## Enumerate IAM permissions
Found a set of AWS credentials and have no idea which permissions it might have?
```console
$ ./enumerate-iam.py --access-key AKIA... --secret-key StF0q...
2019-05-10 15:57:58,447 - 21345 - [INFO] Starting permission enumeration for access-key-id "AKIA..."
2019-05-10 15:58:01,532 - 21345 - [INFO] Run for the hills, get_account_authorization_details worked!
2019-05-10 15:58:01,537 - 21345 - [INFO] -- {
"RoleDetailList": [
{
"Tags": [],
"AssumeRolePolicyDocument": {
"Version": "2008-10-17",
"Statement": [
{
...
2019-05-10 15:58:26,709 - 21345 - [INFO] -- gamelift.list_builds() worked!
2019-05-10 15:58:26,850 - 21345 - [INFO] -- cloudformation.list_stack_sets() worked!
2019-05-10 15:58:26,982 - 21345 - [INFO] -- directconnect.describe_locations() worked!
2019-05-10 15:58:27,021 - 21345 - [INFO] -- gamelift.describe_matchmaking_rule_sets() worked!
2019-05-10 15:58:27,311 - 21345 - [INFO] -- sqs.list_queues() worked!
```
Now you do!
`enumerate-iam.py` tries to brute force all API calls allowed by the IAM policy.
The calls performed by this tool are all non-destructive (only get* and list*
calls are performed).
## Installation
```
git clone git@github.com:andresriancho/enumerate-iam.git
cd enumerate-iam/
pip install -r requirements.txt
```
## Library
This software was written to be easy to integrate with other tools, just import
the main function and provide the required arguments:
```python
from enumerate_iam.main import enumerate_iam
enumerate_iam(access_key,
secret_key,
session_token,
region)
```
The output will contain all the enumerated permission information in a python
dictionary.
## Other tools
Before writing `enumerate-iam.py` I tried a few that performed the same task.
Decided to write my own because the others:
* Did not check for all API calls
* Where painfully slow when adding more API calls to the list
* Did not return the permissions in a programmatic way
## Updating the API calls
The API calls to be performed during permission enumeration are stored in
`enumerate_iam/bruteforce_tests.py`, a Python dict() which is generated by
`enumerate_iam/generate_bruteforce_tests.py` using the API documentation
available in the `aws-sdk-js` library.
AWS releases new services every quarter, to make sure that this tool is
finding all the existing permissions run:
```console
cd enumerate_iam/
git clone https://github.com/aws/aws-sdk-js.git
python generate_bruteforce_tests.py
rm -rf aws-sdk-js
```
## Related tools
This tool was released as part of the [Internet-Scale Analysis of AWS Cognito Security](https://www.blackhat.com/us-19/briefings/schedule/?hootPostID=4abc475398765919352042ac015752e6#internet-scale-analysis-of-aws-cognito-security-15829)
research. During this research the [cc-lambda](https://github.com/andresriancho/cc-lambda) tool
was also used to extract information from the Common Crawl data.
## Initial code
The initial code was released in [this gist](https://gist.github.com/darkarnium/1df59865f503355ef30672168063da4e)
and improved in multiple ways:
* Complete refactoring
* Results returned in a programmatic way
* Threads
* Improved logging
* Increased API call coverage
* Export as a library
Raw data
{
"_id": null,
"home_page": "https://github.com/andresriancho/enumerate-iam",
"name": "enumerate-iam",
"maintainer": "",
"docs_url": null,
"requires_python": ">= 3.7",
"maintainer_email": "",
"keywords": "",
"author": "Amazon Web Services",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/62/62/44ed45444a75758348b66fbbf76bbae128edbe31191e4185484cfe82c6b7/enumerate-iam-1.0.2.tar.gz",
"platform": "any",
