Amazon Web Services EC2 SSM enumeration
Description
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally, privileged out of the box). This module provides not only the API enumeration identifying EC2 instances accessible via SSM with given credentials, but enables session initiation for all identified targets (without requiring target-level credentials) using the CreateSession mixin option. The module also provides an EC2 ID filter and a limiting throttle to prevent session stampedes or expensive messes.
Author(s)
- RageLtMan <rageltman@sempervictus>
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/cloud/aws/enum_ssm
msf auxiliary(enum_ssm) > show actions
...actions...
msf auxiliary(enum_ssm) > set ACTION < action-name >
msf auxiliary(enum_ssm) > show options
...show and set options...
msf auxiliary(enum_ssm) > run 
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security