├── .gitignore
├── LICENSE
├── README.md
├── __init__.py
├── enumeration
├── codeartifactenum.py
├── ecrprivenum.py
├── ecrpubenum.py
├── iamassumeroleenum.py
├── lambdaenum.py
├── loadbalancer.py
├── rand_id_generator.py
├── s3aclenum.py
├── s3enum.py
├── secretsmanagerenum.py
└── snsenum.py
├── main.py
├── results
├── scan-run-statistics.txt
└── valid_scan_results.txt
├── settings.py
├── setup.py
├── terraform
├── .terraform-version
├── .terraform.lock.hcl
├── README.md
├── outputs.tf
├── service-linked-roles.auto.tfvars
├── service-linked-roles.tf
├── terraform.tf
├── variables.tf
├── well-known-roles.auto.tfvars
└── well-known.roles.tf
├── test.txt
├── total_footprint_wordlist.py
└── wordlists
├── familynames-usa-top1000.txt
├── femalenames-usa-top1000.txt
├── github-scrape.txt
├── known_valid_account_ids.txt
├── malenames-usa-top1000.txt
└── service-linked-roles.txt
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | .idea
3 | .coverage
4 | .pytest_cache
5 |
6 | # HashiCorp
7 | **/.terraform/*
8 | *.plan
9 | *.tfstate
10 | *.tfstate.*
11 | !terraform.tfvars
12 | .vagrant
13 | packer_cache/
14 | *.box
15 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2024 Wes Ladd
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Quiet Riot
2 | ### :notes: *C'mon, Feel The Noise* :notes:
3 |
4 | _An enumeration tool for scalable, unauthenticated validation of AWS, Azure, and GCP principals; including AWS Acccount IDs, root e-mail addresses, users, and roles, Azure Active Directory Users, and Google Workspace Users/E-mails._
5 |
6 | __Credit:__ Daniel Grzelak [@dagrz](https://twitter.com/dagrz) for identifying the technique and Will Bengston [@__muscles](https://twitter.com/__muscles) for inspiring me to scale it.
7 |
8 | See the introductory blog post [here](https://blog.traingrc.com/en/introducing-quiet-riot).
9 | See a defender's perspective blog post [here](https://blog.traingrc.com/en/quiet-riot-defenders-lens).
10 |
11 | ## Getting Started With Quiet Riot
12 |
13 | ### Prerequisites
14 | boto3/botocore
15 | Sufficient AWS credentials configured via CLI (if performing AWS scan - it is still unauthenticated, but you will need to provision resources)
16 |
17 | ### Installation:
18 | First step is to have sufficient AWS credentials configured via CLI. If you do not have your own AWS acccount or sufficient credentials in an AWS account, Quiet Riot will not work.
19 |
20 | Create the virtual environment, or you can directly install the quiet_riot pkg using pip.
21 |
22 | For installing this package you can run the command pip install quiet-riot. After installing the package you can run the command quiet_riot --help
23 |
24 | ### Usage:
25 |
26 | Arguments for quiet_riot are --scan_type, --threads, --wordlist, --profile
27 |
28 | You can provide values for arguments required to run this package. Must require argument is scan_type.
29 |
30 | for e.g quiet_riot --scan_type 3 --threads 30 --wordlist C:\path_to_wordlist_file --profile righteousgambit
31 |
32 | Or you can use the short form for arguments as well like --s, --t, --w, --p
33 |
34 | --scan_type, --s
35 |
36 | What type of scan do you want to attempt? Enter the type of scan for example
37 |
38 | 1. AWS Account IDs
39 | 2. Microsoft 365 Domains
40 | 3. AWS Services Footprinting
41 | 4. AWS Root User E-mail Address
42 | 5. AWS IAM Principals
43 | 4.1. IAM Roles
44 | 4.2. IAM Users
45 | 6. Microsoft 365 Users (e-mails)
46 | 7. Google Workspace Users (e-mails)
47 |
48 | --threads, --t
49 |
50 | For number of threads you have to provide the number for e.g 23 , 30 90 etc. Approximately how many threads do you think you want to run?
51 |
52 | Hint: 2020 M1 Macbook Air w/ 16 GB RAM optimizes @ around 700 threads from limited testing.
53 |
54 | --wordlist, --w
55 |
56 | Path to the world list file which will be required for scan.
57 |
58 | --profile, --p
59 |
60 | Provide the name of aws profile configured through cli for e.g Default,Dev
61 |
62 | ### Featureploitation Limits
63 | #### Throttling
64 | After performing extensive analysis of scaling methods using the AWS Python (Boto3) SDK, I was able to determine that the bottleneck for scanning (at least for Python and awscli -based tools) is I/O capacity of a single-threaded Python application. After modifying the program to run with multiple threads, I was able to trigger exceptions in individual threads due to throttling by the various AWS APIs. You can see the results from running a few benchmarking test scans [here](./results/scan-run-statistics.txt). APIs that I tested had wildly different throttling limits and notably, s3 bucket policy attempts took ~10x as long as similar attempts against other services.
65 |
66 | With further testing, I settled on a combination of SNS, ECR-Public, and ECR-Private services running in US-East-1 in ~40%/50%/10% configuration split with ~700 threads. The machine I used was a 2020 Macbook Air (M1 and 16 GB RAM). This configuration yielded on average ~1100 calls/sec, though the actual number of calls can fluctuate significantly depending on a variety of factors including network connectivity. Under these configurations, I did occasionally throw an exception on a thread from throttling...but I have subsequently configured additional re-try attempts (4 -> 7) via botocore that will eliminate this issue with a minor performance trade-off.
67 |
68 | #### Computational Difficulty
69 | To attempt every possible Account ID in AWS (1,000,000,000,000) would require an infeasible amount of time given only one account. Even assuming absolute efficiency*, over the course of a day an attacker will only be able to make 95,040,000 validation checks from their local machine. Over 30 days, this is 2,851,200,000 validation checks and we are still over 28 years away from enumerating every valid AWS Account ID. Fortunately, there is nothing stopping us from registering many AWS accounts and automating this scan. While there is an initial limit of 20 accounts per AWS organization, I was able to get this limit increased for my Organization via console self-service and approval from an AWS representative. The approval occured without any further questions and now I'm off to automating this writ large. Again, assuming absolute efficiency, the 28 years of scanning to exhaust the account ID space could potentially be reduced down a few days or hours.
70 |
71 | *~1100 API calls/check per second in perpetuity per account and never repeating a guessed Account ID.
72 |
73 | ## Potential Supported AWS Services
74 |
75 | | # | AWS Service | Description | API Limits | Resource Pricing | Enumeration Capability |
76 | | --- | ----------- | ----------- | --------------- |--------------- | ---------- |
77 | | 1 | __SNS__ | Managed Serverless Notification Service | Unknown | Unknown | Yes |
78 | | 2 | __KMS__ | Encryption Key Management Service | Unknown | Unknown | Yes |
79 | | 3 | __SecretsManager__ | Managed Secret Store | Unknown | Unknown | Yes |
80 | | 4 | __CodeArtifact__ | Managed Source Code Repository | Unknown | Unknown | Yes |
81 | | 5 | __ECR Public__ | Managed Container Registry | Unknown | Unknown | Yes |
82 | | 6 | __ECR Private__ | Managed Container Registry | Unknown | Unknown | Yes |
83 | | 7 | __Lambda__ | Managed Serverless Function | Unknown | Unknown | Yes |
84 | | 8 | __s3__ | Managed Serverless Object Store | Unknown | Unknown | Yes |
85 | | 9 | __SES__ | SMTP Automation Service | Unknown | Unknown | Unknown |
86 | | 10 | __ACM__ | Private Certificate Authority | Unknown | Unknown | Unknown |
87 | | 11 | __CodeBuild__ | Software Build Agent | Unknown | Unknown | Unknown |
88 | | 12 | __AWS Backup__ | Managed Backup Service | Unknown | Unknown | Unknown |
89 | | 13 | __Cloud9__ | Managed IDE | Unknown | Unknown | Unknown |
90 | | 14 | __Glue__ | Managed ETL Job Service | Unknown | Unknown | Unknown |
91 | | 15 | __EKS__ | Managed K8s Service | Unknown | Unknown | Unknown |
92 | | 16 | __Lex V2__ | Managed NLP Service | Unknown | Unknown | Unknown |
93 | | 17 | __CloudWatch Logs__ | Managed Log Pipeline/Monitoring | Unknown | Unknown | Unknown |
94 | | 18 | __VPC Endpoints__ | Managed Virtual Network | Unknown | Unknown | Unknown |
95 | | 19 | __Elemental MediaStore__ | Unknown | Unknown | Unknown | Unknown |
96 | | 20 | __OpenSearch__ | Managed ElasticSearch | Unknown | Unknown | Unknown |
97 | | 21 | __EventBridge__ | Managed Serverless Event Hub | Unknown | Unknown | Unknown |
98 | | 22 | __EventBridge Schemas__ | Managed Serverless Event Hub | Unknown | Unknown | Unknown |
99 | | 23 | __IoT__ | Internet-of-Things Management | Unknown | Unknown | Unknown |
100 | | 24 | __s3 Glacier__ | Cold Object Storage | Unknown | Unknown | Unknown |
101 | | 25 | __ECS__ | Managed Container Orchestration | Unknown | Unknown | Unknown |
102 | | 26 | __Serverless Application Repository__ | Managed Source Code Repository | Unknown | Unknown | No |
103 | | 27 | __SQS__ | Managed Serverless Queueing Service | Unknown | Unknown | No |
104 | | 28 | __EFS__ | Managed Serverless Elastic File System | Unknown | Unknown | No |
--------------------------------------------------------------------------------
/__init__.py:
--------------------------------------------------------------------------------
1 | from . import total_footprint_wordlist
2 | from . import settings
--------------------------------------------------------------------------------
/enumeration/codeartifactenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import json
3 | import boto3
4 | from botocore.exceptions import ClientError
5 |
6 | session = boto3.Session(profile_name='default')
7 | client = session.client('codeartifact')
8 |
9 | def codeartifact_princ_checker(rand_account_id):
10 | my_managed_policy ={
11 | "Version": "2012-10-17",
12 | "Statement": [
13 | {
14 | "Action": [
15 | "codeartifact:CreateRepository"
16 | ],
17 | "Effect": "Allow",
18 | "Principal": {
19 | "AWS": f'{rand_account_id}'
20 | },
21 | "Resource": "arn:aws:codeartifact:us-east-1:201012399609:domain/test-domain"
22 | }
23 | ]
24 | }
25 | # Implement object to take my_managed_policy and parse for the generated account ID - then send that as return, not the fully policy
26 | try:
27 | response = client.put_domain_permissions_policy(
28 | domain='test-domain',
29 | domainOwner='201012399609', # Requires update with dynamic variable using end user account ID
30 | policyRevision= 'test',
31 | policyDocument=json.dumps(my_managed_policy)
32 | )
33 | print(rand_account_id)
34 | return('Pass')
35 | except client.exceptions.ConflictException as e:
36 | print(rand_account_id)
37 | return('Pass')
38 | # Handles the exception thrown when the Principal doesn't exist
39 | except client.exceptions.ValidationException as e:
40 | return(str(rand_account_id)+" FAIL")
--------------------------------------------------------------------------------
/enumeration/ecrprivenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import json
4 | import boto3
5 | from botocore.exceptions import ClientError
6 | from botocore.config import Config
7 | from .. import settings
8 | # #
9 | # config = Config(
10 | # retries = dict(
11 | # max_attempts = 10
12 | # )
13 | # )
14 | # client = boto3.client('ecr', config=config)
15 |
16 |
17 | def ecr_princ_checker(rand_account_id,session):
18 | client = session.client('ecr')
19 |
20 | my_managed_policy ={
21 | "Version":"2012-10-17",
22 | "Statement":[
23 | {
24 | "Sid":"ReplicationAccessCrossAccount",
25 | "Effect":"Allow",
26 | "Principal":{
27 | "AWS": f'{rand_account_id}'
28 | },
29 | "Action":[
30 | "ecr:CreateRepository",
31 | "ecr:ReplicateImage"
32 | ],
33 | "Resource": [
34 | f'arn:aws:ecr:us-east-1:{settings.account_no}:repository/{settings.scan_objects[1]}/*' # Needs to be updated to be more generalized
35 | ]
36 | }
37 | ]
38 | }
39 | # Implement object to take my_managed_policy and parse for the generated account ID - then send that as return, not the fully policy
40 | try:
41 | response = client.put_registry_policy(
42 | policyText=json.dumps(my_managed_policy)
43 | )
44 | print(rand_account_id)
45 | return("Pass")
46 | # Handles the exception thrown when the Principal doesn't exist
47 | except client.exceptions.InvalidParameterException as e:
48 | return("Fail")
49 | except BaseException as err:
50 | print(f"You're being throttled by ECR-Private and {rand_account_id} was not checked.")
51 | pass
--------------------------------------------------------------------------------
/enumeration/ecrpubenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import json
4 | import boto3
5 | from botocore.exceptions import ClientError
6 | import uuid
7 | import datetime
8 | from botocore.config import Config
9 | from .. import settings
10 |
11 | # config = Config(
12 | # retries = dict(
13 | # max_attempts = 10
14 | # )
15 | # )
16 | # client = boto3.client('ecr-public', config=config)
17 |
18 |
19 | def ecr_princ_checker(rand_account_id,session):
20 | client = session.client('ecr-public')
21 |
22 | my_managed_policy ={
23 | "Version": "2012-10-17",
24 | "Statement": [
25 | {
26 | "Sid": "AllowPushPull",
27 | "Effect": "Allow",
28 | "Principal": {
29 | "AWS": [
30 | f'{rand_account_id}'
31 | ]
32 | },
33 | "Action": [
34 | "ecr:BatchGetImage",
35 | "ecr:BatchCheckLayerAvailability",
36 | "ecr:CompleteLayerUpload",
37 | "ecr:GetDownloadUrlForLayer",
38 | "ecr:InitiateLayerUpload",
39 | "ecr:PutImage",
40 | "ecr:UploadLayerPart"
41 | ]
42 | }
43 | ]
44 | }
45 | try:
46 | response = client.set_repository_policy(
47 | registryId=settings.account_no,
48 | repositoryName=settings.scan_objects[0],
49 | policyText=json.dumps(my_managed_policy)
50 | )
51 | print(rand_account_id)
52 | return("Pass")
53 | # Handles the exception thrown when the Principal doesn't exist
54 | except client.exceptions.InvalidParameterException as e:
55 | return ("Fail")
56 | except BaseException as err:
57 | print(f"You're being throttled by ECR-Public and {rand_account_id} was not checked.")
