Pacu

Offensive security tool for exploiting configuration flaws in AWS

Installation

Up-to-date steps can be found on RhinoSecurityLab's GitHub

Setup

Pacu leverages IAM access keys stored in the default location, ~/.aws/credentials

# configure user credentials in pacu, specify specific profile or all creds in file
set_keys <awsProfile> | --all

# import current user's permissions (run this anytime permissions change)
run iam__enum_permissions

# validate user's permissions
whoami

Modules

Backdoor

Pacu can help give you backdoor access (i.e., another access method)

# add user to an IAM Role (requires ability to edit the role's trust policy)
run iam__backdoor_assume_role

Privilege Escalation

Pacu can perform 20+ privilege escalation checks

run iam__privesc_scan

Enumeration

# checks if credentials are known canary tokens (i.e., fake creds used to detect you)
iam__detect_honeytokens

Previousdsnap Nexts3-account-search

Last updated 1 year ago

Was this helpful?