Skip to content

@0xdabbad00 0xdabbad00 released this Jul 30, 2019 · 26 commits to master since this release

Adds ability to find_admins to look for arbitrary privileges. For example, to find users and roles that can list what S3 buckets exist in an account or list the contents of S3 buckets use:

python find_admins --account test --privs s3:ListAllMyBuckets,s3:ListBucket

Also adds a json output flag --json. This is not too useful now, one day I'd like to include extra info, such as which of the actions have been granted and what policies granted it.

Also adds a flag --include_restricted to include principals that have one of the privileges, but with a resource other than * or a condition set. The default is not to show principals with these restrictions. IAM policies are complicated so both techniques potentially have false positives based on your interests. For example, if iam:* is only allowed when MFA is enabled, an IAM user with this policy would not show up by default, but would if --include_restricted was passed.

Assets 2
You can’t perform that action at this time.