Amazon Security Scanner - Scan a EC2 Instance for potential AWS related attack surfaces
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes
.gitignore
LICENSE
README.md
ass.py

README.md

Supported Python versions

AmazonSecurityScanner

AmazonSecurityScanner (ASS) is a script to scan a EC2 instance for potential AWS related attack surfaces. While AmazonSecurityScanner is nowhere near completion it is in a state where you can utilize it for rapid post exploitation reconnaissance on a compromised EC2 instance.

Current security checks

  • AWS Access Keys on instance
  • IAM Roles assigned to the instance
  • User data associated with the instance
  • Information related peering with the instance VPC
  • VPC CIDR Ranges

Possible Attacks

  • Theft of AWS Access Keys leading to user account compromise
  • IAM Role impersonation leading to unauthorized resource access
  • Theft of sensitive user data
  • Social engineering to establish a cross account peering with target VPCs
  • Enumeration of network segments connected to the instance

Usage

ass.py [-h] [-c] [-i] [-u] [-p] [-v]

  Amazon Security Scanner (ASS)
  by DarkRed
  Scan an EC2 Instance for potential AWS related attack surfaces
  Ver: 1.0 - 10/19/2017

optional arguments:
-h, --help Show this help message and exit
-c, --credentialscan Only attempt to scan home directories for AWS Access Keys
-i, --iamrole Only attempt to detect IAM Roles associated with the instance
-u, --userdata Only attempt to detect user data associated with the instance
-p, --peering Identify the information required to submit a peering request with the instance
-v, --vpcsubnets Identify the VPC subnet masks associated with the interfaces on the instance