Giters
Offensive Terraform (offensive-terraform)

Offensive Terraform

offensive-terraform

Organization data from Github https://github.com/offensive-terraform

Offensive Terraform Modules

Location:Seattle

Home Page:https://offensive-terraform.github.io

GitHub:@offensive-terraform

Twitter:@itgel_ganbold

Offensive Terraform's repositories

offensive-terraform.github.io

Offensive Terraform Website

Language:JavaScriptStargazers:45Issues:6Issues:0

terraform-aws-ec2-kali-linux

Offensive Terraform module which creates Kali Linux from the AWS marketplace and installs cloud security tools (Pacu, Cloudsplaining, ScoutSuite).

Language:HCLLicense:Apache-2.0Stargazers:18Issues:2Issues:0

terraform-aws-ec2-instance-reverse-shell

Offensive Terraform module which creates EC2 instance and reverse shell from an EC2 instance to attacker machine.

Language:HCLLicense:Apache-2.0Stargazers:17Issues:2Issues:0

terraform-aws-ebs-snapshot-publicly-exposed

Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".

Language:HCLLicense:Apache-2.0Stargazers:15Issues:3Issues:0

terraform-aws-cross-account-persistence

Offensive Terraform module which creates an IAM role with trust relationship with attacker's AWS account and attaches managed IAM Policy to an IAM role.

Language:HCLLicense:Apache-2.0Stargazers:13Issues:2Issues:0

terraform-aws-lambda-function-credential-exfiltration

Offensive Terraform module which creates Lambda function with existing IAM role. The module invokes it automatically to exfiltrate AWS temporary credential from environment variables and send it back with response.

Language:HCLLicense:Apache-2.0Stargazers:10Issues:2Issues:0

terraform-aws-rds-snapshot-publicly-exposed

Offensive Terraform module which creates RDS database from a publicly exposed RDS snapshot in attacker's AWS account. After that, attacker can connect to RDS database and inspect it.

Language:HCLLicense:Apache-2.0Stargazers:10Issues:2Issues:0

terraform-aws-s3-subdomain-takeover

Offensive Terraform module which takes over a subdomain which has a CNAME record pointing to non-existing S3 bucket in target's Route53. The module creates a S3 bucket with a name as subdomain in the specific AWS region that CNAME record is pointing to. Also, it uploads a simple web page with "404 Page Not Found" text.

Language:HCLLicense:Apache-2.0Stargazers:9Issues:2Issues:0

terraform-aws-iam-create-user-persistence

Offensive Terraform module which creates IAM user, access key then attaches managed IAM Policy to an IAM user.

Language:HCLLicense:Apache-2.0Stargazers:8Issues:2Issues:0

terraform-aws-ec2-instance-credential-exfiltration

Offensive Terraform module which creates EC2 instance and exfiltrate credential from Instance metadata to external URL.

Language:HCLLicense:Apache-2.0Stargazers:6Issues:2Issues:0

terraform-aws-ecs-credential-exfiltration

License:Apache-2.0Stargazers:2Issues:3Issues:0