AWSXenos will list all the trust relationships in all the IAM roles and S3 buckets

Related tags

Third-party APIs Wrappersawssecurityaws-iamaws-securitycloud-security
Overview

AWS External Account Scanner

Xenos, is Greek for stranger.

AWSXenos will list all the trust relationships in all the IAM roles, and S3 buckets, in an AWS account and give you a breakdown of all the accounts that have trust relationships to your account.

This tool reports against the Trusted Relationship Technique of the ATT&CK Framework.

  • For the "known" accounts list AWSXenos uses a modified version of known AWS Account IDs.
  • For the Org accounts list AWSXenos query AWS Organizations.
  • AWS Services are classified separately.
  • Everything else falls under unknown account

Example

HTML Report Screenshot

Why

Access Analyzer falls short because:

  1. You need to enable it in every region.

  2. Identified external entities might be known entities. E.g. a trusted third party vendor or a vendor you no longer trust. An Account number is seldom useful.

  3. Zone of trust is a fixed set of the AWS organisation. You won’t know if a trust between sandbox->prod has been established.

  4. Does not identify AWS Service principals. This is mainly important because of Wiz's AWSConfig, et al vulnverabilities

How to run

Cli

pip install AWSXenos
awsxenos --reporttype HTML -w report.html
awsxenos --reporttype JSON -w report.json

You will get an HTML and JSON report.

See example report

Library

from awsxenos.scan import Scan
from awsxenos.report import Report

s = Scan()
r = Report(s.findings, s.known_accounts_data)
json_summary = r.JSON_report()
html_summary = r.HTML_report()

IAM Permissions

Permissions required.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "iam:ListRoles"
        "organizations:ListAccounts",
        "s3:ListAllMyBuckets",
        "s3:GetBucketPolicy",
        "s3:GetBucketAcl"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Development

python3 -m env venv
source /env/bin/activate
pip install -r requirements.txt

I want to add more known accounts

Create a PR or raise an issue. Contributions are welcome.

Features

  • IAM Roles
  • S3 Bucket Policies and ACLs
  • Use as library
  • HTML and JSON output
  • Supports AWS Services

TODO

  • Add support for more resource policies services, e.g. SecretsManager, KSM, SNS, SQS, Lambda
  • Add support for Cognito, RAM
  • Add support for VPCE
You might also like...
A minimalistic, modern Discord bot for roles and polls using dropdowns
A minimalistic, modern Discord bot for roles and polls using dropdowns

DropBot A minimalistic, modern Discord bot for roles and polls using dropdowns Made by ThatOneCalculator Technologies used Instructions Type /, and na

ModernBots 1 Jun 27, 2022
Discovery is an open-source Discord Bot with the main features Tickets, Moderation, Giveaways and Reaction roles.

Discovery is an open-source Discord Bot with the main features Tickets, Moderation, Giveaways and Reaction roles.

null 1 Dec 29, 2021
A discord bot written in discord.py to manage custom roles assigned to boosters of your server.

BBotty A discord bot written in discord.py to manage custom roles assigned to boosters of your server. v0.0.1-alpha released! This version is incomple

Oui002 1 Nov 27, 2021
Discord bot that manages expiration of roles with subscriptions!

Discord bot that manages expiration of roles with subscriptions!

Chakeaw__ 3 Apr 28, 2022
Project to list all resources in an AWS account with tags.

AWS-ListAll Project to list all resources in an AWS account with tags. This script works on any system Get started: Install python3 and pip3 along wit

Connor Shubham Verlekar 3 Jan 30, 2022
Trellox Tool is written in Python3 and designed to pull and list Trello boards.
Trellox Tool is written in Python3 and designed to pull and list Trello boards.

TrelloX Trellox Tool is written in Python3 and designed to list and pull Trello boards. It can be used by penetration testers/bug bounty hunters to de

Ali Fathi Ali Sawehli 1 Dec 5, 2021
This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

This is a simple program that uses Python and pyTwitchAPI to retrieve the list of users in a streamer's chat and then checks each one of these users to see if they follow the broadcaster or not

RwinShow 57 Dec 18, 2022
A collective list of free APIs for use in software and web development.

Public APIs A collective list of free APIs for use in software and web development. A public API for this project can be found here! For information o

null 222.5k Jan 2, 2023
Karen is a Discord Bot that will check for a list of forbidden words/expressions, removing the message that contains them and replying with another message.

Karen is a Discord Bot that will check for a list of forbidden words/expressions, removing the message that contains them and replying with another message. Everything is highly customizable.

