Barq - The Aws Cloud Postal Service Exploitation Framework!


barq: The AWS Cloud Post Exploitation framework!

What is it?
barq is a post-exploitation framework that allows yous to easily perform attacks on a running AWS infrastructure. It allows yous to laid upward on running EC2 instances without having the master copy instance SSH keypairs. It also allows yous to perform enumeration as well as extraction of stored Secrets as well as Parameters inwards AWS.

Prerequisites
  • An existing AWS line organisation human relationship access fundamental id as well as undercover (Token likewise inwards unopen to case)
  • Python ii or 3. It tin sack run amongst both. To run the msfvenom payloads, yous withdraw msfvenom to live on available on your workstation, amongst the PATH setup correctly.

Installing
For python 2:
pip install -r requirements.txt
For python3
pip3 install -r requirements.txt
Better to practise a virtualenv environs for the tool. Please banking concern annotation that using sudo amongst pip is non recommended.

Author
  • Mohammed Aldoub, also known equally Voulnet, detect me on Twitter

Main Features
  • Attacking EC2 instances without knowing keypairs or connector profiles/passwords.
  • Dumping EC2 secrets as well as parameters.
  • Enumerating EC2 instances as well as safety groups.
  • Ability to launch Metasploit as well as Empire payloads against EC2 instances.
  • Training fashion to examine attacks as well as features without messing amongst running production environment.
  • Tab-completed commands inwards a menu-based navigation system.
  • Ability to dump EC2 instance metadata details.
  • Ability to purpose EC2 keys or tokens (for illustration acquired from compromised instances or leaked source code)
  • Printing for yous the listening commands for msfconsole inwards cli fashion for slowly copy-pasting.

Contributing
PRs are welcome!


Popular posts from this blog

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Osweep - Don't Simply Search Osint, Sweep It

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows