PMapper
PMapper copied to clipboard
nccgroup
A tool for quickly evaluating IAM permissions in AWS.
First, thank you for the tool and what it offers so far. I really think that it has a great potential. Issue1: For testing purposes, I created a Role which...
Pulling in some lessons learned from the "iam-vulnerable" project: https://github.com/BishopFox/iam-vulnerable . TODO: 1. Apply the following Terraform files and verify the noted permission combinations lead to Edges. 1. https://github.com/BishopFox/iam-vulnerable/blob/main/modules/free-resources/privesc-paths/privesc18-PassExistingRoleToNewGlueDevEndpoint.tf 2....
**Describe the bug** Playing around with the SCP functionality, I noticed that when I make a change to an SCP at the org level, it does not get reflected in...
**Scenario:** Imagine someone has permissions to change their own group memberships? That affects the effective permissions of the nodes. **Solutions:** * Evaluate the `iam:*Group*` actions _while_ doing queries. Probably slow...
An idea for a preset query is to see which users can read their own permissions.
The ScoutSuite tool, when ran against AWS, pulls enough resource data from the account that it should be possible to construct a Graph in PMapper with it. This might save...
Glue Jobs are missed edges currently. The `glue:CreateJob` privilege can be used to create a new job with an associated role. Similarly the `glue:UpdateJob` privilege can be used to update...
Please note that there is a change to the collections module in Python 3.10. This fixes the modules for Python 3.10. It may however break older builds of python3, unsure...
**Describe the bug** PMapper takes excessive time to process data pulled from some accounts with many resources. This implies that it's using a very inefficient algorithm at some point. For...
When running the pmapper pip module or the locally installed build, the collections module fails to import. This is because the following two functions: `Mapping, MutableMapping` are now located in...