| skipped 1 lines |
| 2 | 2 | | Cloud Exploit Framework |
| 3 | 3 | | |
| 4 | 4 | | ## Usage |
| | 5 | + | ``` |
| | 6 | + | python3 tc.py -h |
| 5 | 7 | | |
| | 8 | + | _______ _ _ _____ _ _ |
| | 9 | + | |__ __| | | | / ____| | | | |
| | 10 | + | | | | |__ _ _ _ __ __| | ___ _ __| | | | ___ _ _ __| | |
| | 11 | + | | | | '_ \| | | | '_ \ / _` |/ _ \ '__| | | |/ _ \| | | |/ _` | |
| | 12 | + | | | | | | | |_| | | | | (_| | __/ | | |____| | (_) | |_| | (_| | |
| | 13 | + | \_/ |_| |_|\__,_|_| |_|\__,_|\___|_| \_____|_|\___/ \__,_|\__,_| |
| 6 | 14 | | |
| 7 | 15 | | |
| 8 | | - | |
| 9 | | - | ## Requirements |
| | 16 | + | usage: tc.py [-h] [-ce COGNITO_ENDPOINT] [-reg REGION] [-accid AWS_ACCOUNT_ID] [-aws_key AWS_ACCESS_KEY] [-aws_secret AWS_SECRET_KEY] [-bdrole BACKDOOR_ROLE] [-sso SSO_URL] [-enum_roles ENUMERATE_ROLES] [-s3 S3_BUCKET_NAME] |
| | 17 | + | [-conn_string CONNECTION_STRING] [-blob BLOB] [-shared_access_key SHARED_ACCESS_KEY] |
| 10 | 18 | | |
| | 19 | + | Attack modules of cloud AWS |
| 11 | 20 | | |
| | 21 | + | optional arguments: |
| | 22 | + | -h, --help show this help message and exit |
| | 23 | + | -ce COGNITO_ENDPOINT, --cognito_endpoint COGNITO_ENDPOINT |
| | 24 | + | to verify if cognito endpoint is vulnerable and to extract credentials |
| | 25 | + | -reg REGION, --region REGION |
| | 26 | + | AWS region of the resource |
| | 27 | + | -accid AWS_ACCOUNT_ID, --aws_account_id AWS_ACCOUNT_ID |
| | 28 | + | AWS account of the victim |
| | 29 | + | -aws_key AWS_ACCESS_KEY, --aws_access_key AWS_ACCESS_KEY |
| | 30 | + | AWS access keys of the victim account |
| | 31 | + | -aws_secret AWS_SECRET_KEY, --aws_secret_key AWS_SECRET_KEY |
| | 32 | + | AWS secret key of the victim account |
| | 33 | + | -bdrole BACKDOOR_ROLE, --backdoor_role BACKDOOR_ROLE |
| | 34 | + | Name of the backdoor role in victim role |
| | 35 | + | -sso SSO_URL, --sso_url SSO_URL |
| | 36 | + | AWS SSO URL to phish for AWS credentials |
| | 37 | + | -enum_roles ENUMERATE_ROLES, --enumerate_roles ENUMERATE_ROLES |
| | 38 | + | To enumerate and assume account roles in victim AWS roles |
| | 39 | + | -s3 S3_BUCKET_NAME, --s3_bucket_name S3_BUCKET_NAME |
| | 40 | + | Execute upload attack on S3 bucket |
| | 41 | + | -conn_string CONNECTION_STRING, --connection_string CONNECTION_STRING |
| | 42 | + | Azure Shared Access key for readingservicebus/queues/blobs etc |
| | 43 | + | -blob BLOB, --blob BLOB |
| | 44 | + | Azure blob enumeration |
| | 45 | + | -shared_access_key SHARED_ACCESS_KEY, --shared_access_key SHARED_ACCESS_KEY |
| | 46 | + | Azure shared key |
| | 47 | + | ``` |
| 12 | 48 | | |
| | 49 | + | ## Requirements |
| | 50 | + | ``` |
| | 51 | + | * python 3 |
| | 52 | + | * pip |
| | 53 | + | * git |
| | 54 | + | ``` |
| 13 | 55 | | |
| 14 | 56 | | ## Installation |
| 15 | | - | |
| 16 | | - | |
| 17 | | - | |
| | 57 | + | ``` |
| | 58 | + | - get project `git clone https://github.com/Rnalter/ThunderCloud.git && cd ThunderCloud/` |
| | 59 | + | - install [virtualenv](https://virtualenv.pypa.io/en/latest/) `pip install virtualenv` |
| | 60 | + | - create a python 3.6 local enviroment `virtualenv -p python3.6 venv` |
| | 61 | + | - activate the virtual enviroment `source venv/bin/activate` |
| | 62 | + | - install project dependencies `pip install -r requirements.txt` |
| | 63 | + | - run the tool via `python tc.py --help` |
| | 64 | + | ``` |
| 18 | 65 | | |
| 19 | 66 | | ## Running ThunderCloud |
| 20 | 67 | | |
| 21 | | - | |
| 22 | | - | |
| 23 | | - | ## Docker Setup |
| 24 | | - | |
| 25 | | - | |
| 26 | | - | ## Documentation |
| | 68 | + | Examples |
| | 69 | + | ``` |
| | 70 | + | python3 tc.py -sso <sso_url> --region <region> |
| | 71 | + | python3 tc.py -ce <cognito_endpoint> --region <region> |
| | 72 | + | ``` |
| 27 | 73 | | |
| 28 | 74 | | |
shivankar-madaan
committed
with
GitHub
2 years ago
1 parent ad8e3b39