This tool lists all policies assigned to all IAM users in your AWS account. Policies can be assigned to users via user policies or inherited by group memberships.
Read only permissions to IAM in the AWS account being scanned are required. This can be achieved by assigning the SecurityAudit AWS Managed policy to the IAM user or role being used to run this scan.
There are existing tools that go through potential privilege escalation avenues due to excessive AWS permissions. This script therefore complements rather than replaces some of these tools, such as Rhino Security's AWS Escalate, NCC Group's Scout2, or CloudSploit.
This script requires Python 3
Install the AWS Python SDK and Dependencies. Details
Install Colorama
The requirements.txt file can be used to install the dependencies using pip3
pip3 install -r requirements.txt
Further details can be found here
Setup your AWS credentials. If you have awscli installed, running aws configure
will prompt you for your AWS Access Key ID and your Secret Key, and create the ~/.aws/credentials
file. Alternatively, the ~/.aws/credentials
file can be configured as shown in the below example:
[default]
aws_access_key_id = AWS_KEY
aws_secret_access_key = AWS_SECRET
If you need to assume an IAM role and then scan for assigned permissions, remind101's assume-role tool is very helpful, especially is you are required to provide MFA. Link
python ./aws_perms.py