Pacu

Offensive security tool for exploiting configuration flaws in AWS

Installation
Up-to-date steps can be found on RhinoSecurityLab's GitHub​
Setup
Pacu leverages IAM access keys stored in the default location, ~/.aws/credentials
# configure user credentials in pacu, specify specific profile or all creds in file
set_keys <awsProfile> | --all
​
# import current user's permissions (run this anytime permissions change)
run iam__enum_permissions
​
# validate user's permissions
whoami
Modules
Backdoor
Pacu can help give you backdoor access (i.e., another access method)
# add user to an IAM Role (requires ability to edit the role's trust policy)
run iam__backdoor_assume_role
Privilege Escalation
Pacu can perform 20+ privilege escalation checks
run iam__privesc_scan
Enumeration
# checks if credentials are known canary tokens (i.e., fake creds used to detect you)
iam__detect_honeytokens

Cloud Security - Previous

Tools

Next - Containers & Orchestration

Kubernetes

Last modified 30d ago