mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-12 14:22:47 +00:00
Move duplicated tool references into one place
This commit is contained in:
parent
10e6c075f7
commit
bca107cc64
2 changed files with 32 additions and 35 deletions
|
@ -2,7 +2,6 @@
|
|||
|
||||
## Summary
|
||||
|
||||
- [Tools](#tools)
|
||||
- [AWS Configuration](#aws-configuration)
|
||||
- [Open Bucket](#open-bucket)
|
||||
- [Basic tests](#basic-tests)
|
||||
|
@ -13,36 +12,6 @@
|
|||
- [AWS - Extract Backup](#aws---extract-backup)
|
||||
- [Bucket juicy data](#bucket-juicy-data)
|
||||
|
||||
## Tools
|
||||
|
||||
- [Pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments](https://github.com/RhinoSecurityLabs/pacu)
|
||||
- [Bucket Finder - Search for readable buckets and list all the files in them](https://digi.ninja/)
|
||||
```powershell
|
||||
wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2
|
||||
./bucket_finder.rb my_words
|
||||
./bucket_finder.rb --region ie my_words
|
||||
US Standard = http://s3.amazonaws.com
|
||||
Ireland = http://s3-eu-west-1.amazonaws.com
|
||||
Northern California = http://s3-us-west-1.amazonaws.com
|
||||
Singapore = http://s3-ap-southeast-1.amazonaws.com
|
||||
Tokyo = http://s3-ap-northeast-1.amazonaws.com
|
||||
|
||||
./bucket_finder.rb --download --region ie my_words
|
||||
./bucket_finder.rb --log-file bucket.out my_words
|
||||
```
|
||||
- [Boto3 - Amazon Web Services (AWS) SDK for Python](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html)
|
||||
```python
|
||||
import boto3
|
||||
# Create an S3 client
|
||||
s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1')
|
||||
|
||||
try:
|
||||
result = s3.list_buckets()
|
||||
print(result)
|
||||
except Exception as e:
|
||||
print(e)
|
||||
```
|
||||
- [s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files](https://github.com/nccgroup/s3_objects_check)
|
||||
|
||||
## AWS Configuration
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
## Tools
|
||||
|
||||
* **SkyArk** - Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins.
|
||||
* **SkyArk** : Discover the most privileged users in the scanned AWS environment - including the AWS Shadow Admins.
|
||||
Require:
|
||||
- Read-Only permissions over IAM service
|
||||
|
||||
|
@ -52,7 +52,7 @@
|
|||
PS C> Scan-AWShadowAdmins
|
||||
```
|
||||
|
||||
* **Pacu** - Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set.
|
||||
* **Pacu** : Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set.
|
||||
Require:
|
||||
- AWS Keys
|
||||
|
||||
|
@ -68,6 +68,34 @@
|
|||
# https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details
|
||||
```
|
||||
|
||||
* **Bucket Finder** : Search for readable buckets and list all the files in them https://digi.ninja/
|
||||
```powershell
|
||||
wget https://digi.ninja/files/bucket_finder_1.1.tar.bz2 -O bucket_finder_1.1.tar.bz2
|
||||
./bucket_finder.rb my_words
|
||||
./bucket_finder.rb --region ie my_words
|
||||
US Standard = http://s3.amazonaws.com
|
||||
Ireland = http://s3-eu-west-1.amazonaws.com
|
||||
Northern California = http://s3-us-west-1.amazonaws.com
|
||||
Singapore = http://s3-ap-southeast-1.amazonaws.com
|
||||
Tokyo = http://s3-ap-northeast-1.amazonaws.com
|
||||
|
||||
./bucket_finder.rb --download --region ie my_words
|
||||
./bucket_finder.rb --log-file bucket.out my_words
|
||||
```
|
||||
|
||||
* **Boto3** : Amazon Web Services (AWS) SDK for Python https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
|
||||
```python
|
||||
import boto3
|
||||
# Create an S3 client
|
||||
s3 = boto3.client('s3',aws_access_key_id='AKIAJQDP3RKREDACTED',aws_secret_access_key='igH8yFmmpMbnkcUaCqXJIRIozKVaREDACTED',region_name='us-west-1')
|
||||
|
||||
try:
|
||||
result = s3.list_buckets()
|
||||
print(result)
|
||||
except Exception as e:
|
||||
print(e)
|
||||
```
|
||||
|
||||
* **Prowler** : AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100).
|
||||
Require:
|
||||
- arn:aws:iam::aws:policy/SecurityAudit
|
||||
|
@ -106,7 +134,7 @@
|
|||
pmapper argquery --principal '*' --resource user/PowerUser --preset connected
|
||||
```
|
||||
|
||||
* **ScoutSuite** : https://github.com/nccgroup/ScoutSuite/wiki
|
||||
* **ScoutSuite** : Multi-Cloud Security Auditing Tool https://github.com/nccgroup/ScoutSuite/wiki
|
||||
```powershell
|
||||
$ git clone https://github.com/nccgroup/ScoutSuite
|
||||
$ python scout.py PROVIDER --help
|
||||
|
@ -115,7 +143,7 @@
|
|||
$ python scout.py azure --cli
|
||||
```
|
||||
|
||||
* **s3_objects_check** : https://github.com/nccgroup/s3_objects_check
|
||||
* **s3_objects_check** : Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files
|
||||
```powershell
|
||||
$ git clone https://github.com/nccgroup/s3_objects_check && cd s3_objects_check
|
||||
$ python3 -m venv env && source env/bin/activate
|
||||
|
|
Loading…
Reference in a new issue