Amazon Web Services (AWS)
# Audit git repos for secrets keys
./gitleaks --repo=xxxxx --verbose --pretty
# Enumerate the permissions associated with AWS credential set
./enumerate-iam.py --access-key AKIA... --secret-key StF0q...
# enumerate-iam.py tries to brute force all API calls allowed by the IAM policy.
# The calls performed by this tool are all non-destructive (only get* and list* calls are performed).
SQLmap proxy for AWS
# A simple utility to help test AWS Lambda functions for SQL Injection vulnerabilities
# Using a local HTTP proxy, which transforms the SQLMap HTTP-based attacks to AWS Lambda invoke calls.
$ python3 main.py
# Update request.txt, which is the file containing your Lambda function's event data, and run
$ sqlmap -r request.txt