Pacu is an open source AWS exploitation framework for offensive security testing against cloud environments, created and maintained by Rhino Security Labs. It allows you to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enables:
- user privilege escalation, IAM users backdooring, attacking vulnerable Lambda functions, and so much more (see bellow).
Pacu: The Open Source AWS Exploitation Framework for testing security of AWS environments
Pacu is a CLI (command line interface) that provides a database and modules that allow cybersecurity professionals to easily provided assessments on AWS environments. It is a lightweight program, based on Python, that requires
Python 3.5+ and
pip3 only. Pacu is well-documented, so you’ll be able to quickly and easily make new modules on your own (Advanced Usage Wiki: cybersecurity researchers/developers/experts). It’s supported in OSX and Linux operating systems.
- Pacu has a bunch of plug-in modules (currently Pacu has 36 modules for executing AWS attacks) that helps you in: enumeration, privilege escalation, data exfiltration, service exploitation, and log manipulation.
- It provides utilities to easily allow users and modules to store and reference access information and enumerated data found when engaging an AWS environment.
- Common syntax and data structure keeps modules easy to build and expand on – no need to specify AWS regions or make redundant permission checks between modules.
- Local SQLite database for managing and manipulating with retrieved data (minimizing API calls and associated logs).
- Built-in reporting and attack auditing inside framework (command logging and exporting, testing process timeline).
- all packages from
Download zip file or clone it from the github repo:
$ git clone https://github.com/RhinoSecurityLabs/pacu.git
Then navigate to the Pacu directory:
$ cd pacu/
install.sh install script (it will automatically install all packages from
$ bash install.sh
To start Pacu, run the following:
$ python3 pacu.py
After first lunch, you’ll see message “database not found”, but it will be created automatically. You’ll be prompted to provide a session name, just name it to start. Set the AWS keys, and start running modules.
Basic Commands in Pacu
help to list all available commands:
Pacu command info: list/ls List all modules search [cat[egory]] Search the list of available modules by name or category help Display this page of information help Display information about a module whoami Display information regarding to the active access keys data Display all data that is stored in this session. Only fields with values will be displayed data |proxy Display all data for a specified service or for PacuProxy in this session services Display a list of services that have collected data in the current session to use with the "data" command regions Display a list of all valid AWS regions update_regions Run a script to update the regions database to the newest version set_regions <region> [<region>...] Set the default regions for this session. These space-separated regions will be used for modules where regions are required, but not supplied by the user. The default set of regions is every supported region for the service. Supply "all" to this command to reset the region set to the default of all supported regions run/exec Execute a module set_keys Add a set of AWS keys to the session and set them as the default swap_keys Change the currently active AWS key to another key that has previously been set for this session exit/quit Exit Pacu