- Joined
- Jan 8, 2019
- Messages
- 56,607
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,453
- Points
- 2,313
- Credits
- 32,590
6 Years of Service
76%
Nebula
Nebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is built with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or automation engines like Ansible, Terraform, Chef, etc.
Currently covers:
- S3 Bucket name bruteforce
- IAM, EC2, S3, STS, and Lambda Enumeration
- IAM, EC2, STS, and S3 exploitation
- SSM Enumeration + Exploitation
- Custom HTTP User-Agent
- Enumerate Read Privileges (working on write privs)
- Reverse Shell
- No creds Reconnaisance
There are currently 67 modules covering:
- Reconnaissance
- Enumeration
- Exploit
- Cleanup
- Reverse Shell
Changelog v2.0
STS AssumeRoleWithWebIdentity
Reconnaissance crt.sh
TCP Reverse Shell (Draft)
Reverse Shell check_env that checks the environment of the victim system
Updated getuid that checks IAM:GetUser, IAM:ListAttachedUserPolicies and IAM:GetPolicy
Now it gets the credentials from ¬/.aws