58 | pass
--------------------------------------------------------------------------------
/enumeration/iamassumeroleenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import boto3
3 | import json
4 |
5 | session = boto3.Session(profile_name='default')
6 | client = session.client('iam')
7 |
8 |
9 | def iam_assume_role_princ_checker(rand_account_id):
10 | policy = {
11 | "Version": "2012-10-17",
12 | "Statement": [
13 | {
14 | "Sid": "",
15 | "Effect": "Allow",
16 | "Principal": {
17 | "Federated": rand_account_id
18 | },
19 | "Action": "sts:AssumeRole"
20 | }
21 | ]
22 | }
23 | try:
24 | policy_blob = json.dumps(policy)
25 | response = client.update_assume_role_policy(
26 | RoleName='aqua-test-role',
27 | PolicyDocument=policy_blob
28 | )
29 | print(rand_account_id)
30 | except BaseException as err:
31 | print(err)
32 | pass
33 |
34 | #iam_assume_role_princ_checker(rand_account_id)
35 |
36 | with open('complete-footprint.txt') as f:
37 | my_list = [x.rstrip() for x in f]
38 | for i in my_list:
39 | iam_assume_role_princ_checker(i)
--------------------------------------------------------------------------------
/enumeration/lambdaenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import json
4 | import boto3
5 | from botocore.exceptions import ClientError
6 | import uuid
7 |
8 | session = boto3.Session(profile_name='default')
9 | client = session.client('lambda')
10 |
11 | def lambda_princ_checker(rand_account_id):
12 | # Implement object to take my_managed_policy and parse for the generated account ID - then send that as return, not the fully policy
13 | try:
14 | response = client.add_permission(
15 | Action='lambda:InvokeFunction',
16 | FunctionName='quiet-riot-runner',
17 | Principal=f'{rand_account_id}',
18 | StatementId=uuid.uuid4().hex,
19 | )
20 | print(rand_account_id)
21 | return("Pass")
22 | # Handles the exception thrown when the Principal doesn't exist
23 | except client.exceptions.InvalidParameterValueException as e:
24 | return("Fail")
--------------------------------------------------------------------------------
/enumeration/loadbalancer.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import sys
4 | import time
5 | from . import ecrpubenum
6 | from . import snsenum
7 | from . import ecrprivenum
8 | import os
9 | import threading
10 | import queue
11 | import datetime
12 | from .. import settings
13 | from os.path import exists
14 | import glob
15 | from pathlib import Path
16 |
17 |
18 | timestamp = time.strftime("%Y%m%d-%H%M%S")
19 |
20 | # Function to get a wordlist and ask how many threads, then split the wordlist into sub-wordlists of the appropriate size to generate the number of threads desired (approx) when passed to the threader function
21 | def getter(thread,wordlist):
22 | # print('')
23 | # print('Approximately how many threads do you think you want to run?')
24 | # print('')
25 | # print('Hint: 2020 M1 Macbook Air w/ 16 GB RAM optimizes @ around 700 threads from limited testing.')
26 | # print('')
27 | threads = thread
28 | with open(wordlist) as file:
29 | my_list = [x.rstrip() for x in file]
30 | list_size = int(len(my_list)/int(threads))
31 | if list_size >= 1:
32 | list_size
33 | else:
34 | list_size = 1
35 | # Calculate estimated completion time based on 700 attempts/sec the 1100 attempts/sec
36 | low_speed = (int(len(my_list))/700)/60
37 | high_speed = (int(len(my_list))/1100)/60
38 | print('')
39 | print("Estimated Scan Duration: "+str(int(high_speed))+" minutes to "+str(int(low_speed))+" minutes")
40 | # Based on the number of desired threads and the overall # of words in the wordlist provided, chunk the wordlist into smaller wordlists and then make a list of lists that can be passed in threader to services
41 | chunks = [my_list [x:x+list_size] for x in range (0, len(my_list), list_size)]
42 | new_list = []
43 | for list in chunks:
44 | new_list.append(list)
45 | print('')
46 | print('Scanning Started with Quiet Riot')
47 | return new_list
48 |
49 |
50 | # Function to server as a crude load balancer for the services we know can withstand a significant load.
51 | def balancedchecker(*wordlist):
52 | global session1
53 | session = session1
54 |
55 | #create empty list of valid principals identified by scanning
56 | valid_list = []
57 | # iterate over wordlist and allocate wordlist to enumeration service based on a random seed selected at time of function call
58 | rand_seed = rand.randint(0, 1000)
59 | for i in range(0, len(wordlist)):
60 | if 0 <= rand_seed <= 749:
61 | if ecrpubenum.ecr_princ_checker(wordlist[i],session) == 'Pass':
62 | valid_list.append(wordlist[i])
63 | else:
64 | pass
65 | elif 750 <= rand_seed <= 919:
66 | if snsenum.sns_princ_checker(wordlist[i],session) == 'Pass':
67 | valid_list.append(wordlist[i])
68 | else:
69 | pass
70 | elif 920 <= rand_seed <= 1000:
71 | if ecrprivenum.ecr_princ_checker(wordlist[i],session) == 'Pass':
72 | valid_list.append(wordlist[i])
73 | else:
74 | pass
75 | else:
76 | print('Your rand_seed generator aint good at math')
77 | if valid_list == 0:
78 | pass
79 | else:
80 | q.put(valid_list)
81 |
82 | # Function to create a bunch of threads so we can go faster.
83 | threads = []
84 | new_list = []
85 | q = queue.Queue()
86 | def threader(words,session):
87 |
88 | global session1
89 | session1 = session
90 | # print(words)
91 | # print(session)
92 | print('')
93 | print('Identified Valid Principals:')
94 | ct1 = datetime.datetime.now()
95 | ts1 = ct1.timestamp()
96 | # For each list in the list of lists - trigger the "load balanced" principal checker
97 | length_check = [item for sublist in words for item in sublist]
98 | for list in words:
99 | x = threading.Thread(target=balancedchecker, args=(list))
100 | x.start()
101 | threads.append(x)
102 | #x.join()
103 | # Take the returns for each thread (a list of valid results) and make a list from them.
104 | for i in threads:
105 | new_list.append(q.get(i))
106 | # Flatten the new list
107 | flat_list = [item for sublist in new_list for item in sublist]
108 | # Write the results to valid_scan_results.txt in the results/ folder
109 | results_file = f'valid_scan_results-{timestamp}.txt'
110 | with open (results_file, 'a+') as file:
111 | for i in flat_list:
112 | file.write(str(i)+'\n')
113 |
114 | file.close()
115 |
116 |
117 | ct2 = datetime.datetime.now()
118 | ts2 = ct2.timestamp()
119 | # Provide basic stats on scan performance.
120 | print('')
121 | print('Scan Summary: ')
122 | print('# of Identified Valid Principals: '+str(len(flat_list)))
123 | print('# of Scanned Principals: '+ str(len(length_check)))
124 | percent = len(flat_list)/len(length_check)*100
125 | print('% Valid Principals: ' + str(percent) + '%')
126 | print('# of Minutes Elapsed: '+str(int(ts2-ts1)/60))
127 | print("# of Threads Utilized: "+str(len(threads)))
128 | print('')
129 | # If the id_generator was used to create words.txt, you'll want to clean that up, so we do.
130 | fileList=glob.glob("words-**")
131 | for filePath in fileList:
132 | try:
133 | main_path = os.getcwd()
134 | filePath_two = os.path.join(os.getcwd(),filePath)
135 | # print(filePath_two)
136 | os.remove(filePath_two)
137 | # sys.path.append(main_path)
138 | except Exception as f:
139 | print(f)
140 | print("Error while deleting file: ", filePath_two)
141 | return results_file
142 |
--------------------------------------------------------------------------------
/enumeration/rand_id_generator.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 |
4 | def rand_id_generator():
5 | list_size = int(input("How many potential account IDs would you like to scan?"))
6 | rand_seed = rand.randint(1,10)
7 | wordlist = f'words-{rand_seed}.txt'
8 | with open (wordlist, 'a+') as file:
9 | for i in range(0, list_size):
10 | rand_no = rand.randint(10**11, 10**12)
11 | file.write(str(rand_no)+'\n')
12 | return wordlist
--------------------------------------------------------------------------------
/enumeration/s3aclenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import boto3
3 | from botocore.exceptions import ClientError
4 | from botocore.config import Config
5 | from .. import settings
6 |
7 | # myconfig = Config(
8 | # retries = dict(
9 | # max_attempts = 10
10 | # )
11 | # )
12 | # client = boto3.client('s3')
13 |
14 | def s3_acl_princ_checker(rand_account_id,session):
15 | client = session.client('s3')
16 | try:
17 | client.put_bucket_acl(
18 | AccessControlPolicy={
19 | 'Grants': [
20 | {
21 | 'Grantee': {
22 | 'EmailAddress': rand_account_id,
23 | 'Type': 'AmazonCustomerByEmail',
24 | },
25 | 'Permission': 'READ'
26 | },
27 | ],
28 | 'Owner': {
29 | 'ID': settings.scan_objects[4]
30 | }
31 | },
32 | Bucket=settings.scan_objects[3],
33 | ExpectedBucketOwner=settings.account_no
34 | )
35 | return 'Pass'
36 | except BaseException as err:
37 | pass
--------------------------------------------------------------------------------
/enumeration/s3enum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import json
4 | import boto3
5 | from botocore.exceptions import ClientError
6 |
7 | # Establish boto3 sns session
8 | session = boto3.Session(profile_name='default')
9 | client = boto3.client('s3')
10 |
11 | def s3_princ_checker(rand_account_id):
12 | bucket_name = 'quiet-riot-global-bucket'
13 | my_managed_policy ={
14 | 'Version': '2012-10-17',
15 | 'Statement': [{
16 | 'Sid': 'AddPerm',
17 | 'Effect': 'Allow',
18 | 'Principal': {"AWS":f'{rand_account_id}'},
19 | 'Action': ['s3:GetObject'],
20 | 'Resource': f'arn:aws:s3:::{bucket_name}/*'
21 | }]
22 | }
23 | # Implement object to take my_managed_policy and parse for the generated account ID - then send that as return, not the fully policy
24 | try:
25 | response = client.put_bucket_policy(
26 | Bucket='quiet-riot-global-bucket', # TODO name of bucket that we put the policy against.
27 | ConfirmRemoveSelfBucketAccess=False,
28 | Policy=json.dumps(my_managed_policy),
29 | ExpectedBucketOwner='201012399609' # TODO name of expected bucket owner
30 | )
31 | print(rand_account_id)
32 | return("Pass")
33 |
34 | # Handles the exception thrown when the Principal doesn't exist
35 | except client.exceptions.from_code('MalformedPolicy') as e:
36 | return('Fail')
--------------------------------------------------------------------------------
/enumeration/secretsmanagerenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import json
4 | import boto3
5 | from botocore.exceptions import ClientError
6 | import uuid
7 |
8 | client = boto3.client('secretsmanager')
9 |
10 | def secretsmanager_princ_checker(rand_account_id):
11 | my_managed_policy={
12 | "Version": "2012-10-17",
13 | "Statement": [
14 | {
15 | "Effect": "Allow",
16 | "Action": "secretsmanager:*",
17 | "Principal": {"AWS": f'{rand_account_id}'},
18 | "Resource": "arn:aws:secretsmanager:us-east-1:201012399609:secret:test-secret-cZAvYf"
19 | }
20 | ]
21 | }
22 | try:
23 | response = client.put_resource_policy(
24 | SecretId='test-secret',
25 | ResourcePolicy=json.dumps(my_managed_policy)
26 | )
27 | return("Pass")
28 | # Handles the exception thrown when the Principal doesn't exist
29 | except client.exceptions.MalformedPolicyDocumentException as e:
30 | return("Fail")
--------------------------------------------------------------------------------
/enumeration/snsenum.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import random as rand
3 | import json
4 | import boto3
5 | from botocore.exceptions import ClientError
6 | import datetime
7 | from botocore.config import Config
8 | from .. import settings
9 | # #
10 | # config = Config(
11 | # retries = dict(
12 | # max_attempts = 10
13 | # )
14 | # )
15 | #
16 | # # Establish boto3 sns session
17 | # client = boto3.client('sns', config=config)
18 |
19 | valid_list = []
20 |
21 | def sns_princ_checker(rand_account_id,session):
22 | client = session.client('sns')
23 | my_managed_policy = {
24 | "Statement": [{
25 | "Sid": "grant-1234-publish",
26 | "Effect": "Allow",
27 | "Principal": {
28 | "AWS": f'{rand_account_id}'
29 | },
30 | "Action": ["sns:Publish"],
31 | "Resource": settings.scan_objects[2] # Needs to be replaced with the variable to allow this to be dynamically input.
32 | }]
33 | }
34 | try:
35 | response = client.set_topic_attributes(
36 | TopicArn=settings.scan_objects[2], # Needs to be set dynamically based on what gets spun up by the infra
37 | AttributeName='Policy',
38 | AttributeValue=json.dumps(my_managed_policy)
39 | )
40 | print(rand_account_id)
41 | return("Pass")
42 | # Handles the exception thrown when the Principal doesn't exist
43 | except client.exceptions.InvalidParameterException as e:
44 | return("Fail")
45 | except BaseException as err:
46 | print(f"You're being throttled by SNS and {rand_account_id} was not checked.")
47 | pass
--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import json
3 | import textwrap
4 | import boto3
5 | import time
6 | import sys
7 | import argparse
8 | import uuid
9 | import os
10 | from os import environ
11 | import glob
12 | from .enumeration import loadbalancer as loadbalancer
13 | from .enumeration import rand_id_generator as rand_id_generator
14 | from .enumeration import s3aclenum as s3aclenum
15 | from .enumeration import ecrprivenum
16 | from .enumeration import ecrpubenum
17 | from .enumeration import snsenum
18 | from . import settings
19 | from botocore.config import Config
20 | from pathlib import Path
21 | import requests as o365request
22 | import re
23 |
24 | # Define ANSI escape sequence colors
25 |
26 |
27 | # Requests user to provide required info to kick off scan
28 | def words_type(wordlist_type):
29 | while True:
30 |
31 | if str(wordlist_type) == '1':
32 | return 'accounts', 'none'
33 | elif str(wordlist_type) == '2':
34 | return 'micro_domain', 'none'
35 | elif str(wordlist_type) == 'roles':
36 | account_no = input('Provide an Account ID to scan against: ')
37 | print('')
38 | return 'roles', str(account_no)
39 |
40 | elif str(wordlist_type) == '3':
41 | account_no = input('Provide an Account ID to scan against: ')
42 | print('')
43 | return 'footprint', str(account_no)
44 | elif str(wordlist_type) == '4':
45 | return 'root account', 'none'
46 |
47 | elif str(wordlist_type) == '5':
48 | account_no = input('Provide an Account ID to scan against: ')
49 | print('')
50 | return 'roles', str(account_no)
51 | elif str(wordlist_type) == '6':
52 | print('')
53 | return 'micro_users', 'none'
54 | elif str(wordlist_type) == '7':
55 | print('')
56 | return 'gmail_user', 'none'
57 | elif str(wordlist_type) == '8':
58 | account_no = input('Provide an Account ID to scan against: ')
59 | print('')
60 | return 'users', str(account_no)
61 | else:
62 | print('You did not enter a valid Scan type.')
63 | print('')
64 | wordlist_type = input("\033[0;31m" + 'Enter a number between 1-6 ' + "\033[0m").lower()
65 |
66 |
67 | # Creates final wordlist based on type of scanning to be performed.
68 | def words(input_args, wordlist_type, session,email_option,email_list_path,email_eight_type,domain_name,micro_single_email,micro_timeout,micro_location_email,micro_email_type_response,micro_domain_name):
69 | ms_url = 'https://login.microsoftonline.com/common/GetCredentialType'
70 | timestamp = time.strftime("%Y%m%d-%H%M%S")
71 | wordlist_type, account_no = words_type(wordlist_type)
72 | # print(wordlist_type)
73 | wordlist_path = 'wordlist-' + wordlist_type + '-' + timestamp + '.txt'
74 | wordlist = os.path.join(os.getcwd(), wordlist_path)
75 | new_list = []
76 | while True:
77 | try:
78 | if wordlist_type == 'accounts':
79 | response = rand_id_generator.rand_id_generator()
80 | wordlist_file = response
81 | elif wordlist_type == 'footprint':
82 | wordlist_file = os.path.dirname(__file__) + '/wordlists/service-linked-roles.txt'
83 | elif wordlist_type == "micro_domain":
84 | valid_domain = []
85 | domain_name = micro_domain_name
86 | print(f"[info] Checking if the {domain_name} exists...\n")
87 | url = (
88 | f"https://login.microsoftonline.com/getuserrealm.srf?login=user@{domain_name}")
89 | request = o365request.get(url)
90 | # print(request)
91 | response = request.text
92 | # print(response)
93 | valid_response = re.search('"NameSpaceType":"Managed",', response)
94 | valid_response1 = re.search('"NameSpaceType":"Federated",', response)
95 | # if args.verbose:
96 | # print(domain_name, request, response, valid_response)
97 | if valid_response:
98 | print(f"[success] The listed domain {domain_name} exists. Domain is Managed.\n")
99 | valid_domain.append(micro_domain_name)
100 | elif valid_response1:
101 | print(f"[success] The listed domain {domain_name} exists. Domain is Federated.\n")
102 | valid_domain.append(micro_domain_name)
103 | else:
104 | print(f"[info] The listed domain {domain_name} does not exist.\n")
105 | print('')
106 | print("-----------Scaning Completed----------")
107 | print('')
108 | results_file = f'valid_scan_results-{timestamp}.txt'
109 | with open(results_file, 'a+') as f:
110 | for i in valid_domain:
111 | f.write("%s\n" % i)
112 |
113 | f.close()
114 | return results_file
115 |
116 | elif wordlist_type == 'root account' and email_option != 'seventh_type' and email_option != 'eighth_type':
117 | try:
118 | wordlist_file = os.path.dirname(__file__) + '/wordlists/final_emails.txt'
119 | except Exception as f:
120 | print(f)
121 | print("Error while reading file: ", wordlist_file)
122 |
123 | elif wordlist_type == 'root account' and email_list_path != '' and email_option == 'seventh_type':
124 | try:
125 | wordlist_file = email_list_path
126 | except Exception as f:
127 | print(f)
128 | print("Error while reading file: ", wordlist_file)
129 |
130 | #singel email handling
131 | elif wordlist_type == 'root account' and email_option == 'eighth_type' and email_eight_type != '':
132 | print('')
133 | print("Scanning for Potential Root Users")
134 | print('')
135 | print('Identified Root Account E-mail Addresses:')
136 | valid_emails = []
137 | my_list = []
138 | my_list.append(email_eight_type)
139 |
140 | for i in my_list:
141 | if s3aclenum.s3_acl_princ_checker(i, session) == 'Pass':
142 | print(str(i))
143 | print("")
144 | valid_emails.append(i)
145 | else:
146 | pass
147 |
148 | print("")
149 | print("-----------Scaning Completed----------")
150 |
151 | results_file = f'valid_scan_results-{timestamp}.txt'
152 | with open(results_file, 'a+') as f:
153 | for i in valid_emails:
154 | f.write("%s\n" % i)
155 |
156 | f.close()
157 | return results_file
158 |
159 | elif wordlist_type == "micro_users" and micro_email_type_response == 'second_type':
160 | micro_email_list = []
161 | email = micro_single_email
162 | s = o365request.session()
163 | body = '{"Username":"%s"}' % email
164 | request = o365request.post(ms_url, data=body)
165 | response_dict = request.json()
166 | response = request.text
167 | valid_response = re.search('"IfExistsResult":0,', response)
168 | valid_response5 = re.search('"IfExistsResult":5,', response)
169 | valid_response6 = re.search('"IfExistsResult":6,', response)
170 | invalid_response = re.search('"IfExistsResult":1,', response)
171 | desktopsso_response = re.search(
172 | '{"DesktopSsoEnabled":true,"UserTenantBranding":null,"DomainType":3}', response)
173 | throttling = re.search('"ThrottleStatus":1', response)
174 | # if args.verbose:
175 | # print('\n', email, s, body, request, response_dict, response, valid_response,
176 | # valid_response5, valid_response6, invalid_response, desktopsso_response, '\n')
177 | if desktopsso_response and not valid_response or valid_response5 or valid_response6:
178 | a = email
179 | b = " Result - Desktop SSO Enabled [!]"
180 | print(f'[!] {a:51} {b} ')
181 | micro_email_list.append(a)
182 | if invalid_response and not desktopsso_response:
183 | a = email
184 | b = " Result - Invalid Email Found! [-]"
185 | print( f"[-] {a:51} {b}")
186 | if valid_response or valid_response5 or valid_response6:
187 | a = email
188 | b = " Result - Valid Email Found! [+]"
189 | print(f"[+] {a:53} {b} ")
190 | micro_email_list.append(a)
191 | if throttling:
192 | print("\nResults suggest O365 is responding with false positives. Retry the scan in 1 minute.")
193 | sys.exit()
194 | if micro_timeout is not None:
195 | time.sleep(int(micro_timeout))
196 | print('')
197 | print("-----------Scaning Completed----------")
198 | print('')
199 | results_file = f'valid_scan_results-{timestamp}.txt'
200 | with open(results_file, 'a+') as f:
201 | for i in micro_email_list:
202 | f.write("%s\n" % i)
203 |
204 | f.close()
205 | return results_file
206 |
207 |
208 | elif wordlist_type == "micro_users" and micro_email_type_response == 'first_type':
209 | try:
210 | wordlist_file = micro_location_email
211 | except Exception as f:
212 | print(f)
213 | print("Error while reading file: ", wordlist_file)
214 |
215 | else:
216 | if str(input_args.wordlist) == '':
217 | wordlist_file = input("Provide the path to wordlist file : ")
218 | else:
219 | wordlist_file = input_args.wordlist
220 |
221 | print('')
222 | with open(wordlist_file) as file:
223 | my_list = [x.rstrip() for x in file]
224 | file.close()
225 | if wordlist_type == 'roles':
226 | for item in my_list:
227 | new_list.append('arn:aws:iam::' + account_no + ':role/' + item)
228 | with open(wordlist, 'a+') as f:
229 | for item in new_list:
230 | f.write("%s\n" % item)
231 | # Configure user-defined wordlist as roles for triggering via enumeration.loadbalancer.threader(getter())
232 | results_file = loadbalancer.threader(
233 | loadbalancer.getter(thread=input_args.threads, wordlist=wordlist), session=session)
234 | # print(results_file)
235 | return results_file
236 |
237 | elif wordlist_type == 'footprint':
238 | for item in my_list:
239 | new_list.append('arn:aws:iam::' + account_no + ':role/' + item)
240 | with open(wordlist, 'a+') as f:
241 | for item in new_list:
242 | f.write("%s\n" % item)
243 | # Configure user-defined wordlist as roles for triggering via enumeration.loadbalancer.threader(getter())
244 | results_file = loadbalancer.threader(
245 | loadbalancer.getter(thread=input_args.threads, wordlist=wordlist), session=session)
246 | return results_file
247 |
248 | elif wordlist_type == 'users':
249 | for item in my_list:
250 | new_list.append('arn:aws:iam::' + account_no + ':user/' + item)
251 | with open(wordlist, 'a+') as f:
252 | for item in new_list:
253 | f.write("%s\n" % item)
254 | # Configure user-defined wordlist as users for triggering via enumeration.loadbalancer.threader(getter())
255 | results_file = loadbalancer.threader(
256 | loadbalancer.getter(thread=input_args.threads, wordlist=wordlist), session=session)
257 | return results_file
258 |
259 | # TODO: Separate root accounts and setup s3 ACL check for root e-mail. Determine if root e-mail is only enumerable using s3 ACL
260 | elif wordlist_type == 'accounts':
261 | for item in my_list:
262 | new_list.append(item)
263 | with open(wordlist, 'a+') as f:
264 | for item in new_list:
265 | f.write("%s\n" % item)
266 |
267 | # Configure user-defined wordlist as account IDs or root account e-mails for triggering via enumeration.loadbalancer.threader(getter())
268 | results_file = loadbalancer.threader(
269 | loadbalancer.getter(thread=input_args.threads, wordlist=wordlist), session=session)
270 | return results_file
271 |
272 | elif wordlist_type == 'root account' and email_option == 'seventh_type':
273 | valid_emails = []
274 | print('')
275 | print("Scanning for Potential Root Users")
276 | print('')
277 | print('Identified Root Account E-mail Addresses:')
278 |
279 | for username in my_list:
280 | email = username.replace(' ','').lower() + '@' + str(domain_name)
281 | if s3aclenum.s3_acl_princ_checker(str(email), session) == 'Pass':
282 | print(str(email))
283 | print("")
284 | valid_emails.append(email)
285 | else:
286 | pass
287 | print("")
288 | print("-----------Scaning Completed----------")
289 | results_file = f'valid_scan_results-{timestamp}.txt'
290 | with open(results_file, 'a+') as f:
291 | for i in valid_emails:
292 | f.write("%s\n" % i)
293 |
294 | f.close()
295 | return results_file
296 |
297 | elif wordlist_type == 'gmail_user':
298 | valid_emails = []
299 | gmail_counter = 0
300 | print('')
301 | print("Scanning for G-Suite (Google Workspace) Users")
302 | print('')
303 | print('Identified G-suite (Google Workspace) Users: ')
304 |
305 | for username in my_list:
306 | params = {
307 | 'email': username,
308 | }
309 | try:
310 |
311 | response = o365request.get('https://mail.google.com/mail/gxlu', params=params)
312 | response_cookies = response.cookies
313 | if len(response_cookies) == 0:
314 | pass
315 | elif len(response_cookies) == 1:
316 | print('')
317 | print(username)
318 | valid_emails.append(username)
319 | gmail_counter = gmail_counter + 1
320 | except Exception as gmail_exc:
321 | print(gmail_exc)
322 | pass
323 | # response = request.json()
324 | # print(response)
325 |
326 | print("")
327 | print("-----------Scaning Completed----------")
328 | if gmail_counter == 0:
329 | print( '\nThere were no valid e-mails found.')
330 | elif gmail_counter == 1:
331 | print('\nQuiet Riot discovered one valid e-mail account.')
