AWeSomeUserFinder : Harnessing AWS IAM For Username Enumeration And Password Security

AWS IAM Username Enumerator and Password Spraying Tool in Python3

In order to use the tool with the UpdateAssumeRolePolicy method, the IAM user account utilized must have the following permissions attached:

• “iam:GetRole”
• “iam:CreatePolicy”
• “iam:UpdateAssumeRolePolicy”
• “iam:CreateRole”
• “iam:AttachRolePolicy”

An example policy is included in the files named “example_assume_role_policy.json” in the example_policies directory.

Additionally, an AWS access key and AWS secret key are required. See this link for information on obtaining.

Finally, a role is needed with an attached policy granting “UpdateAssumeRolePolicy,” which also has a TrustedEntity Deny all rule for AssumeRole permissions.

This can be somewhat convoluted, so there is an additional script included with the tool called, “updateassumerolepolicygenerator.py.” Using an access key and secret key, along with the required permissions noted above, the correct policy and role will be generated automatically and be usable until it is manually removed.

Both the new policy and role will be named “user_enumeration_policy.”

S3 Bucket Method

In order to use the tool with the S3 bucket method, you will need to create a new, general-purpose S3 bucket.

Set “Block All Public Access” to the bucket. Next, a new policy needs to be added to the AWS account and attached to the IAM user of choice. The policy must have the following permissions attached to the user:

• “s3:PutBucketPolicy”
• “s3:GetBucketPolicy”
• ARN referenced to the S3 bucket created earlier.

An example policy is included in the files named “example_s3_policy” in the example_policies directory.

For more information click here.