# Enumerate-IAM.py

{% hint style="danger" %}
¿Crees tener lo que se necesita para ser un experto en Pentesting contra AWS? Si nuestro libro te abrió los ojos a las posibilidades de la ciberseguridad ofensiva o si ya cuentas con habilidades en este campo, es momento de subir de nivel. Te retamos a certificarte en el [CPNA - Curso Profesional de Pentesting Contra AWS](https://spartan-cybersec.com/cursos/pentesting-contra-la-nube-de-aws/). No será fácil: te enfrentarás a un examen riguroso de 12 horas donde deberás hackear una infraestructura completa alojada en AWS. ¿Listo para el desafío? Acepta el reto y demuestra tu verdadero potencial.
{% endhint %}

{% hint style="danger" %}
Hay que tener en cuenta que esta herramienta es muy ruidosa y generará una tonelada de registros de CloudTrail. Esto hace que sea muy fácil para un defensor detectar esta actividad y dejarlo fuera de ese rol o usuario. Pruebe primero otros métodos de enumeración de permisos, o esté dispuesto a perder el acceso a estas credenciales antes de recurrir a la fuerza bruta.
{% endhint %}

Una de las mejores herramientas es un script en Python llamado Enumerate-IAM.py

{% embed url="<https://github.com/andresriancho/enumerate-iam.git>" %}

Para la instalacion simplemente ejecutamos lo siguiente:

```powershell
PS C:\Users\gerh-> git clone https://github.com/andresriancho/enumerate-iam.git                                            
Cloning into 'enumerate-iam'...
remote: Enumerating objects: 56, done.
remote: Counting objects: 100% (26/26), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 56 (delta 19), reused 18 (delta 18), pack-reused 30
Receiving objects: 100% (56/56), 32.92 KiB | 495.00 KiB/s, done.
Resolving deltas: 100% (26/26), done.

PS C:\Users\gerh-> pip3 install -r requirements.txt
Collecting boto3 (from -r requirements.txt (line 1))
  Obtaining dependency information for boto3 from https://files.pythonhosted.org/packages/d6/2f/1ea6c1201937b4713f9a8b4955efddbedfa206dde557803e6b602a02687c/boto3-1.34.45-py3-none-any.whl.metadata
  Downloading boto3-1.34.45-py3-none-any.whl.metadata (6.6 kB)
Collecting botocore (from -r requirements.txt (line 2))
  Obtaining dependency information for botocore from https://files.pythonhosted.org/packages/89/e9/e920ef6c7b4b1141614d6a1a665d92a191bde429b39b55f40c75cad8d733/botocore-1.34.45-py3-none-any.whl.metadata
  Downloading botocore-1.34.45-py3-none-any.whl.metadata (5.7 kB)
Collecting jmespath<2.0.0,>=0.7.1 (from boto3->-r requirements.txt (line 1))
  Downloading jmespath-1.0.1-py3-none-any.whl (20 kB)
Collecting s3transfer<0.11.0,>=0.10.0 (from boto3->-r requirements.txt (line 1))
  Obtaining dependency information for s3transfer<0.11.0,>=0.10.0 from https://files.pythonhosted.org/packages/12/bb/7e7912e18cd558e7880d9b58ffc57300b2c28ffba9882b3a54ba5ce3ebc4/s3transfer-0.10.0-py3-none-any.whl.metadata
  Downloading s3transfer-0.10.0-py3-none-any.whl.metadata (1.7 kB)
Requirement already satisfied: python-dateutil<3.0.0,>=2.1 in /usr/lib/python3/dist-packages (from botocore->-r requirements.txt (line 2)) (2.8.2)
Requirement already satisfied: urllib3<2.1,>=1.25.4 in /usr/lib/python3/dist-packages (from botocore->-r requirements.txt (line 2)) (1.26.16)
Downloading boto3-1.34.45-py3-none-any.whl (139 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 139.3/139.3 kB 19.1 MB/s eta 0:00:00
Downloading botocore-1.34.45-py3-none-any.whl (12.0 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 12.0/12.0 MB 58.0 MB/s eta 0:00:00
Downloading s3transfer-0.10.0-py3-none-any.whl (82 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 82.1/82.1 kB 33.7 MB/s eta 0:00:00
Installing collected packages: jmespath, botocore, s3transfer, boto3
Successfully installed boto3-1.34.45 botocore-1.34.45 jmespath-1.0.1 s3transfer-0.10.0
```

Y luego ejecutamos de la siguiente manera:

```bash
PS C:\Users\gerh-> python3 enumerate-iam.py --access-key AKIAYPUD57AEXIHFN453 --secret-key 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                
2024-02-19 16:12:29,768 - 53020 - [INFO] Starting permission enumeration for access-key-id "AKIAYPUD57AEXIHFN453"
2024-02-19 16:12:31,092 - 53020 - [INFO] Run for the hills, get_account_authorization_details worked!
2024-02-19 16:12:31,285 - 53020 - [INFO] User "estudiante.cpna" has 1 attached policies
2024-02-19 16:12:31,285 - 53020 - [INFO] -- Policy "SecurityAudit" (arn:aws:iam::aws:policy/SecurityAudit)
2024-02-19 16:12:31,376 - 53020 - [INFO] User "estudiante.cpna" has 0 inline policies
2024-02-19 16:12:31,467 - 53020 - [INFO] User "estudiante.cpna" has 1 groups associated
2024-02-19 16:12:31,558 - 53020 - [INFO] -- Group "Spartan-Developers" has 1 inline policies
2024-02-19 16:12:31,559 - 53020 - [INFO] ---- Policy "Politica-Read-IAM"
2024-02-19 16:12:31,559 - 53020 - [INFO] Attempting common-service describe / list brute force.
2024-02-19 16:12:32,019 - 53020 - [INFO] -- mediaconnect.list_flows() worked!
2024-02-19 16:12:32,118 - 53020 - [INFO] -- iot.list_topic_rules() worked!
2024-02-19 16:12:32,124 - 53020 - [INFO] -- iot.list_outgoing_certificates() worked!
2024-02-19 16:12:32,139 - 53020 - [INFO] -- mediaconnect.list_entitlements() worked!
2024-02-19 16:12:32,144 - 53020 - [INFO] -- xray.get_groups() worked!
2024-02-19 16:12:32,177 - 53020 - [INFO] -- inspector.list_assessment_templates() worked!
2024-02-19 16:12:32,188 - 53020 - [INFO] -- batch.describe_compute_environments() worked!
2024-02-19 16:12:32,191 - 53020 - [INFO] -- shield.list_attacks() worked!
2024-02-19 16:12:32,192 - 53020 - [INFO] -- iot.list_thing_types() worked!
2024-02-19 16:12:32,192 - 53020 - [INFO] -- iot.describe_event_configurations() worked!
2024-02-19 16:12:32,197 - 53020 - [INFO] -- robomaker.list_simulation_applications() worked!
2024-02-19 16:12:32,225 - 53020 - [INFO] -- iot.list_indices() worked!
2024-02-19 16:12:32,269 - 53020 - [INFO] -- codedeploy.list_deployments() worked!
2024-02-19 16:12:32,300 - 53020 - [INFO] -- glue.get_databases() worked!
2024-02-19 16:12:32,306 - 53020 - [INFO] -- batch.describe_job_definitions() worked!
2024-02-19 16:12:32,452 - 53020 - [INFO] -- robomaker.list_simulation_jobs() worked!
2024-02-19 16:12:32,453 - 53020 - [INFO] -- sagemaker.list_hyper_parameter_tuning_jobs() worked!
2024-02-19 16:12:32,455 - 53020 - [INFO] -- codedeploy.list_on_premises_instances() worked!
2024-02-19 16:12:32,457 - 53020 - [ERROR] Remove codedeploy.batch_get_deployment_targets action
2024-02-19 16:12:32,459 - 53020 - [ERROR] Remove codedeploy.list_deployment_targets action