332 | else:
333 | print(f'\nQuiet Riot discovered {gmail_counter} valid e-mails.\n')
334 | print('')
335 | results_file = f'valid_scan_results-{timestamp}.txt'
336 | with open(results_file, 'a+') as f:
337 | for i in valid_emails:
338 | f.write("%s\n" % i)
339 |
340 | f.close()
341 | return results_file
342 |
343 | elif wordlist_type == 'root account' and email_option != 'seventh_type' and email_option != 'eight_type':
344 | valid_emails = []
345 | print('')
346 | print("Scanning for Potential Root Users")
347 | print('')
348 | print('Identified Root Account E-mail Addresses:')
349 |
350 | for i in my_list:
351 | if s3aclenum.s3_acl_princ_checker(i, session) == 'Pass':
352 | print(str(i))
353 | print("")
354 | valid_emails.append(i)
355 | else:
356 | pass
357 | print("")
358 | print("-----------Scaning Completed----------")
359 | print('')
360 | delete_files = input('Do you want to delete the wordlist to save space(yes/no)? ').lower()
361 | print('')
362 | while True:
363 |
364 | if delete_files == 'yes':
365 | try:
366 |
367 | comined_male_names = os.path.dirname(__file__) + '/wordlists/combined_male_names.txt'
368 | os.remove(comined_male_names)
369 |
370 | except Exception as com_male:
371 | print("Error in deleting Combined male names file")
372 | pass
373 | try:
374 |
375 | comined_female_names = os.path.dirname(__file__) + '/wordlists/combined_female_names.txt'
376 | os.remove(comined_female_names)
377 |
378 | except Exception as com_male:
379 | print("Error in deleting comined_female_names file")
380 | pass
381 | try:
382 |
383 | quiet_riot_names = os.path.dirname(__file__) + '/wordlists/names_quit_riot.txt'
384 | os.remove(quiet_riot_names)
385 |
386 | except Exception as com_male:
387 | print("Error in deleting quiet_riot_names file")
388 | pass
389 | try:
390 |
391 | comined_final_names = os.path.dirname(__file__) + '/wordlists/final_emails.txt'
392 | os.remove(comined_final_names)
393 |
394 | except Exception as com_male:
395 | print("Error in deleting comined_final_names file")
396 | pass
397 | break
398 | elif delete_files == 'no':
399 | break
400 | else:
401 | break
402 | results_file = f'valid_scan_results-{timestamp}.txt'
403 | with open(results_file, 'a+') as f:
404 | for i in valid_emails:
405 | f.write("%s\n" % i)
406 |
407 | f.close()
408 | return results_file
409 | break
410 |
411 |
412 | elif wordlist_type == "micro_users" and micro_email_type_response == 'first_type':
413 | counter = 0
414 | timeout_counter = 0
415 | valid_emails = []
416 | for line in my_list:
417 | s = o365request.session()
418 | email_line = line.split()
419 | email = ' '.join(email_line)
420 | body = '{"Username":"%s"}' % email
421 | request = o365request.post(ms_url, data=body)
422 | response = request.text
423 | valid_response = re.search('"IfExistsResult":0,', response)
424 | valid_response5 = re.search('"IfExistsResult":5,', response)
425 | valid_response6 = re.search('"IfExistsResult":6,', response)
426 | invalid_response = re.search('"IfExistsResult":1,', response)
427 | throttling = re.search('"ThrottleStatus":1', response)
428 | desktopsso_response = re.search(
429 | '{"DesktopSsoEnabled":true,"UserTenantBranding":null,"DomainType":3}', response)
430 | # if args.verbose:
431 | # print('\n', s, email_line, email, body, request, response, valid_response,
432 | # valid_response5, valid_response6, invalid_response, desktopsso_response, '\n')
433 | if desktopsso_response:
434 | a = email
435 | b = " Result - Desktop SSO Enabled [!]"
436 | print( f'[!] {a:51} {b} ')
437 | valid_emails.append(a)
438 | if invalid_response and not desktopsso_response:
439 | a = email
440 | b = " Result - Invalid Email Found! [-]"
441 | print(f"[-] {a:51} {b}" )
442 | if valid_response or valid_response5 or valid_response6:
443 | a = email
444 | b = " Result - Valid Email Found! [+]"
445 | print(f"[+] {a:51} {b}")
446 | valid_emails.append(a)
447 | counter = counter + 1
448 |
449 | if throttling:
450 | if micro_timeout is not None:
451 | timeout_counter = timeout_counter + 1
452 | if timeout_counter == 5:
453 | print(f'\n[warn] Results suggest O365 is responding with false positives.')
454 | print(f'\n[warn] Office365 has returned five false positives.\n')
455 | print(f'quiet_riot setting the wait time to 10 minutes. You can exit or allow the program to continue running.')
456 | time.sleep(int(300))
457 | print(f'\nScanning will continue in 5 minutes.')
458 | time.sleep(int(270))
459 | print(f'\nContinuing scan in 30 seconds.')
460 | time.sleep(int(30))
461 | timeout_counter = 0
462 | # sys.exit()
463 | else:
464 | print(f"\n[warn] Results suggest O365 is responding with false positives. Sleeping for {micro_timeout} seconds before trying again.\n")
465 | time.sleep(int(micro_timeout))
466 |
467 | else:
468 | print("\n[warn] Results suggest O365 is responding with false positives. Restart scan and provide timeout to slow request times.")
469 | sys.exit()
470 | if micro_timeout is not None:
471 | time.sleep(int(micro_timeout))
472 | if counter == 0:
473 | print( '\nThere were no valid logins found.')
474 | elif counter == 1:
475 | print('\nQuiet Riot discovered one valid login account.')
476 | else:
477 | print(f'\nQuiet Riot discovered {counter} valid login accounts.\n')
478 |
479 | print('')
480 | print("-----------Scaning Completed----------")
481 | print('')
482 |
483 | results_file = f'valid_scan_results-{timestamp}.txt'
484 | with open(results_file, 'a+') as f:
485 | for i in valid_emails:
486 | f.write("%s\n" % i)
487 |
488 | f.close()
489 | return results_file
490 |
491 |
492 | else:
493 | print('Scan type provided is not valid.')
494 | wordlist_type = input(
495 | "\033[0;31m" + 'Wordlist is intended to be accounts, roles, users, groups, or root account? ' + "\033[0m").lower()
496 |
497 | except OSError as e:
498 | print('')
499 | print('Provided filename does not appear to exist.')
500 | print('Provided filename does not appear to exist.')
501 | print(e)
502 | continue
503 |
504 |
505 | # def scan_inst():
506 |
507 | def main():
508 | environ["PYTHONIOENCODING"] = "UTF-8"
509 | orange = "\033[3;33m"
510 | green = "\033[0;32m"
511 | red = "\033[9=0;31m"
512 | nocolor = "\033[0m"
513 |
514 | # Create timestamp in preferred format for wordlist files
515 | timestamp = time.strftime("%Y%m%d-%H%M%S")
516 |
517 | parser = argparse.ArgumentParser(formatter_class=argparse.RawTextHelpFormatter,prog='quiet_riot' , usage=' %(prog)s [--help,--h help] [--scan,--s SCAN] [--threads,--t THREADS] [--wordlist,--w WORDLIST] [--profile,--p PROFILE]')
518 | parser.add_argument('--scan', '--s', required=True, type=int, default=1,
519 | help=textwrap.dedent('''\
520 | What type of scan do you want to attempt? Enter the type of scan for example
521 | 1. AWS Account IDs
522 | 2. Microsoft 365 Domains
523 | 3. AWS Services Footprinting
524 | 4. AWS Root User E-mail Address
525 | 5. AWS IAM Principals
526 | 4.1. IAM Roles
527 | 4.2. IAM Users
528 | 6. Microsoft 365 Users (e-mails)
529 | 7. Google Workspace Users (e-mails)
530 |
531 | '''))
532 |
533 | parser.add_argument('--threads', '--t', type=int, default=100,
534 | help=textwrap.dedent('''\
535 | Approximately how many threads do you think you want to run?
536 |
537 | '''))
538 |
539 | parser.add_argument('--wordlist', '--w', type=str, default="",
540 | help=textwrap.dedent('''\
541 | Path to the world list file which will be required for scan
542 |
543 | '''))
544 |
545 | parser.add_argument('--profile', '--p', type=str, default="default",
546 | help=textwrap.dedent('''Name of aws profile
547 |
548 | '''))
549 |
550 | input_args = parser.parse_args()
551 |
552 | print("Input arguments : " + str(input_args))
553 |
554 | # Deploy infrastructure for scanning
555 | print(f"""
556 | ________ .__ __ __________.__ __
557 | \_____ \ __ __|__| _____/ |_ \______ \__| _____/ |_
558 | / / \ \| | \ |/ __ \ __\ | _/ |/ _ \ __/
559 | / \_/. \ | / \ ___/| | | | \ ( <_> ) |
560 | \_____\ \_/____/|__|\___ >__| |____|_ /__|\____/|__|
561 | \__> \/ \/
562 | """)
563 | aws_profile_name = input_args.profile
564 |
565 | session = boto3.Session(profile_name=f'{aws_profile_name}')
566 | # print(session)
567 | s3 = session.client('s3')
568 | sts = session.client('sts')
569 | iam = session.client('iam')
570 | sns = session.client('sns')
571 | ecrprivate = session.client('ecr')
572 | ecrpublic = session.client('ecr-public')
573 |
574 | wordlist_type = str(input_args.scan)
575 | micro_domain_name = ''
576 | if wordlist_type == '2':
577 |
578 | print('')
579 | micro_domain_name = input("Domain Name to check for O365: ")
580 | print('')
581 | while True:
582 |
583 | if micro_domain_name != '':
584 | micro_domain_name = micro_domain_name
585 | break
586 |
587 | else:
588 | print('')
589 | micro_domain_name = input("Domain Name to check for O365: ")
590 | print('')
591 | def email_type():
592 |
593 | print(
594 | "E-mail Format (First and Last Names):\na. [first]@[domain]\nb. [first][last]@[domain]\nc. [first].[last]@[domain]\nd. [last]@[domain]\ne. [first]_[last]@[domain]\nf. [first_initial][last]@[domain]\ng. custom username list\nh. input single e-mail address\n")
595 | email_type_text = input("Enter an alphabet between a-h : ").lower()
596 | while True:
597 |
598 | if str(email_type_text) == 'a':
599 | return 'first_type'
600 | elif str(email_type_text) == 'b':
601 | return 'second_type'
602 | elif str(email_type_text) == 'c':
603 | return 'third_type'
604 | elif str(email_type_text) == 'd':
605 | return 'fourth_type'
606 | elif str(email_type_text) == 'e':
607 | return 'fifth_type'
608 | elif str(email_type_text) == 'f':
609 | return 'sixth_type'
610 | elif str(email_type_text) == 'g':
611 | return 'seventh_type'
612 | elif str(email_type_text) == 'h':
613 | return 'eighth_type'
614 |
615 | else:
616 | print('You did not enter a valid input.')
617 | print('')
618 | email_type_text = input("Enter an alphabet between a-h : ").lower()
619 | print('')
620 |
621 | def email_creation(email_option):
622 |
623 | family_names = os.path.dirname(__file__) + '/wordlists/familynames-usa-top1000.txt'
624 |
625 | female_name = os.path.dirname(__file__) + '/wordlists/femalenames-usa-top1000.txt'
626 |
627 | male_name = os.path.dirname(__file__) + '/wordlists/malenames-usa-top1000.txt'
628 |
629 |
630 | with open(family_names) as file:
631 | family_names_list = [x.rstrip() for x in file]
632 |
633 | with open(female_name) as file:
634 | female_names_list = [x.rstrip() for x in file]
635 |
636 | with open(male_name) as file:
637 | male_names_list = [x.rstrip() for x in file]
638 |
639 | combined_female_name = []
640 | for fam_name in family_names_list:
641 |
642 | for fe_name in female_names_list:
643 | female_final_name = fe_name + " " + fam_name
644 |
645 | combined_female_name.append(female_final_name)
646 |
647 | female_file = os.path.dirname(__file__) + '/wordlists/combined_female_names.txt'
648 | with open(female_file, 'w') as female_file:
649 | for i in combined_female_name:
650 | female_file.write(str(i) + '\n')
651 |
652 | female_file.close()
653 |
654 | combined_male_name = []
655 | for fam_name in family_names_list:
656 |
657 | for m_name in male_names_list:
658 | male_final_name = m_name + " " + fam_name
659 |
660 | combined_male_name.append(male_final_name)
661 |
662 | male_file = os.path.dirname(__file__) + '/wordlists/combined_male_names.txt'
663 | with open(male_file, 'w') as male_file:
664 | for i in combined_male_name:
665 | male_file.write(str(i) + '\n')
666 |
667 | male_file.close()
668 |
669 | random_final_names = combined_female_name + combined_male_name
670 |
671 | final_file = os.path.dirname(__file__) + '/wordlists/names_quit_riot.txt'
672 | with open(final_file, 'w') as final_file:
673 | for i in random_final_names:
674 | final_file.write(str(i) + '\n')
675 |
676 | final_file.close()
677 |
678 | email_list = []
679 | print('')
680 | domain_name = input("Domain Name: ")
681 | print('')
682 |
683 | while True:
684 |
685 | if domain_name != '':
686 | domain_name = domain_name
687 | break
688 |
689 | else:
690 | print('')
691 | domain_name = input("Domain Name: ")
692 | print('')
693 |
694 | for name in random_final_names:
695 |
696 | name = name.lower()
697 | if str(email_option) == 'first_type':
698 | email = name.split(" ")[0] + "@" + str(domain_name)
699 | email_list.append(email)
700 |
701 | elif str(email_option) == 'second_type':
702 |
703 | email = name.replace(" ", "") + "@" + str(domain_name)
704 | email_list.append(email)
705 |
706 | elif str(email_option) == 'third_type':
707 |
708 | email = name.replace(" ", ".") + "@" + str(domain_name)
709 | email_list.append(email)
710 |
711 | elif str(email_option) == 'fourth_type':
712 |
713 | email = name.split(" ")[1] + "@" + str(domain_name)
714 | email_list.append(email)
715 |
716 | elif str(email_option) == 'fifth_type':
717 |
718 | email = name.replace(" ", "_") + "@" + str(domain_name)
719 | email_list.append(email)
720 |
721 | elif str(email_option) == 'sixth_type':
722 |
723 | email = str(name[0]) + name.split(" ")[1] + "@" + str(domain_name)
724 | email_list.append(email)
725 | email_list_set = set(email_list)
726 |
727 | email_set_list = (list(email_list_set))
728 |
729 | final_email = os.path.dirname(__file__) + '/wordlists/final_emails.txt'
730 | with open(final_email, 'w') as final_file:
731 | for i in email_set_list:
732 | final_file.write(str(i) + '\n')
733 | print("Total Number of e-mail addresses generated: " + str(len(email_set_list)))
734 | def sub_scan_type():
735 | print("")
736 | print("1. IAM Roles")
737 | print("")
738 |
739 | print("2. IAM Users")
740 | print("")
741 |
742 | sub_iam_type = input("Kindly select one of the above scan types:")
743 | while True:
744 | if sub_iam_type == "1":
745 | wordlist_type = "5"
746 | return wordlist_type
747 |
748 | elif sub_iam_type == "2":
749 | wordlist_type = "8"
750 | return wordlist_type
751 |
752 | else:
753 | print('You did not enter a valid wordlist type.')
