Pacu
Pacu is an open-source cloud penetration testing framework.
- designed as an exploitation framework for evaluating the security of an AWS environment
- Python-based
- includes modules for exploiting APIs and VM instances
- for pen testing, can use cloud-access credentials to
- determine how they may be abused to gather information about other accounts and configured services
- or gain unauthorized access to cloud services
Resources
- github.com/RhinoSecurityLabs/pacu
- rhinosecuritylabs.com/aws/cloudgoat-vulnerable-design-aws-environment
- intentionally vulnerable set of AWS resources that can be loaded and unloaded from an AWS account to learn about cloud exploitation tactics