pacu
pacu copied to clipboard
RhinoSecurityLabs
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Certain modules, such as iam__enum_roles, attempt actions that will be logged by the target account(s) without first prompting the Pacu user, such as attempting to assume all enumerated roles cross-account....
These lists are missing many common items. For instance, the roles list is missing many common role names for third-party integration roles. Using the AWS official repos, github dorks and...
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.16 to 1.26.18. Release notes Sourced from urllib3's releases. 1.26.18 Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other"...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 41.0.6. Changelog Sourced from cryptography's changelog. 41.0.6 - 2023-11-27 * Fixed a null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle....
I'm having trouble setting a custom endpoint for Pacu using `import_keys`. Although `Pacu > aws s3 --endpoint= ls` works, the import_keys with credential profile method isn't cooperating.
Thinking the secrets finder utility should dump the secrets it finds to a file somewhere, otherwise the output can just be lost in stdout.
Pacu, being a comprehensive AWS exploitation framework, requires various permissions depending on the specific modules and features you intend to use. Here's a more exhaustive list of permissions that might...
I'm running iam__privesc_scan After few attempts with different methods, the module tries 'CodeStarCreateProjectFromTemplate' method and exits with the following message in the output: ``` ... [iam__privesc_scan] Method failed. Trying next...
When running 'iam__bruteforce_permissions' module, the execution freezes for a while on 'Trying list_directory_buckets' task and then I get `Could not connect to the endpoint URL: "https://s3express-control.us-west-1.amazonaws.com/"` Looks like it's checking...
Metadata
Owner
Metadata
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.