Rennie deGraaf
Rennie deGraaf
In ScoutSuite 5.11.0, the rule "Managed Policy Allows All Actions" matches the AWS-managed policy "arn:aws:iam::aws:policy/AdministratorAccess". Of course that policy allows all actions, that's its whole point. And since it's an...
ScoutSuite 5.11.0 contains a six of checks for SNS Topics that have resources policies permitting access to all AWS principals. Five of the checks correspond to SNS API actions that...
Version 5.11 added some new capabilities to ScoutSuite but the minimal policy provided at https://github.com/nccgroup/ScoutSuite/wiki/AWS-Minimal-Privileges-Policy has not been updated to give permission for those checks. The following need to be...
I wrote a script to take a list of balances from Fidelity and reconcile the corresponding accounts in Gnucash. There are a few hundred accounts and a few thousand transactions....
**Describe the bug** PMapper takes excessive time to process data pulled from some accounts with many resources. This implies that it's using a very inefficient algorithm at some point. For...
**Describe the bug** AWS has deprecated a few of its more broken AWS-managed Policies, including `arn:aws:iam::aws:policy/AWSCodePipelineFullAccess`. When I try to scan an account containing a principal with this Policy attached,...
**Describe the bug** If pmapper decides that it needs credentials but cannot find any, it dumps a stack trace. **To Reproduce** 1. Make sure that no AWS credentials are present...
**Describe the bug** If a user attempts to re-use pre-gathered data from a custom storage location but gives an incorrect path, the application dumps a stack trace. **To Reproduce** Steps...
**Is your feature request related to a problem? Please describe.** Each AWS Lambda function is configured to use a specific runtime environment. AWS occasionally deprecates these runtime environments as old...
**Is your feature request related to a problem? Please describe.** AWS S3 accesses can be logged using either an S3-native mechanism that writes directly to a separate S3 Bucket, or...