Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/cloud/aws/enum_iam.rb
Views: 11655
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'aws-sdk-iam'67class MetasploitModule < Msf::Auxiliary8def initialize(info = {})9super(10update_info(11info,12'Name' => 'Amazon Web Services IAM credential enumeration',13'Description' => %q(14Provided AWS credentials, this module will call the authenticated15API of Amazon Web Services to list all IAM credentials associated16with the account17),18'Author' => ['Aaron Soto <[email protected]>'],19'License' => MSF_LICENSE20)21)2223register_options(24[25OptString.new('ACCESS_KEY_ID', [true, 'AWS Access Key ID (eg. "AKIAXXXXXXXXXXXXXXXX")', '']),26OptString.new('SECRET_ACCESS_KEY', [true, 'AWS Secret Access Key (eg. "CA1+XXXXXXXXXXXXXXXXXXXXXX6aYDHHCBuLuV79")', ''])27]28)29end3031def handle_aws_errors(e)32if e.class.module_parents.include?(Aws)33fail_with(Failure::UnexpectedReply, e.message)34else35raise e36end37end3839def describe_iam_users(i)40user = i.user_name4142print_good " User Name: #{user}"43print_good " User ID: #{i.user_id}"44print_good " Creation Date: #{i.create_date}"45print_good " Tags: #{i.tags}"46print_good " Groups: #{i.group_list}"47print_good " SSH Pub Keys: #{@iam.list_ssh_public_keys(user_name: user).ssh_public_keys}"4849policies = i.attached_managed_policies50if policies.empty?51print_good " Policies: []"52else53print_good " Policies: #{policies[0].policy_name}"54policies[1..policies.length].each do |p|55print_good " #{p.policy_name}"56end57end5859certs = @iam.list_signing_certificates(user_name: user).certificates60if certs.empty?61print_good " Signing certs: []"62else63print_good " Signing certs: #{certs[0].certificate_id} (#{certs[0].status})"64certs[1..certs.length].each do |c|65print_good " #{c.certificate_id} (#{c.status})"66end67end6869@users.each do |u|70if u.user_name == user71print_good " Password Used: #{u.password_last_used || '(Never)'}"72end73end7475keys = @iam.list_access_keys(user_name: user).access_key_metadata76if keys.empty?77print_good " AWS Access Keys: []"78else79print_good " AWS Access Keys: #{keys[0].access_key_id} (#{keys[0].status})"80keys[1..keys.length].each do |k|81print_good " #{k.access_key_id} (#{k.status})"82end83end8485begin86console_login = @iam.get_login_profile(user_name: user).empty? ? 'Disabled' : 'Enabled'87print_good " Console login: #{console_login}"88rescue Aws::IAM::Errors::NoSuchEntity89print_good " Console login: Disabled"90end9192mfa = @iam.list_mfa_devices(user_name: i.user_name).mfa_devices93mfa_enabled = mfa.empty? ? 'Disabled' : "Enabled on #{mfa[0].enable_date}"94print_good " Two-factor auth: #{mfa_enabled}"9596print_status ''97end9899def run100@iam = Aws::IAM::Client.new(101region: 'us-west-1', # This is meaningless, but required. Thanks AWS.102access_key_id: datastore['ACCESS_KEY_ID'],103secret_access_key: datastore['SECRET_ACCESS_KEY']104)105106@users = @iam.list_users.users107creds = @iam.get_account_authorization_details108109users = creds.user_detail_list110if users.empty?111print_status 'No users found.'112return113end114115print_good "Found #{users.count} users."116users.each do |i|117describe_iam_users(i)118end119rescue ::Exception => e120handle_aws_errors(e)121end122end123124125