Pacu
Featured🔥 Offensive Ops · Python
Pacu is an open-source AWS exploitation framework designed for offensive security testing of cloud environments. It's built by Rhino Security Labs and provides a comprehensive set of modules for AWS reconnaissance, privilege escalation, data exfiltration, and persistence. Pacu automates common attack techniques across IAM, EC2, S3, Lambda, and dozens of other AWS services. It maintains session data, tracks discovered credentials, and maps out AWS environments — essentially the Metasploit for AWS.
Installation
$ pip install pacuUse Cases
- AWS cloud penetration testing
- IAM privilege escalation enumeration and exploitation
- S3 bucket discovery and data exfiltration
- Lambda function backdooring
- EC2 instance compromise and lateral movement
Tags
Details
- Category
- 🔥 Offensive Ops
- Language
- Python
- Repository
- RhinoSecurityLabs/pacu
Platforms
More in Offensive Ops
Mythic
GoCollaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.
Havoc
C/C++Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.
Rubeus
C#C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.
Certipy
PythonActive Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.
Coercer
PythonAutomatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.
SharpHound
C#Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.