Skip to content

LTiDi2000/AWSCognitoKiller

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.vscode
.vscode
 
 
__pycache__
__pycache__
 
 
enumerate_iam
enumerate_iam
 
 
AWSCognitoKiller.py
AWSCognitoKiller.py
 
 
README.md
README.md
 
 
Utility.py
Utility.py
 
 

Repository files navigation

AWSCognitoKiller

AWS Cognito Misconiguration Automation Check

Requirements:

  • Install AWS CLI

Currently Supported:

Automated Check Pre-Authen Misconfigurations:

  • Sign Up Via Client Id - Authentication bypass due to enabled Signup API action
  • Generate AWS credentials from Identity ID - Unauthorized access to AWS services due to Liberal AWS Credentials
  • Enumerate IAM from Generated AWS credentials
  • Sign Up Via Client Id + Client Secret When Application Allows SignUp but Need Proper Secret Hash

Post-Authen Misconfigurations:

  • Privilege escalation through writable user attributes

TODO:

  • Updating email attribute before verification

References:

About

AWS Cognito Misconiguration Automation Check

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages