Description
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally, privileged out of the box). This module provides not only the API enumeration identifying EC2 instances accessible via SSM with given credentials, but enables session initiation for all identified targets (without requiring target-level credentials) using the CreateSession datastore option. The module also provides an EC2 ID filter and a limiting throttle to prevent session stampedes or expensive messes.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/cloud/aws/enum_ssmmsf undefined(enum_ssm) > show actions ...actions...msf undefined(enum_ssm) > set ACTION < action-name >msf undefined(enum_ssm) > show options ...show and set options...msf undefined(enum_ssm) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub