pacu
by RhinoSecurityLabs
Pacu is an open-source AWS exploitation framework designed for offensive security testing and exploiting configuration flaws within AWS environments.
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Primary Use Case
Pacu is primarily used by penetration testers and security professionals to identify and exploit security weaknesses in Amazon Web Services accounts. It enables users to perform privilege escalation, backdoor IAM users, and attack vulnerable AWS resources, helping organizations assess and improve their cloud security posture.
- Modular framework allowing easy expansion of functionality
- Exploitation of AWS IAM privilege escalation and backdooring
- Attacks on vulnerable AWS Lambda functions
- Session management for storing AWS credentials and data
- Supports running modules across multiple AWS regions
- Lightweight and requires only Python 3.7+ and pip3
- Docker image available for easy deployment
- Active community support via Discord and Stack Overflow
Installation
- pip3 install -U pip
- pip3 install -U pacu
- Run pacu by executing the command: pacu
- Alternatively, install with pipx using: pipx install git+https://github.com/RhinoSecurityLabs/pacu.git
- For Docker, run: docker run -it rhinosecuritylabs/pacu:latest
- To run Docker without default entrypoint: docker run -it --entrypoint /bin/sh rhinosecuritylabs/pacu:latest
- To run Docker with AWS config and credentials mounted: docker run -it -v ~/.aws:/root/.aws rhinosecuritylabs/pacu:latest
Usage
>_ pacu --helpDisplays the help menu for Pacu CLI.
>_ pacu --session <session name>Sets the session to use for commands that require one.
>_ set_keysPrompts to input AWS access key ID, secret access key, and optional session token to set AWS credentials for the session.
>_ listLists available modules for the AWS regions set in the current session.
>_ help module_nameDisplays help information for the specified module.
>_ run module_nameRuns the specified module with default parameters.
>_ run module_name --regions eu-west-1,us-west-1Runs the specified module against the specified AWS regions.
>_ docker run -it rhinosecuritylabs/pacu:latestRuns the Pacu Docker container with the default entrypoint to start Pacu.
- Integrate Pacu into red team toolkits for realistic AWS attack simulations.
- Use Pacu modules to validate effectiveness of cloud security controls and IAM policies.
- Leverage session management to maintain persistent testing environments across engagements.
- Combine Pacu with cloud SIEM tools to improve detection of AWS exploitation attempts.
- Employ Pacu in purple team exercises to bridge gaps between offensive and defensive cloud security teams.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about pacu. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
ProxmoxVE
community-scripts/ProxmoxVE
Proxmox VE Helper-Scripts (Community Edition)
prowler
prowler-cloud/prowler
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
aws-cdk
aws/aws-cdk
The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
my-arsenal-of-aws-security-tools
toniblyx/my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
keda
kedacore/keda
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
DevOps-Guide
Tikam02/DevOps-Guide
DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.