754 | print('')
755 | sub_iam_type = str(input("Enter a number 1 or 2 : "))
756 |
757 | # print(str(wordlist_type))
758 |
759 | if str(wordlist_type) == "5":
760 | wordlist_type = sub_scan_type()
761 |
762 | email_list_path = ''
763 | email_eight_type = ''
764 | domain_name = ''
765 | email_option = ''
766 | if str(wordlist_type) == "4":
767 | email_option = email_type()
768 | if str(email_option) == 'seventh_type':
769 | print('')
770 | email_list_path = input("Location to emails list file: ")
771 | print('')
772 | print('')
773 | domain_name = input("Domain Name: ")
774 | print('')
775 | while True:
776 |
777 | if email_list_path != '':
778 | email_list_path = email_list_path
779 | break
780 |
781 | else:
782 | print('')
783 | email_list_path = input("Location to emails list file: ")
784 | print('')
785 |
786 | while True:
787 |
788 | if domain_name != '':
789 | domain_name = domain_name
790 | break
791 |
792 | else:
793 | print('')
794 | domain_name = input("Domain Name: ")
795 | print('')
796 |
797 | elif str(email_option) == 'eighth_type':
798 | print('')
799 | email_eight_type = input("Enter full e-mail address: ").lower()
800 | print('')
801 |
802 | while True:
803 |
804 | if email_eight_type != '':
805 | email_eight_type = email_eight_type
806 | break
807 |
808 | else:
809 | print('')
810 | email_eight_type = input("Enter full e-mail address: ").lower()
811 | print('')
812 |
813 | else:
814 | email_creation(email_option)
815 | def micro_email_type():
816 |
817 | print(
818 | "Validate a list of e-mails or single e-mail:\na. Custom e-mail list\nb. Input single e-mail address\n")
819 | email_type_text = input("Enter an alphabet(a/b): ").lower()
820 | while True:
821 |
822 | if str(email_type_text) == 'a':
823 | return 'first_type'
824 | elif str(email_type_text) == 'b':
825 | return 'second_type'
826 |
827 | else:
828 | print('You did not enter a valid input.')
829 | print('')
830 | email_type_text = input("Enter an alphabet(a/b): ").lower()
831 | print('')
832 |
833 | micro_single_email = ''
834 | micro_location_email = ''
835 | micro_timeout = None
836 | micro_email_type_response = ''
837 | if str(wordlist_type) == '6':
838 | micro_email_type_response = micro_email_type()
839 | if micro_email_type_response == 'second_type':
840 |
841 | print('')
842 | micro_single_email = input("Enter full e-mail address: ")
843 | print('')
844 |
845 | while True:
846 |
847 | if micro_single_email != '':
848 | micro_single_email = micro_single_email
849 | break
850 |
851 | else:
852 | print('')
853 | micro_single_email = input("Enter full e-mail address: ")
854 | print('')
855 |
856 | elif micro_email_type_response == 'first_type':
857 |
858 | print('')
859 | micro_location_email = input("Location to emails list file: ")
860 | print('')
861 |
862 | while True:
863 |
864 | if micro_location_email != '':
865 | micro_location_email = micro_location_email
866 | break
867 |
868 | else:
869 | print('')
870 | micro_location_email = input("Location to emails list file: ")
871 | print('')
872 |
873 | micro_timeout = input("Provide the timeout between requests in sec: ")
874 | print('')
875 | if micro_timeout == '':
876 | micro_timeout = None
877 |
878 | # Create s3 bucket to scan against for root account e-mail addresses.
879 |
880 | # global_bucket = 's3://quiet-riot-global-bucket/'
881 |
882 | # initialize
883 | #############################################################################
884 | ## ##
885 | ## Deployment of Enumeration Infra based on user preference ##
886 | ## ##
887 | #############################################################################
888 |
889 | # Create ECR Public Repository - Resource that has IAM policy attachment
890 | ecr_public_repo = f'quiet-riot-public-repo-{uuid.uuid4().hex}'
891 | ecrpublic.create_repository(
892 | repositoryName=ecr_public_repo
893 | )
894 | # Create ECR Private Repository - Resource that has IAM policy attachment
895 | ecr_private_repo = f'quiet-riot-private-repo-{uuid.uuid4().hex}'
896 | ecrprivate.create_repository(
897 | repositoryName=ecr_private_repo
898 | )
899 | # Create SNS Topic - Resource that has IAM policy attachment
900 | sns_topic = f'quiet-riot-sns-topic-{uuid.uuid4().hex}'
901 | sns.create_topic(
902 | Name=sns_topic
903 | )
904 | # Create s3 bucket to scan against for root account e-mail addresses.
905 | s3_bucket = f'quiet-riot-bucket-{uuid.uuid4().hex}'
906 | s3.create_bucket(
907 | Bucket=s3_bucket
908 | )
909 |
910 | canonical_id = s3.list_buckets()['Owner']['ID']
911 | # Generate list from created resource names
912 | settings.init(session)
913 | settings.scan_objects.append(ecr_public_repo)
914 | settings.scan_objects.append(ecr_private_repo)
915 | settings.scan_objects.append("arn:aws:sns:us-east-1:" + settings.account_no + ":" + sns_topic)
916 | settings.scan_objects.append(s3_bucket)
917 | settings.scan_objects.append(canonical_id)
918 | # print("Calling the words function-------")
919 | # Call initial workflow that takes a user wordlist and starts a scan.
920 |
921 | account_arn = sts.get_caller_identity()['Arn']
922 |
923 | results_file = words(input_args, wordlist_type, session,email_option,email_list_path,email_eight_type,domain_name,micro_single_email,micro_timeout,micro_location_email,micro_email_type_response,micro_domain_name)
924 | # print(results_file)
925 | default_bucket_name = "quiet-riot-" + settings.account_no
926 |
927 | buckets = s3.list_buckets()
928 | bucket_flag = 0
929 |
930 | for i in range(0, len(buckets['Buckets'])):
931 | if str(default_bucket_name) in buckets['Buckets'][i]['Name']:
932 | bucket_flag = 1
933 | print("S3 bucket is already there with this name: " + default_bucket_name)
934 | break
935 | else:
936 | bucket_flag = 0
937 | pass
938 |
939 | if bucket_flag == 0:
940 | print("Creating S3 bucket for uploading results: " + default_bucket_name)
941 | s3_bucket = f'{str(default_bucket_name)}'
942 | s3.create_bucket(
943 | Bucket=s3_bucket,
944 | ACL='private'
945 | )
946 | response_public = s3.put_public_access_block(
947 | Bucket=f'{str(default_bucket_name)}',
948 | PublicAccessBlockConfiguration={
949 | 'BlockPublicAcls': True,
950 | 'IgnorePublicAcls': True,
951 | 'BlockPublicPolicy': True,
952 | 'RestrictPublicBuckets': True
953 | },
954 | )
955 |
956 | time.sleep(4)
957 |
958 | try:
959 | result_file_path = os.path.join(os.getcwd(), results_file)
960 | s3.put_object(
961 | Body=open(f'{result_file_path}', 'rb'),
962 | Bucket=f'{default_bucket_name}',
963 | Key=f'{results_file}'
964 | )
965 | bucket_obj_url = s3.generate_presigned_url('get_object',
966 | Params={'Bucket': default_bucket_name,
967 | 'Key': results_file},
968 | ExpiresIn=604800)
969 | print("")
970 | print("Download your scan results:")
971 | print("")
972 | print(bucket_obj_url)
973 | except Exception as result_exc:
974 | print(result_exc)
975 | print("There is some error in uploading file to S3 bucket")
976 |
977 | try:
978 |
979 | results_file1 = glob.glob("valid_scan_results-*")
980 |
981 | for filePath_results in results_file1:
982 |
983 | try:
984 | # print(filePath)
985 | results_file_path = os.path.join(os.getcwd(), filePath_results)
986 | # print(results_file_path)
987 | os.remove(results_file_path)
988 |
989 | except Exception as result_file_exc:
990 |
991 | print(result_file_exc)
992 | print("Error while deleting file")
993 |
994 |
995 | except Exception as result_file_exc:
996 | print(result_file_exc)
997 |
998 | # Request whether user is finished with infrastructure
999 |
1000 | while True:
1001 | print('')
1002 | time.sleep(1)
1003 | prompt1 = 'yes' # TODO: figure out why it can't take "no" - the threads never finish a second time through...think I need to clear the threads... #input('Finished Scanning? Answer "yes" to delete your infrastructure: ').lower()
1004 | time.sleep(1)
1005 | # If user is finished with infrastructure, delete the created infrastructure
1006 | if prompt1 == 'yes':
1007 | buckets = s3.list_buckets()
1008 | # print(buckets)
1009 | for i in range(0, len(buckets['Buckets'])):
1010 | if len(buckets['Buckets']) != 0:
1011 | if 'quiet-riot-bucket' in buckets['Buckets'][i]['Name']:
1012 | try:
1013 | # print("Deleting Quiet Riot Infrastructure: " + buckets['Buckets'][i]['Name'])
1014 | s3.delete_bucket(Bucket=buckets['Buckets'][i]['Name'])
1015 | except Exception:
1016 | pass
1017 | else:
1018 | pass
1019 | # Delete ECR Public Repository - Resource that has IAM policy attachment
1020 | public_repos = ecrpublic.describe_repositories()
1021 | for i in range(0, len(public_repos['repositories'])):
1022 | if len(public_repos['repositories']) != 0:
1023 | if 'quiet-riot-public-repo' in public_repos['repositories'][i]['repositoryName']:
1024 | # print(
1025 | # "Deleting Quiet Riot Infrastructure: " + public_repos['repositories'][i]['repositoryName'])
1026 | ecrpublic.delete_repository(repositoryName=public_repos['repositories'][i]['repositoryName'])
1027 | else:
1028 | pass
1029 | # Delete ECR Private Repository - Resource that has IAM policy attachment
1030 | private_repos = ecrprivate.describe_repositories()
1031 | for i in range(0, len(private_repos['repositories'])):
1032 | if len(private_repos['repositories']) != 0:
1033 | if 'quiet-riot-private-repo' in private_repos['repositories'][i]['repositoryName']:
1034 | # print(
1035 | # "Deleting Quiet Riot Infrastructure: " + private_repos['repositories'][i]['repositoryName'])
1036 | ecrprivate.delete_repository(repositoryName=private_repos['repositories'][i]['repositoryName'])
1037 | else:
1038 | pass
1039 | # Delete SNS Topic - Resource that has IAM policy attachment
1040 | sns_topics = sns.list_topics()
1041 | for i in range(0, len(sns_topics['Topics'])):
1042 | if len(sns_topics['Topics']) != 0:
1043 | if 'quiet-riot-sns-topic' in sns_topics['Topics'][i]['TopicArn']:
1044 | # print("Deleting Quiet Riot Infrastructure: " + sns_topics['Topics'][i]['TopicArn'])
1045 | sns.delete_topic(TopicArn=sns_topics['Topics'][i]['TopicArn'])
1046 | else:
1047 | pass
1048 | else:
1049 | print("There are no topics to delete.")
1050 | print('')
1051 | # Ask user if they want valid principals file downloaded
1052 | print('')
1053 | # TODO: Create control flow logic to ask user if willing to upload valid principals to global quiet-riot bucket maintained by Righteous Gambit Research
1054 | try:
1055 | fileList = glob.glob("wordlist-**")
1056 | for filePath in fileList:
1057 | try:
1058 | # print(filePath)
1059 | wordlist_file_path = os.path.join(os.getcwd(), filePath)
1060 | # print(wordlist_file_path)
1061 | os.remove(wordlist_file_path)
1062 | except Exception as text_file:
1063 | print(text_file)
1064 | print("Error while deleting wordlist file: ", wordlist_file_path)
1065 |
1066 | except Exception as wordlist_file_exc:
1067 | print(wordlist_file_exc)
1068 |
1069 | sys.exit()
1070 | elif prompt1 == 'no':
1071 | print('')
1072 | print(
1073 | "\033[0;32m" + f'If you have uploaded a wordlist, you can review your validated principals @ valid_principals.txt in your local directory.' + "\033[0m")
1074 | print('')
1075 | keep_going = input('Configure another wordlist? ').lower()
1076 | print('')
1077 | if keep_going == 'yes':
1078 | words()
1079 | elif keep_going == 'no':
1080 | pass
1081 | else:
1082 | print('Provided response is not valid. Response must be "yes" or "no".')
1083 | print('')
1084 | keep_going = input('Configure another wordlist? ').lower()
1085 | else:
1086 | print('')
1087 | print('Provided response is not valid. Response must be "yes" or "no".')
