PMapper
PMapper copied to clipboard
nccgroup
A tool for quickly evaluating IAM permissions in AWS.
**Describe the bug** Traceback when doing connected query for role that does not exist **To Reproduce** Steps to reproduce the behavior, please include information on suspected users/roles that are the...
**Question** The `principalmapper/querying/presetsprivesc.py can_privesc()` method only returns one edge_list (the first one that it finds). This makes sense if only checking if privileges can be escalated. However, it is also...
**Brief Description** IAM roles blocking access without MFA return incorrect results when calling `local_check_authorization_handling_mfa`. These roles also fail to appear in the output of `python ./pmapper.py --profile me query 'preset...
**Describe the bug** When running `pmapper --profile profile_name graph create`, I eventually get stuck at the `Stuck at Generating Edges based on lambda data` step. I think it's because my...
I created a local IAM user, with the following policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::000000000000:role/Admin-Role" } ] } The "Admin-Role" has...
v1.2.0
* Add Python 3.10 support * Added Glue edges * Added Data Pipeline edges * Added support for other partitions (`aws-us-gov`, `aws-cn`) * Fixed service-linked role checks * Dropped Python...
Feature idea: `pmapper graph delete` to allow folks to delete graphs off their disk. Same for `pmapper orgs delete`
**Question** When using the `principalmapper.querying.query_interface.search_authorization_full function` to check if a principal is able to use 'cognito-idp:DescribeUserPoolClient' on a specific resource, it will build a chain of edges that includes 'role/AWSServiceRoleForSupport'...
PMapper is not equipped to handle GovCloud or AWS China. Here's a list of work that needs to be done to add support: - [x] Change how we store info...
Hello, Do you have any plans to support AWS SSO? e.g. to be able to map back a specific AWS SSO-managed role (AWSSSOReserved_AdminAccess_xxxx) to a list of users assigned with...