Rafael Almeida 1 Nov 3, 2021
Releases(v0.0.2)
Owner
AirWalk
Delivering business transformation through technology
AirWalk
GitHub Repository
Tiktok BOT 1 link Vidio otomatis : - Nambah view - Nambah love - Nambah share - Nambah love komen (semua komen ke love)

Install Bahannya pip install selenium pip install pyfiglet==0.7.5 Cara Install dan Menjalankannya Git-clone this repo! Install selenium and pyfiglet u

Ahmad Ghozali 1 Mar 01, 2022
Python 3 SDK/Wrapper for Huobi Crypto Exchange Api

This packages intents to be an idiomatic PythonApi wrapper for https://www.huobi.com/ Huobi Api Doc: https://huobiapi.github.io/docs Showcase TODO Con

3 Jul 28, 2022
HackerNews and Reddit in one placce

EDIT: this project is 3.5 years old. I found it sad it's just laying around, so I did some minimal fixes and deployed it. Hope you enjoy! (PR's welcom

Hugo Montenegro 1 Nov 13, 2021
Async wrapper over hentaichan.live

hentai-chan-api-async is a small asynchronous parser library that will allow you to easily use manga from https://hentaichan.live Recommended to use python3.7+

7 Dec 15, 2022
Tubee is a web application, which runs actions when your subscribed channel upload new videos

Tubee is a web application, which runs actions when your subscribed channel upload new videos, think of it as a better IFTTT but built specifically for YouTube with many enhancements.

Tomy Hsieh 11 Jan 01, 2023
Home Assistant Hilo Integration via HACS

BETA This is a beta release. There will be some bugs, issues, etc. Please bear with us and open issues in the repo. Hilo Hilo integration for Home Ass

66 Dec 23, 2022
BoostIRC - IRC Bot which posts boosts to IRC

BoostIRC Quick Start git clone https://github.com/valcanobacon/BoostIRC.git cd B

7 Dec 23, 2022
Bender: A Markov Babbler Slack Bot

See the Digital Ocean tutorial for instructions on how to get the basic bot structure in place. Once you have that, set the gunicorn command to run as

Andrew Howard 1 Dec 04, 2021
Tiktok-bot - A Simple Tiktok bot With Python

Install the requirements pip install selenium pip install pyfiglet==0.7.5 How ca

Muchlis Faroqi 5 Aug 23, 2022
Proxy server that records responses for UI testing (and other things)

Welcome to playback-proxy πŸ‘‹ A proxy tool that records communication (requests, websockets) between client and server. This recording can later be use

Yurii 41 Apr 01, 2022
This is a scalable system that reads messages from public Telegram channels using Telethon and stores the data in a PostgreSQL database.

This is a scalable system that reads messages from public Telegram channels using Telethon and stores the data in a PostgreSQL database. Its original intention is to monitor cryptocurrency related ch

Greg 3 Jun 07, 2022
A Telegram Music Bot written in Python using Pyrogram and Py-Tgcalls

A Telegram Music Bot written in Python using Pyrogram and Py-Tgcalls. This is Also The Source Code of The UserBot Which is Playing Music in @S1-BOTS Support Group ❀️

SAF ONE 224 Dec 28, 2022
Python Library for Accessing the Cohere API

Cohere Python SDK This package provides functionality developed to simplify interfacing with the Cohere API in Python 3. Documentation See the API's d

cohere.ai 42 Jan 03, 2023
A minimal open source mtg-like tcg game made in python that can be played on a terminal emulator using a keyboard.

TCG-TERM Project state: πŸ”§ 🚧 🚧 🚧 Incomplete, In development 🚧 🚧 🚧 πŸ‘· (Keep in mind that at the moment, This project is currently undone, and wil

Amos 3 Aug 29, 2021
Bringing Ethereum Virtual Machine to StarkNet at warp speed!

Warp Warp brings EVM compatible languages to StarkNet, making it possible to transpile Ethereum smart contracts to Cairo, and use them on StarkNet. Ta

Nethermind 700 Dec 26, 2022
Date Time Userbot With Python

DATE_TIME_USERBOT An Telegram Bot By @Pythone_3 Config Vars API_ID : Telegram API_ID, get it from my.telegram.org/apps API_HASH : Telegram API_ID, get

Sinzz-sinan-m 2 Oct 20, 2021
Python Tool To Get The Date That Your Account Joined Instagram

Date-Joined-Insta Python Tool To Get The Date That Your Account Joined Instagram You Dont Need To Login Just Enter The UserName If Id Did Not Work Ins

A B D U L L A H . 1 Dec 21, 2021
Video Stream: an Advanced Telegram Bot that's allow you to play Video & Music on Telegram Group Video Chat

Video Stream is an Advanced Telegram Bot that's allow you to play Video & Music on Telegram Group Video Chat πŸ§ͺ Get SESSION_NAME from below: Pyrogram

Jonathan 6 Feb 08, 2022
Osmnx-examples - Usage examples, demos, and tutorials for OSMnx.

OSMnx Examples OSMnx is a Python package to work with street networks and other spatial data from OpenStreetMap: retrieve, model, analyze, and visuali

Geoff Boeing 1.2k Jan 03, 2023
This is a telegram bot built using the Oxford Dictionary API

Oxford Dictionaries Telegram Bot This is a telegram bot built using the Oxford Dictionary API Source: Oxford Dictionaries API Documentation Install En

Abhijith N T 2 Mar 18, 2022