Amazon Web Services (AWS)

# Cheatsheet

GitLeaks (

# Audit git repos for secrets keys
./gitleaks --repo=xxxxx --verbose --pretty

Enumerate IAM (

# Enumerate the permissions associated with AWS credential set 
./ --access-key AKIA... --secret-key StF0q...

# tries to brute force all API calls allowed by the IAM policy.
# The calls performed by this tool are all non-destructive (only get* and list* calls are performed).

SQLmap proxy for AWS

# A simple utility to help test AWS Lambda functions for SQL Injection vulnerabilities
# Using a local HTTP proxy, which transforms the SQLMap HTTP-based attacks to AWS Lambda invoke calls.

# Run
$ python3

# Update request.txt, which is the file containing your Lambda function's event data, and run
$ sqlmap -r request.txt