DaveYesland
commented
1 year ago Hi @saw-your-packet, Nice research, this tool looks pretty helpful.
We are open to any ideas or contributions for Pacu as long as they make sense with the functionality and purpose or Pacu.
If you wanted to consider integrating your tool or pieces of its functionality into Pacu I would first suggest reading over https://github.com/RhinoSecurityLabs/pacu/tree/master/pacu/modules/systemsmanager__rce_ec2 and making sure there is not a big overlap in purpose there.
I am going to close this issue for now but feel free to continue this thread with questions or discussion with regards to integrating this into Pacu if you decide to go that route.
I made a tool called EC2StepShell that can be used to spawn reverse shells in public and private EC2 instances by using ssm:SendCommand and ssm:ListCommandInvocations. I was wondering if you're interested in integrating the tool in pacu. I need to do some changes so that the tool will act like a library if that's the case. Anyway, great tool and keep it going! Here is the tool's link where you can find more details about it: https://github.com/saw-your-packet/EC2StepShell
Also, I'm doing a research right now on SSM and I plan on doing a small exploitation tool based on that. Would you be interested in knowing more about it? Maybe I can do a whole module about SSM on pacu. I will post an article soon on the kind of research I'm talking about, but in the meantime, here are some results from the research: https://github.com/saw-your-packet/fun-with-ssm