AWS Access Auditor: Enumerating AWS Services with Exposed Keys — A Pentester’s Swiss Army Knife 🛠️
In the middle of a red team engagement or cloud pentest, you stumble upon AWS credentials. Maybe it’s in a .env file, maybe via EC2 metadata, or tucked inside a CI/CD pipeline. The next question is always: “What can these credentials actually access?” This is where AWS Access Auditor comes in — a lean, stealthy Python tool designed to enumerate accessible AWS services using a given Access Key and Secret Key, without making noise or risking detection. ...