Skip to content

nikhil1232/IAM-Flaws

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

images

images

 
 

README.md

README.md

 
 

iam-cis-benchmark.sh

iam-cis-benchmark.sh

 
 

iam-enumerate.sh

iam-enumerate.sh

 
 

iam-flaws.sh

iam-flaws.sh

 
 

iam-privesc.sh

iam-privesc.sh

 
 

policy.json

policy.json

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

IAM-Flaws

AWS IAM Security Toolkit: CIS Benchmarks | Enumeration | Privilege Escalation

A simple bash script that me along with my friend Shivram Amirtha have built that checks for misconfigurations in User and Group Policy Permissions in order to escalate privileges in AWS IAM along with some additional features like CIS Benchmark checks and IAM Enumeration.

Image of IAM-Flaws

It is recommended to go through this Blog before proceeding:
https://theblocksec.com/2020/04/14/iam-flaws-exploiting-user-and-group-policies-in-aws-iam/

As of now, the script supports the following activities:

  • All CIS Benchmark checks related to AWS IAM Image of IAM-Cis-Benchmark Checks

  • AWS IAM Enumeration of Users, Groups, Policies and Permissions Image of IAM-Enumerate

  • Privilege Escalation Scanning Image of IAM-Cis-Privesc Scanning

  • Privilege Escalation Exploitation Image of IAM-Cis-Privesc Exploitation

Requirements

git clone https://github.com/nikhil1232/IAM-Flaws/
cd IAM-Flaws
pip install -r requirements.txt
apt-get install jq

Once awscli is installed, you need to configure it using the aws configure by providing the access and the secret key of the IAM user.

Now coming to permissions, there are a few permissions that needs to be set for a user in order for our enumeration script to work properly and for an effective and complete enumeration. Below is listed a few permissions that is recommended to be set for a user before proceeding with our script.

“iam:GetUser”

“iam:ListUsers”

“iam:ListGroupsForUser”

“iam:ListGroupPolicies”

“iam:GetGroupPolicy”

“iam:ListAttachedGroupPolicies”

“iam:GetPolicy”

“iam:GetPolicyVersion”

“iam:ListUserPolicies”

“iam:GetUserPolicy”

“iam:ListAttachedUserPolicies”

These permissions could be set either through the awscli or directly through the console, however if you don’t provide these permissions, the script will try to enumerate as much as possible based on the permission a certain user has.

Usage

bash iam-flaws.sh

There are 3 different modules/scripts for benchmark checks, enumeration and privilege escalation respectively and all the 3 of them could be run independently, however it is highly recommended to use iam-flaws.sh directly which is kind of a central script through which you could select any of the module and it would also help in storing your output to a file.

Thanks

Thanks to Rhino Security Lab for this amazing list of 21 privilege escalation methods.
https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

About

AWS IAM Security Toolkit: CIS Benchmarks | Enumeration | Privilege Escalation

Topics

bash aws automation iam aws-iam aws-security privilege-escalation bash-scripting cloud-security cis-benchmark aws-audit cloud-auditing misconfigurations

Resources

Readme
Activity

Stars

14 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages