barq
barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS. Prerequisites: An existing AWS account access key id and secret (Token too in some case). Python 2 or 3. It can run with both. To run the msfvenom payloads, you need msfvenom to be available on your workstation, with the PATH setup correctly. Installing: For python 2: pip install -r requirements.txt For python3 pip3 install -r requirements.txt Better to create a virtualenv environment for the tool. Please note that using sudo with pip is not recommended. Author: Mohammed Aldoub, also known as Voulnet, find me on Twitter Main Features: Attacking EC2 instances without knowing keypairs or connection profiles/passwords. Dumping EC2 secrets and parameters. Enumerating EC2 instances and security groups. Ability to launch Metasploit and Empire payloads against EC2 instances. Training mode to test attacks and features without making any changes to the actual AWS infrastructure.
FEATURES
SIMILAR TOOLS
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
A C#-based Command and Control Framework for remote access and control of compromised systems.
Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.
A collection of Microsoft PowerShell modules for penetration testing purposes.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.