1088 |
--------------------------------------------------------------------------------
/results/scan-run-statistics.txt:
--------------------------------------------------------------------------------
1 | Scan Summary:
2 | Enumeration Service: s3
3 | List Length: 5000 words
4 | # of Threads: 278
5 | 72 Seconds Elapsed
6 | 1.2 Minutes
7 |
8 | Scan Summary:
9 | Enumeration Service: s3
10 | List Length: 5000 words
11 | # of Threads: 278
12 | 42 Seconds Elapsed
13 | 0.7 Minutes
14 |
15 | Scan Summary:
16 | Enumeration Service: s3
17 | List Length: 5000 words
18 | # of Threads: 278
19 | 92 Seconds Elapsed
20 | 1.5333333333333334 Minutes
21 |
22 | Scan Summary:
23 | Enumeration Service: s3
24 | List Length: 5000 words
25 | # of Threads: 278
26 | 52 Seconds Elapsed
27 | 0.8666666666666667 Minutes
28 |
29 | Scan Summary:
30 | Enumeration Service: s3
31 | List Length: 5000 words
32 | # of Threads: 278
33 | 47 Seconds Elapsed
34 | 0.7833333333333333 Minutes
35 |
36 | Scan Summary:
37 | Enumeration Service: s3
38 | List Length: 5000 words
39 | # of Threads: 278
40 | 42 Seconds Elapsed
41 | 0.7 Minutes
42 |
43 | Scan Summary:
44 | Enumeration Service: s3
45 | List Length: 5000 words
46 | # of Threads: 278
47 | 73 Seconds Elapsed
48 | 1.2166666666666666 Minutes
49 |
50 | Scan Summary:
51 | Enumeration Service: s3
52 | List Length: 5000 words
53 | # of Threads: 278
54 | 55 Seconds Elapsed
55 | 0.9166666666666666 Minutes
56 |
57 | Scan Summary:
58 | Enumeration Service: s3
59 | List Length: 5000 words
60 | # of Threads: 278
61 | 68 Seconds Elapsed
62 | 1.1333333333333333 Minutes
63 |
64 | Scan Summary:
65 | Enumeration Service: s3
66 | List Length: 5000 words
67 | # of Threads: 278
68 | 88 Seconds Elapsed
69 | 1.4666666666666666 Minutes
70 |
71 | Scan Summary:
72 | Enumeration Service: ECR-Public
73 | List Length: 5000 words
74 | # of Threads: 278
75 | 7 Seconds Elapsed
76 | 0.11666666666666667 Minutes
77 |
78 | Scan Summary:
79 | Enumeration Service: ECR-Public
80 | List Length: 5000 words
81 | # of Threads: 278
82 | 6 Seconds Elapsed
83 | 0.1 Minutes
84 |
85 | Scan Summary:
86 | Enumeration Service: ECR-Public
87 | List Length: 5000 words
88 | # of Threads: 278
89 | 6 Seconds Elapsed
90 | 0.1 Minutes
91 |
92 | Scan Summary:
93 | Enumeration Service: ECR-Public
94 | List Length: 5000 words
95 | # of Threads: 278
96 | 8 Seconds Elapsed
97 | 0.13333333333333333 Minutes
98 |
99 | Scan Summary:
100 | Enumeration Service: ECR-Public
101 | List Length: 5000 words
102 | # of Threads: 278
103 | 5 Seconds Elapsed
104 | 0.08333333333333333 Minutes
105 |
106 | Scan Summary:
107 | Enumeration Service: ECR-Public
108 | List Length: 5000 words
109 | # of Threads: 278
110 | 7 Seconds Elapsed
111 | 0.11666666666666667 Minutes
112 |
113 | Scan Summary:
114 | Enumeration Service: ECR-Public
115 | List Length: 5000 words
116 | # of Threads: 278
117 | 6 Seconds Elapsed
118 | 0.1 Minutes
119 |
120 | Scan Summary:
121 | Enumeration Service: ECR-Public
122 | List Length: 5000 words
123 | # of Threads: 278
124 | 6 Seconds Elapsed
125 | 0.1 Minutes
126 |
127 | Scan Summary:
128 | Enumeration Service: ECR-Public
129 | List Length: 5000 words
130 | # of Threads: 278
131 | 6 Seconds Elapsed
132 | 0.1 Minutes
133 |
134 | Scan Summary:
135 | Enumeration Service: ECR-Public
136 | List Length: 5000 words
137 | # of Threads: 278
138 | 6 Seconds Elapsed
139 | 0.1 Minutes
140 |
141 | FIRST SCAN WITH ECR-Private FAILED w/ 278 threads. Backing down to 110.
142 |
143 | Scan Summary:
144 | Enumeration Service: ECR-Private
145 | List Length: 5000 words
146 | # of Threads: 112
147 | 5 Seconds Elapsed
148 | 0.08333333333333333 Minutes
149 |
150 | Scan Summary:
151 | Enumeration Service: ECR-Private
152 | List Length: 5000 words
153 | # of Threads: 112
154 | 5 Seconds Elapsed
155 | 0.08333333333333333 Minutes
156 |
157 | Scan Summary:
158 | Enumeration Service: ECR-Private
159 | List Length: 5000 words
160 | # of Threads: 112
161 | 7 Seconds Elapsed
162 | 0.11666666666666667 Minutes
163 |
164 | Scan Summary:
165 | Enumeration Service: ECR-Private
166 | List Length: 5000 words
167 | # of Threads: 112
168 | 5 Seconds Elapsed
169 | 0.08333333333333333 Minutes
170 |
171 | Scan Summary:
172 | Enumeration Service: ECR-Private
173 | List Length: 5000 words
174 | # of Threads: 112
175 | 6 Seconds Elapsed
176 | 0.1 Minutes
177 |
178 | Scan Summary:
179 | Enumeration Service: ECR-Private
180 | List Length: 5000 words
181 | # of Threads: 112
182 | 4 Seconds Elapsed
183 | 0.06666666666666667 Minutes
184 |
185 | Scan Summary:
186 | Enumeration Service: ECR-Private
187 | List Length: 5000 words
188 | # of Threads: 112
189 | 5 Seconds Elapsed
190 | 0.08333333333333333 Minutes
191 |
192 | Scan Summary:
193 | Enumeration Service: ECR-Private
194 | List Length: 5000 words
195 | # of Threads: 112
196 | 5 Seconds Elapsed
197 | 0.08333333333333333 Minutes
198 |
199 | Scan Summary:
200 | Enumeration Service: ECR-Private
201 | List Length: 5000 words
202 | # of Threads: 112
203 | 5 Seconds Elapsed
204 | 0.08333333333333333 Minutes
205 |
206 | AFTER 9 successful runs - got throttled on Attempt 10 - moving on to SNS
207 |
208 | Scan Summary:
209 | Enumeration Service: SNS
210 | List Length: 5000 words
211 | # of Threads: 278
212 | 7 Seconds Elapsed
213 | 0.11666666666666667 Minutes
214 |
215 | Scan Summary:
216 | Enumeration Service: SNS
217 | List Length: 5000 words
218 | # of Threads: 278
219 | 10 Seconds Elapsed
220 | 0.16666666666666666 Minutes
221 |
222 | Scan Summary:
223 | Enumeration Service: SNS
224 | List Length: 5000 words
225 | # of Threads: 278
226 | 5 Seconds Elapsed
227 | 0.08333333333333333 Minutes
228 |
229 | Scan Summary:
230 | Enumeration Service: SNS
231 | List Length: 5000 words
232 | # of Threads: 278
233 | 6 Seconds Elapsed
234 | 0.1 Minutes
235 |
236 | Scan Summary:
237 | Enumeration Service: SNS
238 | List Length: 5000 words
239 | # of Threads: 278
240 | 6 Seconds Elapsed
241 | 0.1 Minutes
242 |
243 | Scan Summary:
244 | Enumeration Service: SNS
245 | List Length: 5000 words
246 | # of Threads: 278
247 | 6 Seconds Elapsed
248 | 0.1 Minutes
249 |
250 | Scan Summary:
251 | Enumeration Service: SNS
252 | List Length: 5000 words
253 | # of Threads: 278
254 | 9 Seconds Elapsed
255 | 0.15 Minutes
256 |
257 | Scan Summary:
258 | Enumeration Service: SNS
259 | List Length: 5000 words
260 | # of Threads: 278
261 | 7 Seconds Elapsed
262 | 0.11666666666666667 Minutes
263 |
264 | Scan Summary:
265 | Enumeration Service: SNS
266 | List Length: 5000 words
267 | # of Threads: 278
268 | 6 Seconds Elapsed
269 | 0.1 Minutes
270 |
271 | Scan Summary:
272 | Enumeration Service: SNS
273 | List Length: 5000 words
274 | # of Threads: 278
275 | 7 Seconds Elapsed
276 | 0.11666666666666667 Minutes
277 |
278 | #############################
279 | Advanced Testing Runs
280 | #############################
281 |
282 | Scan Summary:
283 | # of Valid Principals:28Enumeration Service: ECR-Public + SNS
284 | List Length: 500000 words
285 | # of Threads: 701
286 | 409 Seconds Elapsed
287 | 6.816666666666666 Minutes
288 |
289 | Scan Summary:
290 | # of Valid Principals:24Enumeration Service: ECR-Public + SNS
291 | List Length: 500000 words
292 | # of Threads: 701
293 | 426 Seconds Elapsed
294 | 7.1 Minutes
295 |
296 | Scan Summary:
297 | Enumeration Service: ECR-Public + SNS
298 | # of Threads: 0
299 | 0 Seconds Elapsed
300 | 0.0 Minutes
301 |
302 |
--------------------------------------------------------------------------------
/results/valid_scan_results.txt:
--------------------------------------------------------------------------------
1 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
2 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
3 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
4 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
5 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
6 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
7 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
8 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
9 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
10 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
11 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
12 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
13 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
14 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
15 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
16 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
17 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
18 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
19 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
20 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
21 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
22 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
23 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
24 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
25 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
26 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
27 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
28 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
29 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
30 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
31 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
32 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
33 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
34 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
35 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
36 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
37 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
38 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
39 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
40 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
41 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
42 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
43 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
44 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
45 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
46 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
47 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
48 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
49 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
50 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
51 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
52 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
53 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
54 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
55 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
56 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
57 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
58 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
59 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
60 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
61 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
62 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
63 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
64 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
65 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
66 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
67 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
68 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
69 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
70 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
71 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
72 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
73 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
74 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
75 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
76 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
77 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
78 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
79 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
80 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
81 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
82 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
83 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
84 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
85 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
86 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
87 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
88 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
89 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
90 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
91 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
92 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
93 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
94 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
95 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
96 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
97 | arn:aws:iam::486694884707:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
98 | arn:aws:iam::486694884707:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
99 | arn:aws:iam::486694884707:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
100 | arn:aws:iam::486694884707:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
101 | arn:aws:iam::486694884707:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
102 | arn:aws:iam::486694884707:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
103 | arn:aws:iam::486694884707:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
104 | arn:aws:iam::486694884707:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
105 | arn:aws:iam::486694884707:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
106 | arn:aws:iam::486694884707:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
107 | arn:aws:iam::486694884707:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
108 | arn:aws:iam::486694884707:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
109 |
--------------------------------------------------------------------------------
/settings.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import boto3
3 |
4 | def init(session):
5 | sts = session.client('sts')
6 | global scan_objects
7 | scan_objects = []
8 | global account_no
9 | account_no = sts.get_caller_identity()['Account']
10 |
--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
1 | import setuptools
2 |
3 | REQUIRES = [
4 | "setuptools>=42",
5 | "wheel",
6 | "boto3>=1.17.84",
7 | "requests>=2.28.1"
8 | ]
9 | with open("README.md", "r", encoding="utf-8") as fh:
10 | long_description = fh.read()
11 |
12 | setuptools.setup(
13 | name="quiet_riot",
14 | version="1.0.6",
15 | author="Wess ladd",
16 | author_email="wesladd@traingrc.com",
17 | description="Cloud Recon Tool",
18 | long_description=long_description,
19 | long_description_content_type="text/markdown",
20 | package_data={'quiet_riot': ["results/*.txt","wordlists/*.txt","*.txt","enumeration/*"]},
21 | install_requires=REQUIRES,
22 | url="https://github.com/pypa/sampleproject",
23 | classifiers=[
24 | "Programming Language :: Python :: 3",
25 | "Operating System :: OS Independent",
26 | ],
27 | # package_dir={"": "src"},
28 | entry_points={"console_scripts": "quiet_riot=quiet_riot.main:main"},
29 | # zip_safe=True,
30 | packages=setuptools.find_packages(),
31 |
32 | python_requires=">=3.7"
33 | )
34 |
--------------------------------------------------------------------------------
/terraform/.terraform-version:
--------------------------------------------------------------------------------
1 | 0.14.0
--------------------------------------------------------------------------------
/terraform/.terraform.lock.hcl:
--------------------------------------------------------------------------------
1 | # This file is maintained automatically by "terraform init".
2 | # Manual edits may be lost in future updates.
3 |
4 | provider "registry.terraform.io/hashicorp/aws" {
5 | version = "3.63.0"
6 | constraints = "3.63.0"
7 | hashes = [
8 | "h1:Z+2GvXLgqQ/uPMH8dv+dXJ/t+jd6sriYjhCJS6kSO6g=",
9 | "zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287",
10 | "zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325",
11 | "zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748",
12 | "zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2",
13 | "zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e",
14 | "zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3",
15 | "zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f",
16 | "zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d",
17 | "zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6",
18 | "zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af",
19 | "zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3",
20 | ]
21 | }
22 |
--------------------------------------------------------------------------------
/terraform/README.md:
--------------------------------------------------------------------------------
1 | This Terraform populates an AWS Account that has all the different IAM resources that we enumerate for, and nothing else. It will have all the SLRs that we check for, some dummy users, and other stuff.
