aws-vault vs Pacu
GitHub Stats
About aws-vault
aws-vault stores AWS IAM credentials in your operating system's secure keystore (macOS Keychain, Windows Credential Manager, Linux secret service) and generates temporary credentials via STS when needed. It never writes long-term credentials to disk (~/.aws/credentials), eliminating a common credential theft vector. aws-vault supports MFA prompting, role assumption chains, credential rotation, and session duration configuration. It integrates with any CLI tool that uses AWS environment variables, making it a transparent security layer. For offensive security, it enables safe management of multiple AWS profiles during cloud penetration testing.
About Pacu
Pacu is an open-source AWS exploitation framework designed for offensive security testing of cloud environments. It's built by Rhino Security Labs and provides a comprehensive set of modules for AWS reconnaissance, privilege escalation, data exfiltration, and persistence. Pacu automates common attack techniques across IAM, EC2, S3, Lambda, and dozens of other AWS services. It maintains session data, tracks discovered credentials, and maps out AWS environments - essentially the Metasploit for AWS.
Platform Support
Tags
Shared
aws-vault only
Pacu only