PMapper
PMapper copied to clipboard
nccgroup
A tool for quickly evaluating IAM permissions in AWS.
What is the policy that can be used with PMapper that does not require the `ReadOnly` managed policy ? Similar tools with a minimal policy: - https://github.com/BishopFox/cloudfox/blob/main/misc/aws/cloudfox-policy.json - https://github.com/nccgroup/ScoutSuite/wiki/AWS-Minimal-Privileges-Policy -...
**Describe the bug** AWS has deprecated a few of its more broken AWS-managed Policies, including `arn:aws:iam::aws:policy/AWSCodePipelineFullAccess`. When I try to scan an account containing a principal with this Policy attached,...
**Describe the bug** PMapper throws an exception and exits when attempting to graph an AWS Account that contains an IAM identity that includes a Permission Boundary that has not other...
**Describe the bug** If pmapper decides that it needs credentials but cannot find any, it dumps a stack trace. **To Reproduce** 1. Make sure that no AWS credentials are present...
**Describe the bug** If a user attempts to re-use pre-gathered data from a custom storage location but gives an incorrect path, the application dumps a stack trace. **To Reproduce** Steps...
Stated to be fixed in #130 but still does not run in 3.11. **Describe the bug** File "/opt/homebrew/lib/python3.11/site-packages/principalmapper/util/case_insensitive_dict.py", line 34, in from collections import Mapping, MutableMapping, OrderedDict ImportError: cannot import...
**Describe the bug** gathering.py does not handle AccessDenied (e.g. iam:ListAccessKeys is explicitly denied). [Here](https://github.com/j0eblow/PMapper/commit/7795879e4f0d5ded5244d42b372b3c3d018e6fbe) is my quick fix for it (I ran black on it as well). **To Reproduce** Steps...
**Describe the bug** I believe this was supposed to be fixed in https://github.com/nccgroup/PMapper/pull/107 per https://github.com/nccgroup/PMapper/issues/106 but the issue still exists. When you attempt to run various commands, such as `pmapper...
**Question** I have a role with administrative privileges (let's call it privileged-role) and it has a permission boundary attached to it denying iam actions. However when I run the following...
