AWS IAM Username Enumerator and Password Spraying Tool in Python3
In order to use the tool with the UpdateAssumeRolePolicy method, the IAM user account utilized must have the following permissions attached:
An example policy is included in the files named “example_assume_role_policy.json” in the example_policies directory.
Additionally, an AWS access key and AWS secret key are required. See this link for information on obtaining.
Finally, a role is needed with an attached policy granting “UpdateAssumeRolePolicy,” which also has a TrustedEntity Deny all rule for AssumeRole permissions.
This can be somewhat convoluted, so there is an additional script included with the tool called, “updateassumerolepolicygenerator.py.” Using an access key and secret key, along with the required permissions noted above, the correct policy and role will be generated automatically and be usable until it is manually removed.
Both the new policy and role will be named “user_enumeration_policy.”
In order to use the tool with the S3 bucket method, you will need to create a new, general-purpose S3 bucket.
Set “Block All Public Access” to the bucket. Next, a new policy needs to be added to the AWS account and attached to the IAM user of choice. The policy must have the following permissions attached to the user:
An example policy is included in the files named “example_s3_policy” in the example_policies directory.
For more information click here.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…