This script performs AWS enumeration for IAM, S3, and EC2 resources using a specified AWS CLI profile. It retrieves detailed information about IAM users, groups, policies, S3 buckets, and EC2 instances, saving the output to a timestamped file.
-
IAM Enumeration:
- Account summary
- List groups for a user
- List and detail attached and inline policies for groups
- List attached and inline user policies
- List roles available to assume
-
S3 Enumeration:
- List all S3 buckets
- Check and display S3 bucket policies
- Check and display S3 bucket ACLs
-
EC2 Enumeration:
- Describe EC2 instances
- Retrieve detailed information including instance name, security groups, instance ID, availability zone, state,
- AWS CLI must be installed and configured on your machine.
- jq command-line JSON processor must be installed.
-
Install AWS CLI: Follow the instructions here to install AWS CLI.
-
Configure AWS CLI: Set up your AWS CLI profile by running:
aws configure --profile <profile_name>
Replace
<profile_name>with your desired profile name and enter your AWS credentials. -
Install jq: Follow the instructions here to install jq.
- Save the Script:
Save the script to a file, e.g.,
aws_enum.sh. - Make the Script Executable:
chmod +x pawsenum.sh
- Run the Script:
Replace
./pawsenum.sh <profile_name>
<profile_name>with the AWS CLI profile name you set up.
- The script saves the output in a file named in the format:
<profile_name>_enum_<YYYY-MM-DD_HH-MM-SS>.txt