aws-vault vs enumerate-iam
GitHub Stats
About aws-vault
aws-vault stores AWS IAM credentials in your operating system's secure keystore (macOS Keychain, Windows Credential Manager, Linux secret service) and generates temporary credentials via STS when needed. It never writes long-term credentials to disk (~/.aws/credentials), eliminating a common credential theft vector. aws-vault supports MFA prompting, role assumption chains, credential rotation, and session duration configuration. It integrates with any CLI tool that uses AWS environment variables, making it a transparent security layer. For offensive security, it enables safe management of multiple AWS profiles during cloud penetration testing.
About enumerate-iam
enumerate-iam is a Python tool designed for enumerating AWS IAM permissions by brute-forcing API calls. It tests a given set of credentials to uncover misconfigured permissions and potential security risks. The tool's ability to reveal over-privileged accounts and roles makes it a valuable resource for AWS security assessments. enumerate-iam is essential for identifying and mitigating risks associated with improper permission configurations.
Platform Support
Tags
Shared
aws-vault only
enumerate-iam only