Skip to content
#

offensiveterraform

Here are 8 public repositories matching this topic...

Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".

  • Updated Sep 18, 2020
  • HCL
terraform-aws-s3-subdomain-takeover

Offensive Terraform module which takes over a subdomain which has a CNAME record pointing to non-existing S3 bucket in target's Route53. The module creates a S3 bucket with a name as subdomain in the specific AWS region that CNAME record is pointing to. Also, it uploads a simple web page with "404 Page Not Found" text.

  • Updated Sep 18, 2020
  • HCL

Improve this page

Add a description, image, and links to the offensiveterraform topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the offensiveterraform topic, visit your repo's landing page and select "manage topics."

Learn more