Skip to content

Stoicmehedi/aws_exploit_finder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
aws_cracker.log
aws_cracker.log
 
 
ip_scanner.py
ip_scanner.py
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 
smtp_cracker.py
smtp_cracker.py
 
 

Repository files navigation

AWS Cracker

AWS Cracker is a tool designed to scan for and extract AWS SMTP credentials from vulnerable servers. It combines an IP Scanner and SMTP Cracker to automate the process of finding and validating AWS SMTP credentials.

Features

  • IP Scanner: Scans IP ranges for open ports and identifies potential AWS services
  • SMTP Cracker: Extracts and validates AWS SMTP credentials from target servers
  • Credential Validation: Tests extracted credentials by attempting to connect to AWS SMTP servers
  • Email Testing: Sends test emails using extracted credentials to verify functionality
  • Detailed Reporting: Generates comprehensive JSON reports of scan results
  • Flexible Port Scanning: Scan specific ports, common ports, port ranges, or all ports

Requirements

  • Python 3.6+
  • Required Python packages (see requirements.txt)

Installation

  1. Clone the repository:
git clone https://github.com/yourusername/aws-cracker.git
cd aws-cracker
  1. Install dependencies:
pip install -r requirements.txt

if you face any erro use this

pip install --use-deprecated=legacy-resolver -r requirements.txt

3.# Set up Shodan API key (optional but recommended for enhanced scanning)

cp .env.example .env

Edit .env file and add your Shodan API key

Usage

Basic Usage

# Scan a single IP
python main.py --target 192.168.1.1 --common-ports

# Scan an IP range
python main.py --target 192.168.1.0/24 --output-dir reports

Advanced Usage

# Scan with custom ports
python main.py --target targets.txt --ports 80,443,8080 --threads 20 --timeout 5 --validate --test-email [email protected]

# Scan a port range
python main.py --target 192.168.1.0/24 --port-range 1-1024 --aws-only

IP Scanner Only

# Scan common ports
python ip_scanner.py --target 192.168.1.0/24 --common-ports --output reports/scan_results.json

# Scan all ports (very slow)
python ip_scanner.py --target 192.168.1.1 --all-ports --threads 50 --output reports/scan_results.json

SMTP Cracker Only

python smtp_cracker.py --input reports/valid_ips.json --threads 10 --timeout 5 --validate --test-email [email protected] --output reports/smtp_results.json

Command Line Arguments

Main Tool

  • --target, -t: Target IP (single IP or CIDR notation) or file with targets
  • --ports, -p: Comma-separated list of ports to scan (e.g., 80,443,25)
  • --common-ports, -c: Scan common ports (80, 443, 25, 587, 465)
  • --all-ports, -a: Scan all ports (1-65535) - WARNING: Very slow
  • --port-range, -r: Port range to scan (e.g., 1-1024)
  • --threads, -n: Number of threads for scanning (default: 10)
  • --timeout: Connection timeout in seconds (default: 3)
  • --output-dir, -o: Output directory for reports (default: reports)
  • --verbose, -v: Enable verbose output
  • --aws-only: Only include targets with AWS-related services
  • --validate: Validate extracted SMTP credentials
  • --test-email: Email address to send a test email (requires --validate)
  • --skip-ip-scan: Skip IP scanning and use existing IP list
  • --ip-list: Path to existing IP list (for use with --skip-ip-scan)

IP Scanner

  • --target, -t: Target IP (single IP or CIDR notation) or file with targets
  • --ports, -p: Comma-separated list of ports to scan (e.g., 80,443,25)
  • --common-ports, -c: Scan common ports (80, 443, 25, 587, 465)
  • --all-ports, -a: Scan all ports (1-65535) - WARNING: Very slow
  • --port-range, -r: Port range to scan (e.g., 1-1024)
  • --threads, -n: Number of threads for scanning (default: 10)
  • --timeout: Connection timeout in seconds (default: 3)
  • --output, -o: Output file path (default: reports/valid_ips.json)
  • --verbose, -v: Enable verbose output
  • --aws-only: Only include targets with AWS-related services

SMTP Cracker

  • --input, -i: Input file with valid IPs
  • --threads, -n: Number of threads for scanning (default: 5)
  • --timeout: Connection timeout in seconds (default: 5)
  • --output, -o: Output file path (default: reports/smtp_results.json)
  • --verbose, -v: Enable verbose output
  • --validate: Validate extracted SMTP credentials
  • --test-email: Email address for sending a test email (if validation is enabled)

Output Format

The tool generates JSON reports with detailed information about the scan results:

{
  "scan_info": {
    "timestamp": "2023-07-01T12:34:56.789012",
    "targets_scanned": 256,
    "targets_with_open_ports": 42,
    "web_servers": 35,
    "mail_servers": 12,
    "aws_targets": 15,
    "vulnerable_targets": 8,
    "credentials_found": 5,
    "valid_credentials": 3
  },
  "results": [
    {
      "ip": "192.168.1.100",
      "open_ports": [80, 443, 25],
      "is_web_server": true,
      "is_mail_server": true,
      "is_aws_related": true,
      "credentials_found": true,
      "credentials": {
        "username": "AKIAXXXXXXXXXXXXXXXX",
        "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
        "host": "email-smtp.us-east-1.amazonaws.com",
        "port": 587
      },
      "credentials_valid": true,
      "source_url": "http://192.168.1.100:80"
    }
  ]
}

Disclaimer

This tool is for educational and ethical testing purposes only. Always obtain proper authorization before scanning any systems or networks. Unauthorized scanning of systems is illegal and unethical.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages