From 9a4644dc0fef2e72e1ad0c2929ef5dd975835ccf Mon Sep 17 00:00:00 2001 From: searabbit <46087838+searabbitx@users.noreply.github.com> Date: Thu, 30 Oct 2025 08:46:18 +0100 Subject: [PATCH 1/2] Add rds cluster snapshots enumeration commands to aws-rds-unauthenticated-enum --- .../aws-rds-unauthenticated-enum/README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md index 53d9a6a41..0767e92c5 100644 --- a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md +++ b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md @@ -34,6 +34,21 @@ aws rds describe-db-snapshots --snapshot-type public [--region us-west-2] ## snapshots from other accounts used by the current account ``` +## Public RDS Cluster Snapshots + +Similarly, you can look for cluster snapshots + +```bash +# Public RDS cluster snapshots +aws rds describe-db-cluster-snapshots --include-public + +## Search by account ID +aws rds describe-db-cluster-snapshots --include-public --query 'DBClusterSnapshots[?contains(DBClusterSnapshotIdentifier, `284546856933:`) == `true`]' + +# From the own account you can check if there is any public cluster snapshot with: +aws rds describe-db-cluster-snapshots --snapshot-type public [--region us-west-2] +``` + ### Public URL template ``` From 9ae10ba9d7b13fc9a0d953fdb0d0cade8e371ef4 Mon Sep 17 00:00:00 2001 From: searabbit <46087838+searabbitx@users.noreply.github.com> Date: Thu, 30 Oct 2025 08:52:49 +0100 Subject: [PATCH 2/2] Add db cluster enumeration commands to aws-relational-database-rds-enum --- .../aws-services/aws-relational-database-rds-enum.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md b/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md index 4d45444cd..837e1b3d5 100644 --- a/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md +++ b/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md @@ -81,6 +81,10 @@ aws rds describe-db-cluster-backtracks --db-cluster-identifier ## Cluster snapshots aws rds describe-db-cluster-snapshots +aws rds describe-db-cluster-snapshots --include-public --snapshot-type public + +## Restore cluster snapshot as new instance +aws rds restore-db-instance-from-db-snapshot --db-cluster-identifier --snapshot-identifier # Get DB instances info aws rds describe-db-instances #username, url, port, vpc, SG, is public? @@ -92,6 +96,7 @@ aws rds describe-db-instance-automated-backups ## Find snapshots aws rds describe-db-snapshots aws rds describe-db-snapshots --include-public --snapshot-type public + ## Restore snapshot as new instance aws rds restore-db-instance-from-db-snapshot --db-instance-identifier --db-snapshot-identifier --availability-zone us-west-2a