| skipped 1 lines |
2 | 2 | | Cloud Exploit Framework |
3 | 3 | | |
4 | 4 | | ## Usage |
| 5 | + | ``` |
| 6 | + | python3 tc.py -h |
5 | 7 | | |
| 8 | + | _______ _ _ _____ _ _ |
| 9 | + | |__ __| | | | / ____| | | | |
| 10 | + | | | | |__ _ _ _ __ __| | ___ _ __| | | | ___ _ _ __| | |
| 11 | + | | | | '_ \| | | | '_ \ / _` |/ _ \ '__| | | |/ _ \| | | |/ _` | |
| 12 | + | | | | | | | |_| | | | | (_| | __/ | | |____| | (_) | |_| | (_| | |
| 13 | + | \_/ |_| |_|\__,_|_| |_|\__,_|\___|_| \_____|_|\___/ \__,_|\__,_| |
6 | 14 | | |
7 | 15 | | |
8 | | - | |
9 | | - | ## Requirements |
| 16 | + | usage: tc.py [-h] [-ce COGNITO_ENDPOINT] [-reg REGION] [-accid AWS_ACCOUNT_ID] [-aws_key AWS_ACCESS_KEY] [-aws_secret AWS_SECRET_KEY] [-bdrole BACKDOOR_ROLE] [-sso SSO_URL] [-enum_roles ENUMERATE_ROLES] [-s3 S3_BUCKET_NAME] |
| 17 | + | [-conn_string CONNECTION_STRING] [-blob BLOB] [-shared_access_key SHARED_ACCESS_KEY] |
10 | 18 | | |
| 19 | + | Attack modules of cloud AWS |
11 | 20 | | |
| 21 | + | optional arguments: |
| 22 | + | -h, --help show this help message and exit |
| 23 | + | -ce COGNITO_ENDPOINT, --cognito_endpoint COGNITO_ENDPOINT |
| 24 | + | to verify if cognito endpoint is vulnerable and to extract credentials |
| 25 | + | -reg REGION, --region REGION |
| 26 | + | AWS region of the resource |
| 27 | + | -accid AWS_ACCOUNT_ID, --aws_account_id AWS_ACCOUNT_ID |
| 28 | + | AWS account of the victim |
| 29 | + | -aws_key AWS_ACCESS_KEY, --aws_access_key AWS_ACCESS_KEY |
| 30 | + | AWS access keys of the victim account |
| 31 | + | -aws_secret AWS_SECRET_KEY, --aws_secret_key AWS_SECRET_KEY |
| 32 | + | AWS secret key of the victim account |
| 33 | + | -bdrole BACKDOOR_ROLE, --backdoor_role BACKDOOR_ROLE |
| 34 | + | Name of the backdoor role in victim role |
| 35 | + | -sso SSO_URL, --sso_url SSO_URL |
| 36 | + | AWS SSO URL to phish for AWS credentials |
| 37 | + | -enum_roles ENUMERATE_ROLES, --enumerate_roles ENUMERATE_ROLES |
| 38 | + | To enumerate and assume account roles in victim AWS roles |
| 39 | + | -s3 S3_BUCKET_NAME, --s3_bucket_name S3_BUCKET_NAME |
| 40 | + | Execute upload attack on S3 bucket |
| 41 | + | -conn_string CONNECTION_STRING, --connection_string CONNECTION_STRING |
| 42 | + | Azure Shared Access key for readingservicebus/queues/blobs etc |
| 43 | + | -blob BLOB, --blob BLOB |
| 44 | + | Azure blob enumeration |
| 45 | + | -shared_access_key SHARED_ACCESS_KEY, --shared_access_key SHARED_ACCESS_KEY |
| 46 | + | Azure shared key |
| 47 | + | ``` |
12 | 48 | | |
| 49 | + | ## Requirements |
| 50 | + | ``` |
| 51 | + | * python 3 |
| 52 | + | * pip |
| 53 | + | * git |
| 54 | + | ``` |
13 | 55 | | |
14 | 56 | | ## Installation |
15 | | - | |
16 | | - | |
17 | | - | |
| 57 | + | ``` |
| 58 | + | - get project `git clone https://github.com/Rnalter/ThunderCloud.git && cd ThunderCloud/` |
| 59 | + | - install [virtualenv](https://virtualenv.pypa.io/en/latest/) `pip install virtualenv` |
| 60 | + | - create a python 3.6 local enviroment `virtualenv -p python3.6 venv` |
| 61 | + | - activate the virtual enviroment `source venv/bin/activate` |
| 62 | + | - install project dependencies `pip install -r requirements.txt` |
| 63 | + | - run the tool via `python tc.py --help` |
| 64 | + | ``` |
18 | 65 | | |
19 | 66 | | ## Running ThunderCloud |
20 | 67 | | |
21 | | - | |
22 | | - | |
23 | | - | ## Docker Setup |
24 | | - | |
25 | | - | |
26 | | - | ## Documentation |
| 68 | + | Examples |
| 69 | + | ``` |
| 70 | + | python3 tc.py -sso <sso_url> --region <region> |
| 71 | + | python3 tc.py -ce <cognito_endpoint> --region <region> |
| 72 | + | ``` |
27 | 73 | | |
28 | 74 | | |