16 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -115,6 +115,15 @@ $ python scout.py azure --cli ``` +* **s3_objects_check** : https://github.com/nccgroup/s3_objects_check + ```powershell + $ git clone https://github.com/nccgroup/s3_objects_check && cd s3_objects_check + $ python3 -m venv env && source env/bin/activate + $ pip install -r requirements.txt + $ python s3-objects-check.py -h + $ python s3-objects-check.py -p whitebox-profile -e blackbox-profile + ``` + * **weirdAAL** : AWS Attack Library https://github.com/carnal0wnage/weirdAAL/wiki ```powershell python3 weirdAAL.py -m ec2_describe_instances -t demo From bca107cc64e6b88be584108368cd1c0d2f92822a Mon Sep 17 00:00:00 2001 From: lanjelot Date: Mon, 30 Nov 2020 01:38:04 +1100 Subject: [PATCH 2/2] Move duplicated tool references into one place --- AWS Amazon Bucket S3/README.md | 31 ---------------- .../Cloud - AWS Pentest.md | 36 ++++++++++++++++--- 2 files changed, 32 insertions(+), 35 deletions(-) diff --git a/AWS Amazon Bucket S3/README.md b/AWS Amazon Bucket S3/README.md index 6d61811..6f14f72 100644 --- a/AWS Amazon Bucket S3/README.md +++ b/AWS Amazon Bucket S3/README.md @@ -2,7 +2,6 @@ ## Summary -- [Tools](#tools) - [AWS Configuration](#aws-configuration) - [Open Bucket](#open-bucket) - [Basic tests](#basic-tests) @@ -13,36 +12,6 @@ - [AWS - Extract Backup](#aws---extract-backup) - [Bucket juicy data](#bucket-juicy-data) -## Tools - -- [Pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments](https://github.com/RhinoSecurityLabs/pacu) -- [Bucket Finder - Search for readable buckets and list all the files in them](https://digi.ninja/) - ```powershell - wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2 - ./bucket_finder.rb my_words - ./bucket_finder.rb --region ie my_words - US Standard = http://s3.amazonaws.com - Ireland = http://s3-eu-west-1.amazonaws.com - Northern California = http://s3-us-west-1.amazonaws.com - Singapore = http://s3-ap-southeast-1.amazonaws.com - Tokyo = http://s3-ap-northeast-1.amazonaws.com - - ./bucket_finder.rb --download --region ie my_words - ./bucket_finder.rb --log-file bucket.out my_words - ``` -- [Boto3 - Amazon Web Services (AWS) SDK for Python](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) - ```python - import boto3 - # Create an S3 client - s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1') - - try: - result = s3.list_buckets() - print(result) - except Exception as e: - print(e) - ``` -- [s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files](https://github.com/nccgroup/s3_objects_check) ## AWS Configuration diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index 1fc6c16..ad2af2e 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -36,7 +36,7 @@ ## Tools -* **SkyArk** - Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins. +* **SkyArk** : Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins. Require: - Read-Only permissions over IAM service @@ -52,7 +52,7 @@ PS C> Scan-AWShadowAdmins ``` -* **Pacu** - Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. +* **Pacu** : Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. Require: - AWS Keys @@ -68,6 +68,34 @@ # https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details ``` +* **Bucket Finder** : Search for readable buckets and list all the files in them https://digi.ninja/ + ```powershell + wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2 + ./bucket_finder.rb my_words + ./bucket_finder.rb --region ie my_words + US Standard = http://s3.amazonaws.com + Ireland = http://s3-eu-west-1.amazonaws.com + Northern California = http://s3-us-west-1.amazonaws.com + Singapore = http://s3-ap-southeast-1.amazonaws.com + Tokyo = http://s3-ap-northeast-1.amazonaws.com + + ./bucket_finder.rb --download --region ie my_words + ./bucket_finder.rb --log-file bucket.out my_words + ``` + +* **Boto3** : Amazon Web Services (AWS) SDK for Python https://boto3.amazonaws.com/v1/documentation/api/latest/index.html + ```python + import boto3 + # Create an S3 client + s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1') + + try: + result = s3.list_buckets() + print(result) + except Exception as e: + print(e) + ``` + * **Prowler** : AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Require: - arn:aws:iam::aws:policy/SecurityAudit @@ -106,7 +134,7 @@ pmapper argquery --principal '*' --resource user/PowerUser --preset connected ``` -* **ScoutSuite** : https://github.com/nccgroup/ScoutSuite/wiki +* **ScoutSuite** : Multi-Cloud Security Auditing Tool https://github.com/nccgroup/ScoutSuite/wiki ```powershell $ git clone https://github.com/nccgroup/ScoutSuite $ python scout.py PROVIDER --help @@ -115,7 +143,7 @@ $ python scout.py azure --cli ``` -* **s3_objects_check** : https://github.com/nccgroup/s3_objects_check +* **s3_objects_check** : Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files ```powershell $ git clone https://github.com/nccgroup/s3_objects_check && cd s3_objects_check $ python3 -m venv env && source env/bin/activate