Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/cloud/aws/enum_iam.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'aws-sdk-iam'
7
8
class MetasploitModule < Msf::Auxiliary
9
def initialize(info = {})
10
super(
11
update_info(
12
info,
13
'Name' => 'Amazon Web Services IAM credential enumeration',
14
'Description' => %q{
15
Provided AWS credentials, this module will call the authenticated
16
API of Amazon Web Services to list all IAM credentials associated
17
with the account
18
},
19
'Author' => ['Aaron Soto <[email protected]>'],
20
'License' => MSF_LICENSE,
21
'Notes' => {
22
'Stability' => [CRASH_SAFE],
23
'SideEffects' => [IOC_IN_LOGS],
24
'Reliability' => []
25
}
26
)
27
)
28
29
register_options(
30
[
31
OptString.new('ACCESS_KEY_ID', [true, 'AWS Access Key ID (eg. "AKIAXXXXXXXXXXXXXXXX")', '']),
32
OptString.new('SECRET_ACCESS_KEY', [true, 'AWS Secret Access Key (eg. "CA1+XXXXXXXXXXXXXXXXXXXXXX6aYDHHCBuLuV79")', ''])
33
]
34
)
35
end
36
37
def handle_aws_errors(error)
38
if error.class.module_parents.include?(Aws)
39
fail_with(Failure::UnexpectedReply, error.message)
40
else
41
raise error
42
end
43
end
44
45
def describe_iam_users(user)
46
print_good " User Name: #{user.user_name}"
47
print_good " User ID: #{user.user_id}"
48
print_good " Creation Date: #{user.create_date}"
49
print_good " Tags: #{user.tags}"
50
print_good " Groups: #{user.group_list}"
51
print_good " SSH Pub Keys: #{@iam.list_ssh_public_keys(user_name: user.user_name).ssh_public_keys}"
52
53
policies = user.attached_managed_policies
54
if policies.empty?
55
print_good ' Policies: []'
56
else
57
print_good " Policies: #{policies[0].policy_name}"
58
policies[1..policies.length].each do |p|
59
print_good " #{p.policy_name}"
60
end
61
end
62
63
certs = @iam.list_signing_certificates(user_name: user.user_name).certificates
64
if certs.empty?
65
print_good ' Signing certs: []'
66
else
67
print_good " Signing certs: #{certs[0].certificate_id} (#{certs[0].status})"
68
certs[1..certs.length].each do |c|
69
print_good " #{c.certificate_id} (#{c.status})"
70
end
71
end
72
73
@users.each do |u|
74
if u.user_name == user.user_name
75
print_good " Password Used: #{u.password_last_used || '(Never)'}"
76
end
77
end
78
79
keys = @iam.list_access_keys(user_name: user.user_name).access_key_metadata
80
if keys.empty?
81
print_good ' AWS Access Keys: []'
82
else
83
print_good " AWS Access Keys: #{keys[0].access_key_id} (#{keys[0].status})"
84
keys[1..keys.length].each do |k|
85
print_good " #{k.access_key_id} (#{k.status})"
86
end
87
end
88
89
begin
90
console_login = @iam.get_login_profile(user_name: user.user_name).empty? ? 'Disabled' : 'Enabled'
91
print_good " Console login: #{console_login}"
92
rescue Aws::IAM::Errors::NoSuchEntity
93
print_good ' Console login: Disabled'
94
end
95
96
mfa = @iam.list_mfa_devices(user_name: user.user_name).mfa_devices
97
mfa_enabled = mfa.empty? ? 'Disabled' : "Enabled on #{mfa[0].enable_date}"
98
print_good " Two-factor auth: #{mfa_enabled}"
99
100
print_status ''
101
end
102
103
def run
104
@iam = Aws::IAM::Client.new(
105
region: 'us-west-1', # This is meaningless, but required. Thanks AWS.
106
access_key_id: datastore['ACCESS_KEY_ID'],
107
secret_access_key: datastore['SECRET_ACCESS_KEY']
108
)
109
110
@users = @iam.list_users.users
111
creds = @iam.get_account_authorization_details
112
113
users = creds.user_detail_list
114
if users.empty?
115
print_status 'No users found.'
116
return
117
end
118
119
print_good "Found #{users.count} users."
120
users.each do |user|
121
describe_iam_users(user)
122
end
123
rescue StandardError => e
124
handle_aws_errors(e)
125
end
126
end
127
128