# Pacu ## Introduction Pacu is an open source AWS exploitation framework created and maintained by Rhino Security Labs to assist in offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS environment using an extensible collection of modules with a diverse feature-set. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more. ## What we are going to cover We will cover how to use Pacu and a step by step guide for analysing & exploiting configuration flaws within AWS environment. ## Requirements Pacu is a relatively simple program that requires Python 3 and pip to handle any module dependencies in the environment. ## Installation 1. Open your terminal, run the following command. ``` git clone https://github.com/RhinoSecurityLabs/pacu.git ``` 2. Now we'll install pip dependencies. ``` cd pacu && pip install -r requirements.txt ``` 3. You should be able to run `./cli.py` to start pacu. ## Steps to audit * The first time Pacu is launched, you will be prompted to start and name a new session. ![pacu intro](/files/2bcqWx38dmfCGOA4uhN2) * This session will be used to store AWS key pairs, as well as any data obtained from running various modules. You can have any number of different sessions in Pacu, each with their own sets of AWS keys and data, and resume a session at any time (though a restart is currently required to switch between sessions). Enter any session name. ![pacu intro](/files/c0CPaRxI7k4edf6H7mCj) * Set AWS access credentials in pacu. Use any alias and enter the keys retrieved in step 1. ![pacu intro](/files/i3yh3jAwJjLsvUoY4HwV) * List pacu modules. Here there are bunch of modules, most of them are authenticated scans. ![pacu intro](/files/CEWPycVKnSVaBuQRVTDB) ### Running Privilege escalation module * Run the pacu module to scan for any privilege escalations. ![pacu intro](/files/mVMkz7q6JMZafhS0lk8Z) * This `cloud-dev` user has multiple policy versions & in which one of them has high privileges. ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "account:*", "Resource": "*" } ] } ``` * The policy which has high privileges. ![pacu intro](/files/oE1TcJRP6uQYfNkXrUec) ## Aditional references * [Pacu wiki](https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details) * [Opensource Exploitation Framework](https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xcriminal.gitbook.io/about-me/cloudsec/security-tools/pacu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.