Kali Linux

AWS-Loot : Pull Secrets From An AWS Environment

AWS-Loot tool allows quick enumeration over large sets of AWS instances and services.

Install

pip install -r requirements.txt

An AWS credential file (.aws/credentials) is required for authentication to the target environment

  • Access Key
  • Access Key Secret

How it works

Awsloot works by going through EC2, Lambda, CodeBuilder instances and searching for high entropy strings. The EC2 Looter works by querying all available instance ID’s in all regions and requesting instance’s USERDATA where often developers leave secrets. The Lambda looter operates across regions as well. Lambada looter can search all available versions of a found function. It starts by searching the functions environment variables then downloads the source code and scans the source for secrets. The Codebuilder Looter works by searching for build instances and searching those builds for environment variables that might contain secrets.

Usage

Python3 awsloot.py

Next Features

  • Allow users to specify an ARN to scan
  • Looter for additional services
R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

3 days ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

3 days ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

3 days ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

4 days ago