Scan publicly accessible assets on your AWS cloud environment

Related tags

Security related resourcesporo
Overview

poro

Poro art

Description

Scan for publicly accessible assets on your AWS environment Services covered by this tool:

  • AWS ELB
  • API Gateway
  • S3 Buckets
  • RDS Databases
  • EC2 instances
  • Redshift Databases

Prequisites

  • AWS account with Read Only Access to services listed above.
  • Python 3.X
  • Boto3 > 1.2X
  • Botocore > 1.2X
  • Requests > 2.2X

How to use

  • Clone this repository
  • Configure your envionment with active credentials -> aws configure
  • Run python poro.py Poro will print all exception raised when querying AWS APIs, the scanning result will be printed at the end of the output. Example of Poro output:
o ||    o ||
  _||    __||     
 ||     \\       Let the hunt begin.
_||  _)  \\  _) 


°° Searching for public buckets °°
Unexpected error whith bucket XXX: NoSuchBucketPolicy

°° Searching for exposed APIs °°

°° Searching for internet facing EC2 °°
Unexpected error when scanning ec2 in the region af-south-1: AWS was not able to validate the provided access credentials
Unexpected error when scanning ec2 in the region ap-east-1: AWS was not able to validate the provided access credentials

°° Searching for exposed ELBs °°

°° Searching for public RDS DB °°
Unexpected error when scanning RDS in the region af-south-1: The security token included in the request is invalid.

°° Searching for exposed redshift clusters °°
Unexpected error when scanning Redshift in the region af-south-1: The security token included in the request is invalid.
Unexpected error when scanning Redshift in the region ap-east-1: The security token included in the request is invalid.

Hunting results:
======================================================
================= Public Buckets =====================
1: Bucket name: XXX -> Public Policy

======================================================
================== Exposed APIs ======================
No public APIs

======================================================
================ Internet facing EC2 =================
No internet facing EC2s

======================================================
==================== Exposed ELB =====================
1: ELB ARN: arn:aws:elasticloadbalancing:us-west-2:XXX:XXX/XXX/XXX/XXX -> DNS: XXX.us-west-2.elb.amazonaws.com -> attached security groups:
------------- sg-XXX

======================================================
=================== Public RDS DB ====================
No public RDS DBs

======================================================
============= Public Redshift clusters ===============
No public Redshift clusters
Owner
9rnt
Cloud and emerging technologies
9rnt
GitHub Repository
This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit re

22 Nov 09, 2022
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __

idna 352 Jan 02, 2023
A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Automator-Terminator A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) w

25 Oct 10, 2022
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

Anish Athalye 838 Dec 18, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

Inspektur Cari informasi mengenai email dan nomor telepon dengan mudah. Inspektur adalah aplikasi OSINT yang berguna untuk mencari informasi berdasark

Bagas Wastu 36 Dec 04, 2022
A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Şefik Efe 2 Oct 29, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 09, 2022
A signature parser for hikari's command handler tanjun.

tanchi A signature parser for hikari's command handler tanjun. Finally be able to define your commands without those bloody decorator chains! Example

sadru 11 Nov 17, 2022
orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

Urminder Singh 34 Nov 21, 2022
Polkit - Local Privilege Escalation (CVE-2021-3560)

CVE-2021-3560 Polkit - Local Privilege Escalation Original discovery by kevin_backhouse from GitHub Security Lab References https://github.blog/2021-0

Salman Asad 1 Nov 12, 2021
👑 Discovery Header DoD Bug-Bounty

👑 Discovery Header DoD Bug-Bounty Did you know that DoD accepts server headers? 😲 (example: apache"version" , php"version") ? In this code it is pos

KingOfTips 38 Aug 09, 2022
'Our Drowsinessdetector detects drivers eyes if they are closed for more than 2 seconds and alerts driver'

Data analysis Document here the project: DriverDrowsinessDetector Description: Project Description Data Source: Type of analysis: Please document the

3 Jul 03, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
A fast tool to scan prototype pollution vulnerability

proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

Muhammed Mahdi 4 Aug 31, 2021
CVE-log4j CheckMK plugin

CVE-2021-44228-log4j discovery (Download the MKP package) This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this

4 Jan 08, 2022
Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr 64bit2key.py

Stefan Marsiske 15 Nov 26, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022