WeirdAAL
☁️ Cloud Recon · Python
WeirdAAL (AWS Attack Library) is a Python framework for offensive testing of Amazon Web Services environments. It organizes AWS attacks into categorized modules covering enumeration (listing resources, permissions, and configurations across services), exploitation (abusing misconfigurations and excessive permissions), and persistence (creating backdoor access). WeirdAAL supports testing across a wide range of AWS services including IAM, EC2, S3, Lambda, STS, CloudTrail, and many others. Each module performs a specific action - from enumerating all S3 buckets and their ACLs, to checking for privilege escalation paths through IAM policy misconfigurations, to creating persistence mechanisms via Lambda backdoors. WeirdAAL uses boto3 and works with standard AWS credential configurations, making it easy to test with compromised or provided access keys.
Installation
from source
$ git clone https://github.com/carnal0wnage/weirdAAL && cd weirdAAL && pip install -r requirements.txtUse Cases
- Enumerating AWS resources and permissions from compromised access keys
- Identifying IAM privilege escalation paths in AWS environments
- Testing S3 bucket configurations and ACLs for public access
- Creating persistence mechanisms for simulated adversary exercises
- Running organized AWS attack modules during cloud penetration tests
Tags
Details
- Category
- ☁️ Cloud Recon
- Language
- Python
- Repository
- carnal0wnage/weirdAAL
- Platforms
- 🐧linux🍎macos🪟windows
Links
Alternatives & Comparisons
Pacu
PythonAWS exploitation framework. Enumerate, escalate, and exfiltrate across AWS services. The Metasploit of cloud.
Compare WeirdAAL vs PacuProwler
PythonCloud security assessment tool. 300+ checks for AWS, Azure, GCP, and Kubernetes against CIS benchmarks.
Compare WeirdAAL vs ProwlerScoutSuite
PythonMulti-cloud security auditing tool for AWS, Azure, GCP, Alibaba Cloud, and Oracle Cloud.
Compare WeirdAAL vs ScoutSuiteCloudMapper
PythonAnalyze AWS environments to create network diagrams and identify security risks.
Compare WeirdAAL vs CloudMapperCloudBrute
GoCloud infrastructure enumerator to find company assets across multiple cloud providers.
Compare WeirdAAL vs CloudBruteCloudFox
GoFind exploitable attack paths in cloud infrastructure by enumerating IAM permissions, secrets, and network exposure.
Compare WeirdAAL vs CloudFoxCloudSploit
JavaScriptOpen-source cloud security configuration scanner for AWS, Azure, GCP, and Oracle Cloud Infrastructure.
Compare WeirdAAL vs CloudSploitCartography
PythonIntel graph of cloud infrastructure. Maps relationships between AWS, GCP, Azure, and other services into a Neo4j graph.
Compare WeirdAAL vs CartographySteampipe
GoQuery cloud APIs with SQL. Zero-ETL approach to infrastructure visibility across AWS, Azure, GCP, and 140+ plugins.
Compare WeirdAAL vs SteampipeMore in Cloud Recon
ScoutSuite
PythonMulti-cloud security auditing tool for AWS, Azure, GCP, Alibaba Cloud, and Oracle Cloud.
CloudMapper
PythonAnalyze AWS environments to create network diagrams and identify security risks.
S3Scanner
GoScan for misconfigured S3 buckets across AWS regions and dump accessible contents.
CloudBrute
GoCloud infrastructure enumerator to find company assets across multiple cloud providers.
MicroBurst
PowerShellPowerShell toolkit for attacking Azure services including storage, key vaults, and automation.
ROADtools
PythonFramework for Azure AD enumeration and exploitation via the internal ROADrecon and ROADlib modules.