2 |
3 | We can use these for integration tests. Since AWS Account IDs are clearly no longer sensitive, the account ID that we use is: `227156886084`.
4 |
5 | # Instructions
6 |
7 | Feel free to use these instructions to replicate them in your own test environment.
8 |
9 | ## Creating the resources
10 |
11 | * Ensure you are authenticated to AWS with admin privileges
12 | * Install Terraform 0.14.0 and create the resources in AWS:
13 |
14 | ```bash
15 | brew install tfenv
16 | tfenv install 0.14.0
17 | terraform init
18 | terraform plan
19 | terraform apply -auto-approve
20 | ```
21 |
22 | ## Validating resource deployment
23 |
24 | ### Listing all SLRs
25 |
26 | * To list the Service Linked Roles (SLRs) that were created, run the following:
27 |
28 | ```bash
29 | aws iam list-roles | jq ".Roles" | jq -r ".[].Arn" | grep "aws-service-role"
30 | ```
31 |
32 | The output will look like the following:
33 |
34 |
35 | Click to expand!
36 |
37 |
38 | ```
39 | arn:aws:iam::227156886084:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
40 | arn:aws:iam::227156886084:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket
41 | arn:aws:iam::227156886084:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime
42 | arn:aws:iam::227156886084:role/aws-service-role/transcription.chime.amazonaws.com/AWSServiceRoleForAmazonChimeTranscription
43 | arn:aws:iam::227156886084:role/aws-service-role/voiceconnector.chime.amazonaws.com/AWSServiceRoleForAmazonChimeVoiceConnector
44 | arn:aws:iam::227156886084:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer
45 | arn:aws:iam::227156886084:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmailService
46 | arn:aws:iam::227156886084:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect
47 | arn:aws:iam::227156886084:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS
48 | arn:aws:iam::227156886084:role/aws-service-role/eks-connector.amazonaws.com/AWSServiceRoleForAmazonEKSConnector
49 | arn:aws:iam::227156886084:role/aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate
50 | arn:aws:iam::227156886084:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup
51 | arn:aws:iam::227156886084:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService
52 | arn:aws:iam::227156886084:role/aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers
53 | arn:aws:iam::227156886084:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
54 | arn:aws:iam::227156886084:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector
55 | arn:aws:iam::227156886084:role/aws-service-role/macie.amazonaws.com/AWSServiceRoleForAmazonMacie
56 | arn:aws:iam::227156886084:role/aws-service-role/mq.amazonaws.com/AWSServiceRoleForAmazonMQ
57 | arn:aws:iam::227156886084:role/aws-service-role/accountdiscovery.ssm.amazonaws.com/AWSServiceRoleForAmazonSSM_AccountDiscovery
58 | arn:aws:iam::227156886084:role/aws-service-role/opsinsights.ssm.amazonaws.com/AWSServiceRoleForAmazonSSM_OpsInsights
59 | arn:aws:iam::227156886084:role/aws-service-role/worklink.amazonaws.com/AWSServiceRoleForAmazonWorkLink
60 | arn:aws:iam::227156886084:role/aws-service-role/events.workmail.amazonaws.com/AWSServiceRoleForAmazonWorkMailEvents
61 | arn:aws:iam::227156886084:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
62 | arn:aws:iam::227156886084:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet
63 | arn:aws:iam::227156886084:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable
64 | arn:aws:iam::227156886084:role/aws-service-role/comprehend.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ComprehendEndpoint
65 | arn:aws:iam::227156886084:role/aws-service-role/custom-resource.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CustomResource
66 | arn:aws:iam::227156886084:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable
67 | arn:aws:iam::227156886084:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest
68 | arn:aws:iam::227156886084:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService
69 | arn:aws:iam::227156886084:role/aws-service-role/elasticache.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ElastiCacheRG
70 | arn:aws:iam::227156886084:role/aws-service-role/kafka.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_KafkaCluster
71 | arn:aws:iam::227156886084:role/aws-service-role/lambda.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_LambdaConcurrency
72 | arn:aws:iam::227156886084:role/aws-service-role/neptune.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_NeptuneCluster
73 | arn:aws:iam::227156886084:role/aws-service-role/rds.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_RDSCluster
74 | arn:aws:iam::227156886084:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint
75 | arn:aws:iam::227156886084:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport
76 | arn:aws:iam::227156886084:role/aws-service-role/mgn.amazonaws.com/AWSServiceRoleForApplicationMigrationService
77 | arn:aws:iam::227156886084:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh
78 | arn:aws:iam::227156886084:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner
79 | arn:aws:iam::227156886084:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager
80 | arn:aws:iam::227156886084:role/aws-service-role/autoscaling-plans.amazonaws.com/AWSServiceRoleForAutoScalingPlans_EC2AutoScaling
81 | arn:aws:iam::227156886084:role/aws-service-role/management.chatbot.amazonaws.com/AWSServiceRoleForAWSChatbot
82 | arn:aws:iam::227156886084:role/aws-service-role/cloud9.amazonaws.com/AWSServiceRoleForAWSCloud9
83 | arn:aws:iam::227156886084:role/aws-service-role/license-manager.master-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMasterAccountRole
84 | arn:aws:iam::227156886084:role/aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole
85 | arn:aws:iam::227156886084:role/aws-service-role/license-manager.amazonaws.com/AWSServiceRoleForAWSLicenseManagerRole
86 | arn:aws:iam::227156886084:role/aws-service-role/panorama.amazonaws.com/AWSServiceRoleForAWSPanorama
87 | arn:aws:iam::227156886084:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry
88 | arn:aws:iam::227156886084:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup
89 | arn:aws:iam::227156886084:role/aws-service-role/reports.backup.amazonaws.com/AWSServiceRoleForBackupReports
90 | arn:aws:iam::227156886084:role/aws-service-role/bugbust.amazonaws.com/AWSServiceRoleForBugBust
91 | arn:aws:iam::227156886084:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager
92 | arn:aws:iam::227156886084:role/aws-service-role/logger.cloudfront.amazonaws.com/AWSServiceRoleForCloudFrontLogger
93 | arn:aws:iam::227156886084:role/aws-service-role/cloudhsm.amazonaws.com/AWSServiceRoleForCloudHSM
94 | arn:aws:iam::227156886084:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents
95 | arn:aws:iam::227156886084:role/aws-service-role/codestar-notifications.amazonaws.com/AWSServiceRoleForCodeStarNotifications
96 | arn:aws:iam::227156886084:role/aws-service-role/compute-optimizer.amazonaws.com/AWSServiceRoleForComputeOptimizer
97 | arn:aws:iam::227156886084:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
98 | arn:aws:iam::227156886084:role/aws-service-role/dax.amazonaws.com/AWSServiceRoleForDAX
99 | arn:aws:iam::227156886084:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru
100 | arn:aws:iam::227156886084:role/aws-service-role/directconnect.amazonaws.com/AWSServiceRoleForDirectConnect
101 | arn:aws:iam::227156886084:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
102 | arn:aws:iam::227156886084:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache
103 | arn:aws:iam::227156886084:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup
104 | arn:aws:iam::227156886084:role/aws-service-role/fis.amazonaws.com/AWSServiceRoleForFIS
105 | arn:aws:iam::227156886084:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator
106 | arn:aws:iam::227156886084:role/aws-service-role/ssm-incidents.amazonaws.com/AWSServiceRoleForIncidentManager
107 | arn:aws:iam::227156886084:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise
108 | arn:aws:iam::227156886084:role/aws-service-role/ivs.amazonaws.com/AWSServiceRoleForIVSRecordToS3
109 | arn:aws:iam::227156886084:role/aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect
110 | arn:aws:iam::227156886084:role/aws-service-role/cks.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceCustomKeyStores
111 | arn:aws:iam::227156886084:role/aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys
112 | arn:aws:iam::227156886084:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess
113 | arn:aws:iam::227156886084:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots
114 | arn:aws:iam::227156886084:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels
115 | arn:aws:iam::227156886084:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots
116 | arn:aws:iam::227156886084:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels
117 | arn:aws:iam::227156886084:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery
118 | arn:aws:iam::227156886084:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement
119 | arn:aws:iam::227156886084:role/aws-service-role/mediatailor.amazonaws.com/AWSServiceRoleForMediaTailor
120 | arn:aws:iam::227156886084:role/aws-service-role/memorydb.amazonaws.com/AWSServiceRoleForMemoryDB
121 | arn:aws:iam::227156886084:role/aws-service-role/migrationhub.amazonaws.com/AWSServiceRoleForMigrationHub
122 | arn:aws:iam::227156886084:role/aws-service-role/migrationhub-strategy.amazonaws.com/AWSServiceRoleForMigrationHubStrategy
123 | arn:aws:iam::227156886084:role/aws-service-role/network-firewall.amazonaws.com/AWSServiceRoleForNetworkFirewall
124 | arn:aws:iam::227156886084:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS
125 | arn:aws:iam::227156886084:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift
126 | arn:aws:iam::227156886084:role/aws-service-role/robomaker.amazonaws.com/AWSServiceRoleForRoboMaker
127 | arn:aws:iam::227156886084:role/aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver
128 | arn:aws:iam::227156886084:role/aws-service-role/storage-lens.s3.amazonaws.com/AWSServiceRoleForS3StorageLens
129 | arn:aws:iam::227156886084:role/aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub
130 | arn:aws:iam::227156886084:role/aws-service-role/sms.amazonaws.com/AWSServiceRoleForSMS
131 | arn:aws:iam::227156886084:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
132 | arn:aws:iam::227156886084:role/aws-service-role/opsdatasync.ssm.amazonaws.com/AWSServiceRoleForSystemsManagerOpsDataSync
133 | arn:aws:iam::227156886084:role/aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
134 | arn:aws:iam::227156886084:role/aws-service-role/waf.amazonaws.com/AWSServiceRoleForWAFLogging
135 | arn:aws:iam::227156886084:role/aws-service-role/waf-regional.amazonaws.com/AWSServiceRoleForWAFRegionalLogging
136 | arn:aws:iam::227156886084:role/aws-service-role/wafv2.amazonaws.com/AWSServiceRoleForWAFV2Logging
137 | ```
138 |
139 |
140 |
141 | ### Listing well-known IAM Roles
142 |
143 | You can also list all the other roles with the following (using reverse grep):
144 |
145 | ```bash
146 | aws iam list-roles | jq ".Roles" | jq -r ".[].Arn" | grep -v "aws-service-role"
147 | ```
148 |
149 |
150 |
151 | Click to expand!
