Practical AWS CLI tips
This course requires heavy use of the AWS CLI, and especially aws iam commands. You’ll need to regularly refer to documentation but another tip is to use grep in order to search through the help menu, like this:
aws iam help | grep -e "list-group" -e "get-group"
o get-group
o get-group-policy
o list-group-policies
o list-groups
o list-groups-for-userCode language: PHP (php)
That way you can save a lot of time instead of constantly going back and forth with docs.
About using tools/automation for this course
You do not need any of the tools in this lesson in order to successfully complete the labs in this course! Every single one of them can be 100% accomplished using the AWS CLI, and thatβs how I recommend that you do it the first time around to get experience with using the AWS CLI.
With that said, if youβre already experienced or if youβve already gone through a first run, trying out these automation tools is also a great idea as they can help speed things up and/or find issues you may not have manually found.
Also, please note that while I have personally used and continue to use some of these tools, Iβve also included some that I have heard about but havenβt personally (or thoroughly) tested, so they may not work as intended. Especially since some of them are a few years old and havenβt been recently updated. If thatβs the case, please drop me a comment below and Iβll remove the tool. (I ultimately want to test them all, just havenβt had the time yet)
IAMActionHunter
https://github.com/RhinoSecurityLabs/IAMActionHunter
Quickly and easily evaluate one or more IAM policies to find issues.
This is a tool you can use to more quickly understand what the vulnerability might be across one policy or across multiple policies.
IAMFinder
https://github.com/prisma-cloud/IAMFinder
IAMFinder enumerates and finds users and IAM roles in a target AWS account.
EnumerateIAM
https://github.com/andresriancho/enumerate-iam
Enumerate the permissions associated with an AWS credential set. This tool tries to brute force all API calls allowed by the IAM policy. The calls performed by this tool are all non-destructive (only get* and list* calls are performed). Great for finding weaknesses you may not have manually found.
aws_escalate.py
A script that can help you find privesc paths.
Pacu
https://github.com/RhinoSecurityLabs/pacu
Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. This is the same tool we demonstrate in our Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT course
ScoutSuite, Prowler, etc…
There are also larger tools like ScoutSuite and Prowler that can scan environment to audit them, and that includes finding IAM misconfigurations, so it can be helpful in this sort of situation. A quick note: I don’t think ScoutSuite is being maintained anymore so your mileage may vary.
Any other tools we should add?
There are many other AWS security tools out there, but I tried only adding lightweight and open-source tools. If you have other tools you’d recommend adding to this list that fit that criteria and that’s specific to IAM, let me know in the comments below!
It does look like Fig is only for MacOS
Thanks for checking. If someone finds a similar tool for Windows, please let us know
It appears Fig works for Linux.
See: https://fig.io/user-manual/linux#supported-distros > Supported Environments > Supported Distros
Nice! Glad to see more support. Thanks for sharing
New update on Fig.io:
“Fig is sunsetting, migrate to Amazon CodeWhisperer
Dear Fig users,
Effective September 1, 2024 we will be ending access to Fig.
We encourage users to migrate to Amazon CodeWhisperer for command line. Itβs free on the Individual tier and is designed to be faster and more reliable than Fig. To make this transition as easy as possible, users can upgrade to CodeWhisperer for command line directly from the Fig dashboard.
To learn more about the changes to Fig and how to export your data, read our blog post. …”
Recently saw that π super disappointing. I tried CodeWhisperer and it’s a downgrade
Currently Fig redirects you to Amazon Q
π such a shame. I’m still currently able to use it from a prior/older download, but it means no more updates. They’re forcing everyone to move to Amazon Q which isn’t as good. Really sucks.
I’ve used https://github.com/shabarkin/aws-enumerator quite a bit and recommend. I haven’t used https://github.com/BishopFox/cloudfox much just yet, but it also has some IAM features worth exploring (IMHO).
Hi, i feel like PMapper does not work anymore.
From my research it’s not compatible with Python 3.12 ? but i might be wrong
Thank you for letting me know. I’m removing it since it’s not getting updates
Hi @christophe, First of all a big thanks for creating this platform to support new techminds in Cyber field trying to learn about Cloud Security. I’d like to request you to consider Scoutsuite in the list of tools above as it can help get quite a lot of details regarding the security posture of a cloud Environment.
Hey, thanks! I’m usually hesitant to add it because I don’t think it’s being maintained anymore with hundreds of open issues and lots of pull requests. I’ll add it as a mention to the lesson if anyone wants to check it out though! Thanks for the suggestion