"description": "## Enumerate IAM permissions\n\nFound a set of AWS credentials and have no idea which permissions it might have?\n\n```console\n$ ./enumerate-iam.py --access-key AKIA... --secret-key StF0q...\n2019-05-10 15:57:58,447 - 21345 - [INFO] Starting permission enumeration for access-key-id \"AKIA...\"\n2019-05-10 15:58:01,532 - 21345 - [INFO] Run for the hills, get_account_authorization_details worked!\n2019-05-10 15:58:01,537 - 21345 - [INFO] -- {\n \"RoleDetailList\": [\n {\n \"Tags\": [], \n \"AssumeRolePolicyDocument\": {\n \"Version\": \"2008-10-17\", \n \"Statement\": [\n {\n...\n2019-05-10 15:58:26,709 - 21345 - [INFO] -- gamelift.list_builds() worked!\n2019-05-10 15:58:26,850 - 21345 - [INFO] -- cloudformation.list_stack_sets() worked!\n2019-05-10 15:58:26,982 - 21345 - [INFO] -- directconnect.describe_locations() worked!\n2019-05-10 15:58:27,021 - 21345 - [INFO] -- gamelift.describe_matchmaking_rule_sets() worked!\n2019-05-10 15:58:27,311 - 21345 - [INFO] -- sqs.list_queues() worked!\n```\n\nNow you do!\n\n`enumerate-iam.py` tries to brute force all API calls allowed by the IAM policy.\nThe calls performed by this tool are all non-destructive (only get* and list*\ncalls are performed).\n\n## Installation\n\n```\ngit clone git@github.com:andresriancho/enumerate-iam.git\ncd enumerate-iam/\npip install -r requirements.txt\n```\n\n## Library\n\nThis software was written to be easy to integrate with other tools, just import\nthe main function and provide the required arguments:\n\n```python\nfrom enumerate_iam.main import enumerate_iam\n\nenumerate_iam(access_key,\n secret_key,\n session_token,\n region)\n```\n\nThe output will contain all the enumerated permission information in a python\ndictionary.\n\n## Other tools\n\nBefore writing `enumerate-iam.py` I tried a few that performed the same task.\nDecided to write my own because the others:\n\n * Did not check for all API calls\n * Where painfully slow when adding more API calls to the list\n * Did not return the permissions in a programmatic way\n\n## Updating the API calls\n\nThe API calls to be performed during permission enumeration are stored in\n`enumerate_iam/bruteforce_tests.py`, a Python dict() which is generated by\n`enumerate_iam/generate_bruteforce_tests.py` using the API documentation\navailable in the `aws-sdk-js` library. \n\nAWS releases new services every quarter, to make sure that this tool is\nfinding all the existing permissions run:\n\n```console\ncd enumerate_iam/\ngit clone https://github.com/aws/aws-sdk-js.git\npython generate_bruteforce_tests.py\nrm -rf aws-sdk-js\n```\n\n## Related tools\n\nThis tool was released as part of the [Internet-Scale Analysis of AWS Cognito Security](https://www.blackhat.com/us-19/briefings/schedule/?hootPostID=4abc475398765919352042ac015752e6#internet-scale-analysis-of-aws-cognito-security-15829)\nresearch. During this research the [cc-lambda](https://github.com/andresriancho/cc-lambda) tool\nwas also used to extract information from the Common Crawl data.\n\n## Initial code\n\nThe initial code was released in [this gist](https://gist.github.com/darkarnium/1df59865f503355ef30672168063da4e)\nand improved in multiple ways:\n\n * Complete refactoring\n * Results returned in a programmatic way\n * Threads\n * Improved logging\n * Increased API call coverage\n * Export as a library\n",
"bugtrack_url": null,
"license": "Apache License 2.0",
"summary": "The AWS Enumerate IAM permissions",
"version": "1.0.2",
"project_urls": {
"Homepage": "https://github.com/andresriancho/enumerate-iam"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "626244ed45444a75758348b66fbbf76bbae128edbe31191e4185484cfe82c6b7",
"md5": "1ddad14ae903e593a79fc63467262b21",
"sha256": "355154e057d5005a070f84aedb6460bf195dc50d0686a296ee3a391c481d7217"
},
"downloads": -1,
"filename": "enumerate-iam-1.0.2.tar.gz",
"has_sig": false,
"md5_digest": "1ddad14ae903e593a79fc63467262b21",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">= 3.7",
"size": 27868,
"upload_time": "2023-09-12T12:25:40",
"upload_time_iso_8601": "2023-09-12T12:25:40.491045Z",
"url": "https://files.pythonhosted.org/packages/62/62/44ed45444a75758348b66fbbf76bbae128edbe31191e4185484cfe82c6b7/enumerate-iam-1.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-12 12:25:40",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "andresriancho",
"github_project": "enumerate-iam",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "enumerate-iam"
}
JSON
