offensiveterraform
There are 8 repositories under offensiveterraform topic.
offensive-terraform/terraform-aws-ec2-instance-reverse-shell
Offensive Terraform module which creates EC2 instance and reverse shell from an EC2 instance to attacker machine.
offensive-terraform/terraform-aws-ebs-snapshot-publicly-exposed
Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".
offensive-terraform/terraform-aws-cross-account-persistence
Offensive Terraform module which creates an IAM role with trust relationship with attacker's AWS account and attaches managed IAM Policy to an IAM role.
offensive-terraform/terraform-aws-lambda-function-credential-exfiltration
Offensive Terraform module which creates Lambda function with existing IAM role. The module invokes it automatically to exfiltrate AWS temporary credential from environment variables and send it back with response.
offensive-terraform/terraform-aws-rds-snapshot-publicly-exposed
Offensive Terraform module which creates RDS database from a publicly exposed RDS snapshot in attacker's AWS account. After that, attacker can connect to RDS database and inspect it.
offensive-terraform/terraform-aws-s3-subdomain-takeover
Offensive Terraform module which takes over a subdomain which has a CNAME record pointing to non-existing S3 bucket in target's Route53. The module creates a S3 bucket with a name as subdomain in the specific AWS region that CNAME record is pointing to. Also, it uploads a simple web page with "404 Page Not Found" text.
offensive-terraform/terraform-aws-iam-create-user-persistence
Offensive Terraform module which creates IAM user, access key then attaches managed IAM Policy to an IAM user.
offensive-terraform/terraform-aws-ec2-instance-credential-exfiltration
Offensive Terraform module which creates EC2 instance and exfiltrate credential from Instance metadata to external URL.