Pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Introduction

With the continued proliferation of Amazon Web Services (AWS), companies are continuing to move their technical assets to the cloud. With this paradigm shift comes new security challenges for both Sysadmin and DevOps teams. These aren’t just problems for the security-unaware, either. Even large enterprises – such as GoDaddy and Uber – have had major breaches from AWS configuration flaws.

This is where an authenticated AWS penetration test can help. By simulating a breach and providing an attacker with a set of ‘compromised’ AWS keys, the range of AWS services can fully vetted.

Several tools exist to aid in the scanning of AWS vulnerabilities, but focus on compliance requirements, rather than exploit potential. The offensive security community has a glaring need for a tool that provides a structured, comprehensive approach to pentesting AWS.

Meet Pacu – The AWS Exploitation Framework.

Installation and Running

> git clone https://github.com/RhinoSecurityLabs/pacu
> cd pacu
> bash install.sh
> python3 pacu.py

OR

> sudo apt install pacu
# Running pacu
> python3 pacu.py

Basic Commands

list/ls                             List all modules
search [cat[egory]] <search term>   Search the list of available modules by name or category
help                                Display this page of information
help <module name>                  Display information about a module
whoami                              Display information regarding to the active access keys
data                                Display all data that is stored in this session.
data <service>|proxy                Display all data for a specified service
services                            Display a list of services that have collected data
regions                             Display a list of all valid AWS regions
update_regions                      Run a script to update the regions database
set_regions <region> [<region>...]  Set the default regions for this session.
run/exec <module name>              Execute a module
set_keys                            Add a set of AWS keys to the session
swap_keys                           Change the currently active AWS key to another key
exit/quit                           Exit Pacu

REFERENCES

PreviousAWS CLINextProwler

Last updated

Was this helpful?