Scan publicly accessible assets on your AWS cloud environment

Related tags

Security related resourcesporo
Overview

poro

Poro art

Description

Scan for publicly accessible assets on your AWS environment Services covered by this tool:

  • AWS ELB
  • API Gateway
  • S3 Buckets
  • RDS Databases
  • EC2 instances
  • Redshift Databases

Prequisites

  • AWS account with Read Only Access to services listed above.
  • Python 3.X
  • Boto3 > 1.2X
  • Botocore > 1.2X
  • Requests > 2.2X

How to use

  • Clone this repository
  • Configure your envionment with active credentials -> aws configure
  • Run python poro.py Poro will print all exception raised when querying AWS APIs, the scanning result will be printed at the end of the output. Example of Poro output:
o ||    o ||
  _||    __||     
 ||     \\       Let the hunt begin.
_||  _)  \\  _) 


°° Searching for public buckets °°
Unexpected error whith bucket XXX: NoSuchBucketPolicy

°° Searching for exposed APIs °°

°° Searching for internet facing EC2 °°
Unexpected error when scanning ec2 in the region af-south-1: AWS was not able to validate the provided access credentials
Unexpected error when scanning ec2 in the region ap-east-1: AWS was not able to validate the provided access credentials

°° Searching for exposed ELBs °°

°° Searching for public RDS DB °°
Unexpected error when scanning RDS in the region af-south-1: The security token included in the request is invalid.

°° Searching for exposed redshift clusters °°
Unexpected error when scanning Redshift in the region af-south-1: The security token included in the request is invalid.
Unexpected error when scanning Redshift in the region ap-east-1: The security token included in the request is invalid.

Hunting results:
======================================================
================= Public Buckets =====================
1: Bucket name: XXX -> Public Policy

======================================================
================== Exposed APIs ======================
No public APIs

======================================================
================ Internet facing EC2 =================
No internet facing EC2s

======================================================
==================== Exposed ELB =====================
1: ELB ARN: arn:aws:elasticloadbalancing:us-west-2:XXX:XXX/XXX/XXX/XXX -> DNS: XXX.us-west-2.elb.amazonaws.com -> attached security groups:
------------- sg-XXX

======================================================
=================== Public RDS DB ====================
No public RDS DBs

======================================================
============= Public Redshift clusters ===============
No public Redshift clusters
Owner
9rnt
Cloud and emerging technologies
9rnt
GitHub Repository
A Safer PoC for CVE-2022-22965 (Spring4Shell)

Safer_PoC_CVE-2022-22965 A Safer PoC for CVE-2022-22965 (Spring4Shell) Functionality Creates a file called CVE_2022-22965_exploited.txt in the tomcat

Colin Cowie 46 Nov 12, 2022
Course: Information Security with Python

Curso: Segurança da Informação com Python Curso realizado atravès da Plataforma da Digital Innovation One Prof: Bruno Dias Conteúdo: Introdução aos co

Elizeu Barbosa Abreu 1 Nov 28, 2021
CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

Aryan 10 Sep 25, 2022
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Nirmal Dahal 10 Oct 15, 2022
Convert a collection of features to a fixed-dimensional matrix using the hashing trick.

FeatureHasher Convert a collection of features to a fixed-dimensional matrix using the hashing trick. Note, this requires Jina=2.2.4. Example Here I

Jina AI 5 Mar 15, 2022
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS

Enox 47 Nov 09, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

86 Dec 09, 2022
Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Axel Souchet 220 Dec 14, 2022
This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks. The goal is to successfully use this notebook project below with Security Onion for beacon detection

4 Jun 08, 2022
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

log4shell_finder Python port of https://github.com/mergebase/log4j-detector log4j-detector is copyright (c) 2021 - MergeBase Software Inc. https://mer

Hynek Petrak 33 Jan 04, 2023
Malware arcane - Scripts and notes on my malware analysis journey

Malware Arcane Repository of notes and scripts I use when doing malware analysis

9 Jun 01, 2022
Seamless deployment and management of cybersecurity solutions 🏗️

Description 🖼️ Background 👴🏼 Vision 📜 Concepts 💬 Solutions' Lifecycle. Operations ⭕ Functionalities 🚀 Supported Cybersecurity Solutions 📦 Insta

MutableSecurity 36 Nov 10, 2022
Dark-Fb No Login 100% safe

Dark-Fb No Login 100% safe TERMUX • pkg install python2 && git -y • pip2 install requests mechanize tqdm • git clone https://github.com/BOT-033/Sensei

Bukan Hamkel 1 Dec 04, 2021
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022
RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

RedDrop Exfil Server Check out the accompanying MaverisLabs Blog Post Here! RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers,

53 Nov 01, 2022
Malware-analysis-writeups - Some of my Malware Analysis writeups

About This repo contains some malware analysis writeups i've created over time m

Itay Migdal 14 Jun 22, 2022
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

77 Jan 03, 2023