The current iam__bruteforce_permissions module only checks permissions related to EC2, Log, and S3 which decreases it's usefulness significantly.
This update uses the enumerate-iam library/tool by Andres Riancho to check all applicable services. It still keeps the same functionality of the old module by updating the permissions in the user's session so it can be used by other modules (such as privesc__scan).
The current
iam__bruteforce_permissions
module only checks permissions related to EC2, Log, and S3 which decreases it's usefulness significantly.This update uses the
enumerate-iam
library/tool by Andres Riancho to check all applicable services. It still keeps the same functionality of the old module by updating the permissions in the user's session so it can be used by other modules (such as privesc__scan).