2024-02-19 16:12:32,458 - 53020 - [INFO] -- lightsail.get_load_balancers() worked!
2024-02-19 16:12:32,458 - 53020 - [INFO] -- iot.list_billing_groups() worked!
2024-02-19 16:12:32,457 - 53020 - [INFO] -- iot.describe_account_audit_configuration() worked!
2024-02-19 16:12:32,559 - 53020 - [INFO] -- glue.get_security_configurations() worked!
2024-02-19 16:12:32,568 - 53020 - [INFO] -- sagemaker.list_code_repositories() worked!
2024-02-19 16:12:32,571 - 53020 - [INFO] -- iot.list_jobs() worked!
2024-02-19 16:12:32,573 - 53020 - [INFO] -- codedeploy.list_deployment_configs() worked!
2024-02-19 16:12:32,581 - 53020 - [INFO] -- iot.list_scheduled_audits() worked!
2024-02-19 16:12:32,666 - 53020 - [INFO] -- codedeploy.list_git_hub_account_token_names() worked!
2024-02-19 16:12:32,672 - 53020 - [ERROR] Remove globalaccelerator.describe_accelerator_attributes action
2024-02-19 16:12:32,674 - 53020 - [INFO] -- sagemaker.list_endpoints() worked!
2024-02-19 16:12:32,676 - 53020 - [INFO] -- iot.list_things() worked!
2024-02-19 16:12:32,685 - 53020 - [INFO] -- iot.list_streams() worked!
2024-02-19 16:12:32,688 - 53020 - [INFO] -- sqs.list_queues() worked!
2024-02-19 16:12:32,704 - 53020 - [INFO] -- sdb.list_domains() worked!
2024-02-19 16:12:32,725 - 53020 - [INFO] -- eks.list_clusters() worked!
2024-02-19 16:12:32,758 - 53020 - [INFO] -- sagemaker.list_training_jobs() worked!
2024-02-19 16:12:32,774 - 53020 - [INFO] -- lightsail.get_disk_snapshots() worked!
2024-02-19 16:12:32,780 - 53020 - [INFO] -- mq.list_configurations() worked!
2024-02-19 16:12:32,782 - 53020 - [INFO] -- iot.list_thing_registration_tasks() worked!
2024-02-19 16:12:32,786 - 53020 - [INFO] -- iot.list_thing_groups() worked!
2024-02-19 16:12:32,805 - 53020 - [INFO] -- sagemaker.list_notebook_instances() worked!
2024-02-19 16:12:32,833 - 53020 - [INFO] -- glue.get_crawlers() worked!
2024-02-19 16:12:32,846 - 53020 - [INFO] -- lambda.list_layers() worked!
2024-02-19 16:12:32,858 - 53020 - [INFO] -- sagemaker.list_workteams() worked!
2024-02-19 16:12:32,889 - 53020 - [INFO] -- mq.list_brokers() worked!
2024-02-19 16:12:32,891 - 53020 - [INFO] -- iot.list_authorizers() worked!
2024-02-19 16:12:32,937 - 53020 - [INFO] -- glue.get_jobs() worked!
2024-02-19 16:12:32,954 - 53020 - [INFO] -- sagemaker.list_models() worked!
2024-02-19 16:12:32,956 - 53020 - [INFO] -- lambda.list_functions() worked!
```

Para mas informacion, te recomiendo el siguiente video:

{% embed url="<https://www.youtube.com/watch?v=dUP0UT29OP8>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://books.spartan-cybersec.com/cpna/tecnicas-de-enumeracion-en-iam/enumeracion-automatizada-por-medio-de-fuerza-bruta/enumerate-iam.py.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.