152 |
153 |
154 | ```
155 | arn:aws:iam::227156886084:role/ACCOUNTADMIN
156 | arn:aws:iam::227156886084:role/alertlogic
157 | arn:aws:iam::227156886084:role/Alert_Logic_Cloud_Defender
158 | arn:aws:iam::227156886084:role/ANALYTICSDEVELOPER
159 | arn:aws:iam::227156886084:role/AquaRole
160 | arn:aws:iam::227156886084:role/AquasecRole
161 | arn:aws:iam::227156886084:role/aws-elasticbeanstalk-ec2-role
162 | arn:aws:iam::227156886084:role/AWS-Landing-Zone-ConfigRecorderRole
163 | arn:aws:iam::227156886084:role/AWSCloudFormationStackSetExecutionRole
164 | arn:aws:iam::227156886084:role/AWSControlTowerCloudTrailRole
165 | arn:aws:iam::227156886084:role/AWSControlTowerStackSetRole
166 | arn:aws:iam::227156886084:role/AWSGlueServiceRoleDefault
167 | arn:aws:iam::227156886084:role/BILLING
168 | arn:aws:iam::227156886084:role/bp-cloudhealth
169 | arn:aws:iam::227156886084:role/bulletproof
170 | arn:aws:iam::227156886084:role/cb-access
171 | arn:aws:iam::227156886084:role/cloudability
172 | arn:aws:iam::227156886084:role/cloudbreak
173 | arn:aws:iam::227156886084:role/cloudcheckr
174 | arn:aws:iam::227156886084:role/cloudcraft
175 | arn:aws:iam::227156886084:role/CloudMGR
176 | arn:aws:iam::227156886084:role/cloudsploit
177 | arn:aws:iam::227156886084:role/CloudSploitRole
178 | arn:aws:iam::227156886084:role/datadog
179 | arn:aws:iam::227156886084:role/DatadogAWSIntegrationRole
180 | arn:aws:iam::227156886084:role/deepsecurity
181 | arn:aws:iam::227156886084:role/dome9
182 | arn:aws:iam::227156886084:role/Dome9-Connect
183 | arn:aws:iam::227156886084:role/Dome9Connect
184 | arn:aws:iam::227156886084:role/DSWebAppsScanningRole
185 | arn:aws:iam::227156886084:role/dynatrace
186 | arn:aws:iam::227156886084:role/ECS-SERVICE-LINKED-ROLE
187 | arn:aws:iam::227156886084:role/EMR_DefaultRole
188 | arn:aws:iam::227156886084:role/EMR_EC2_DefaultRole
189 | arn:aws:iam::227156886084:role/freshservice
190 | arn:aws:iam::227156886084:role/FullLambdaAccess
191 | arn:aws:iam::227156886084:role/globus
192 | arn:aws:iam::227156886084:role/GrafanaCloudWatch
193 | arn:aws:iam::227156886084:role/instaclustr
194 | arn:aws:iam::227156886084:role/keyWatch
195 | arn:aws:iam::227156886084:role/kochava
196 | arn:aws:iam::227156886084:role/KochavaReadS3
197 | arn:aws:iam::227156886084:role/LambdaAdminAccess
198 | arn:aws:iam::227156886084:role/loggly
199 | arn:aws:iam::227156886084:role/loggly-role
200 | arn:aws:iam::227156886084:role/Loggly_aws
201 | arn:aws:iam::227156886084:role/mediatemple
202 | arn:aws:iam::227156886084:role/mongodb
203 | arn:aws:iam::227156886084:role/MtSecurityScan
204 | arn:aws:iam::227156886084:role/myMMSRole
205 | arn:aws:iam::227156886084:role/newrelic
206 | arn:aws:iam::227156886084:role/NewRelic-Infrastructure-AWS-Integration
207 | arn:aws:iam::227156886084:role/okta
208 | arn:aws:iam::227156886084:role/OktaSSO
209 | arn:aws:iam::227156886084:role/opsclarity
210 | arn:aws:iam::227156886084:role/OpsClarity-Access
211 | arn:aws:iam::227156886084:role/opsworks
212 | arn:aws:iam::227156886084:role/orbitera
213 | arn:aws:iam::227156886084:role/OrganizationAccountAccessRole
214 | arn:aws:iam::227156886084:role/OrganizationFormationBuildAccessRole
215 | arn:aws:iam::227156886084:role/OrgMgmtRole
216 | arn:aws:iam::227156886084:role/Prisma
217 | arn:aws:iam::227156886084:role/PrismaCloud
218 | arn:aws:iam::227156886084:role/PrismaCloudCustomRole
219 | arn:aws:iam::227156886084:role/PrismaCloudRole
220 | arn:aws:iam::227156886084:role/redline
221 | arn:aws:iam::227156886084:role/redline13
222 | arn:aws:iam::227156886084:role/RedlineAccess
223 | arn:aws:iam::227156886084:role/roleWatch
224 | arn:aws:iam::227156886084:role/s3stat
225 | arn:aws:iam::227156886084:role/service-codebuild-mirza-service-role
226 | arn:aws:iam::227156886084:role/signalfx
227 | arn:aws:iam::227156886084:role/skeddly
228 | arn:aws:iam::227156886084:role/stackdriver
229 | arn:aws:iam::227156886084:role/teraproc
230 | arn:aws:iam::227156886084:role/teraproc-access
231 | arn:aws:iam::227156886084:role/threatstack
232 | arn:aws:iam::227156886084:role/threatstackrole
233 | arn:aws:iam::227156886084:role/workspaces
234 | arn:aws:iam::227156886084:role/workspaces_defaultrole
235 | ```
236 |
237 |
238 | ### You can list all the roles together with:
239 |
240 | ```bash
241 | aws iam list-roles | jq ".Roles" | jq -r ".[].Arn"
242 | ```
243 |
244 | # References
245 |
246 | * [Terraform module to managed AWS IAM Service Linked Roles](https://registry.terraform.io/modules/plus3it/tardigrade-service-linked-roles/aws/latest)
247 |
248 |
--------------------------------------------------------------------------------
/terraform/outputs.tf:
--------------------------------------------------------------------------------
1 | output "iam_service_linked_roles" {
2 | description = "Map of IAM Service-linked role objects"
3 | value = aws_iam_service_linked_role.this
4 | }
--------------------------------------------------------------------------------
/terraform/service-linked-roles.auto.tfvars:
--------------------------------------------------------------------------------
1 | aws_service_names = [
2 | "access-analyzer.amazonaws.com",
3 | "accountdiscovery.ssm.amazonaws.com",
4 | "acm.amazonaws.com",
5 | "appmesh.amazonaws.com",
6 | "apprunner.amazonaws.com",
7 | "appstream.application-autoscaling.amazonaws.com",
8 | "auditmanager.amazonaws.com",
9 | "autoscaling-plans.amazonaws.com",
10 | "backup.amazonaws.com",
11 | "braket.amazonaws.com",
12 | "bugbust.amazonaws.com",
13 | "cassandra.application-autoscaling.amazonaws.com",
14 | "channels.lex.amazonaws.com",
15 | "channels.lexv2.amazonaws.com",
16 | "chime.amazonaws.com",
17 | "cks.kms.amazonaws.com",
18 | "cloud9.amazonaws.com",
19 | "cloudhsm.amazonaws.com",
20 | "cloudtrail.amazonaws.com",
21 | "codeguru-profiler.amazonaws.com",
22 | "codeguru-reviewer.amazonaws.com",
23 | "codestar-notifications.amazonaws.com",
24 | "comprehend.application-autoscaling.amazonaws.com",
25 | "compute-optimizer.amazonaws.com",
26 | "config.amazonaws.com",
27 | "connect.amazonaws.com",
28 | "continuousexport.discovery.amazonaws.com",
29 | "custom-resource.application-autoscaling.amazonaws.com",
30 | "dax.amazonaws.com",
31 | "delivery.logs.amazonaws.com",
32 | "devops-guru.amazonaws.com",
33 | "directconnect.amazon.com",
34 | "directconnect.amazonaws.com",
35 | "dms.amazonaws.com",
36 | "dynamodb.application-autoscaling.amazonaws.com",
37 | "ec2.amazonaws.com",
38 | "ec2.application-autoscaling.amazonaws.com",
39 | "ecs.amazonaws.com",
40 | "ecs.application-autoscaling.amazonaws.com",
41 | "eks-connector.amazonaws.com",
42 | "eks-fargate.amazonaws.com",
43 | "eks-nodegroup.amazonaws.com",
44 | "eks.amazonaws.com",
45 | "elasticache.amazonaws.com",
46 | "elasticache.application-autoscaling.amazonaws.com",
47 | "elasticfilesystem.amazonaws.com",
48 | "elasticmapreduce.amazonaws.com",
49 | "email.cognito-idp.amazonaws.com",
50 | "emr-containers.amazonaws.com",
51 | "es.amazonaws.com",
52 | "events.amazonaws.com",
53 | "events.workmail.amazonaws.com",
54 | "fis.amazonaws.com",
55 | "fms.amazonaws.com",
56 | "fsx.amazonaws.com",
57 | "globalaccelerator.amazonaws.com",
58 | "guardduty.amazonaws.com",
59 | "inspector.amazonaws.com",
60 | "iotsitewise.amazonaws.com",
61 | "ivs.amazonaws.com",
62 | "kafka.application-autoscaling.amazonaws.com",
63 | "kafkaconnect.amazonaws.com",
64 | "lakeformation.amazonaws.com",
65 | "lambda.application-autoscaling.amazonaws.com",
66 | "lex.amazonaws.com",
67 | "lexv2.amazonaws.com",
68 | "license-management.marketplace.amazonaws.com",
69 | "license-manager.amazonaws.com",
70 | "license-manager.master-account.amazonaws.com",
71 | "license-manager.member-account.amazonaws.com",
72 | "logger.cloudfront.amazonaws.com",
73 | "macie.amazonaws.com",
74 | "management.chatbot.amazonaws.com",
75 | "mediatailor.amazonaws.com",
76 | "memorydb.amazonaws.com",
77 | "mgn.amazonaws.com",
78 | "migrationhub-strategy.amazonaws.com",
79 | "migrationhub.amazonaws.com",
80 | "mq.amazonaws.com",
81 | "mrk.kms.amazonaws.com",
82 | "neptune.application-autoscaling.amazonaws.com",
83 | "network-firewall.amazonaws.com",
84 | "ops.apigateway.amazonaws.com",
85 | "opsdatasync.ssm.amazonaws.com",
86 | "opsinsights.ssm.amazonaws.com",
87 | "organizations.amazonaws.com",
88 | "panorama.amazonaws.com",
89 | "rds.amazonaws.com",
90 | "rds.application-autoscaling.amazonaws.com",
91 | "redshift.amazonaws.com",
92 | "replicator.lambda.amazonaws.com",
93 | "reports.backup.amazonaws.com",
94 | "robomaker.amazonaws.com",
95 | "route53resolver.amazonaws.com",
96 | "sagemaker.application-autoscaling.amazonaws.com",
97 | "securityhub.amazonaws.com",
98 | "servicecatalog-appregistry.amazonaws.com",
99 | "sms.amazonaws.com",
100 | "ssm-incidents.amazonaws.com",
101 | "ssm.amazonaws.com",
102 | "sso.amazonaws.com",
103 | "storage-lens.s3.amazonaws.com",
104 | "support.amazonaws.com",
105 | "transcription.chime.amazonaws.com",
106 | "trustedadvisor.amazonaws.com",
107 | "voiceconnector.chime.amazonaws.com",
108 | "waf-regional.amazonaws.com",
109 | "waf.amazonaws.com",
110 | "wafv2.amazonaws.com",
111 | "worklink.amazonaws.com"
112 | ]
113 |
114 | excluded_aws_service_names = [
115 | "cloudtrail.amazonaws.com",
116 | "codeguru-profiler.amazonaws.com",
117 | "elasticfilesystem.amazonaws.com",
118 | "fms.amazonaws.com",
119 | "fsx.amazonaws.com",
120 | "networkmanager.amazonaws.com",
121 | "organizations.amazonaws.com",
122 | "replicator.lambda.amazonaws.com",
123 | "ssm.amazonaws.com",
124 | "sso.amazonaws.com",
125 | "support.amazonaws.com",
126 | "transitgateway.amazonaws.com",
127 | "trustedadvisor.amazonaws.com",
128 |
129 | # Added these
130 | "ec2.amazonaws.com", # AWSServiceRoleForNetworkManager
131 | "directconnect.amazon.com", # AWSServiceRoleForNetworkManager
132 | "dms.amazonaws.com", # AWSServiceRoleForMigrationHubDMSAccess
133 |
134 | ]
--------------------------------------------------------------------------------
/terraform/service-linked-roles.tf:
--------------------------------------------------------------------------------
1 | resource "aws_iam_service_linked_role" "this" {
2 | for_each = toset(local.aws_service_names)
3 |
4 | aws_service_name = each.value
5 | }
6 |
7 | locals {
8 | aws_service_names = setsubtract(var.aws_service_names, var.excluded_aws_service_names)
9 | }
--------------------------------------------------------------------------------
/terraform/terraform.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | aws = {
4 | source = "hashicorp/aws"
5 | version = "3.63.0"
6 | }
7 | }
8 | }
9 | provider "aws" {
10 | region = "us-east-1"
11 | }
--------------------------------------------------------------------------------
/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | # ---------------------------------------------------------------------------------------------------------------------
2 | # Service linked roles
3 | # ---------------------------------------------------------------------------------------------------------------------
4 | variable "aws_service_names" {
5 | description = "List of AWS Service Names for which service-linked roles will be created"
6 | type = list(string)
7 | # This list is gathered manually using this link:
8 | #
9 | # For most services that support Service-linked roles, follow the link on that
10 | # page and identify the Service Principal, and add it to the list. Some services
11 | # require a little more digging, such as actually using the service from the
12 | # console and checking in IAM for the service-linked role.
13 | default = [
14 | "access-analyzer.amazonaws.com",
15 | "accountdiscovery.ssm.amazonaws.com",
16 | "appmesh.amazonaws.com",
17 | "appstream.application-autoscaling.amazonaws.com",
18 | "autoscaling-plans.amazonaws.com",
19 | "cassandra.application-autoscaling.amazonaws.com",
20 | "chime.amazonaws.com",
21 | "cks.kms.amazonaws.com",
22 | "cloud9.amazonaws.com",
23 | "cloudhsm.amazonaws.com",
24 | "cloudtrail.amazonaws.com",
25 | "cloudwatch-crossaccount.amazonaws.com",
26 | "codeguru-profiler.amazonaws.com",
27 | "codeguru-reviewer.amazonaws.com",
28 | "codestar-notifications.amazonaws.com",
29 | "compute-optimizer.amazonaws.com",
30 | "config.amazonaws.com",
31 | "connect.amazonaws.com",
32 | "continuousexport.discovery.amazonaws.com",
33 | "dax.amazonaws.com",
34 | "ecs.amazonaws.com",
35 | "eks.amazonaws.com",
36 | "eks-nodegroup.amazonaws.com",
37 | "elasticache.amazonaws.com",
38 | "elasticbeanstalk.amazonaws.com",
39 | "elasticfilesystem.amazonaws.com",
40 | "elasticloadbalancing.amazonaws.com",
41 | "elasticmapreduce.amazonaws.com",
42 | "email.cognito-idp.amazonaws.com",
43 | "es.amazonaws.com",
44 | "fms.amazonaws.com",
45 | "fsx.amazonaws.com",
46 | "globalaccelerator.amazonaws.com",
47 | "guardduty.amazonaws.com",
48 | "inspector.amazonaws.com",
49 | "iotsitewise.amazonaws.com",
50 | "lakeformation.amazonaws.com",
51 | "lex.amazonaws.com",
52 | "logger.cloudfront.amazonaws.com",
53 | "macie.amazonaws.com",
54 | "maintenance.elasticbeanstalk.amazonaws.com",
55 | "managedupdates.elasticbeanstalk.amazonaws.com",
56 | "management.chatbot.amazonaws.com",
57 | "networkmanager.amazonaws.com",
58 | "ops.apigateway.amazonaws.com",
59 | "organizations.amazonaws.com",
60 | "rds.amazonaws.com",
61 | "redshift.amazonaws.com",
62 | "replicator.lambda.amazonaws.com",
63 | "robomaker.amazonaws.com",
64 | "securityhub.amazonaws.com",
65 | "sms.amazonaws.com",
66 | "ssm.amazonaws.com",
67 | "sso.amazonaws.com",
68 | "support.amazonaws.com",
69 | "transitgateway.amazonaws.com",
70 | "trustedadvisor.amazonaws.com",
71 | "voiceconnector.chime.amazonaws.com",
72 | "wafv2.amazonaws.com",
73 | "worklink.amazonaws.com",
74 | ]
75 | }
76 |
77 | variable "excluded_aws_service_names" {
78 | description = "List of AWS Service Names for which service-linked roles will *NOT* be created"
79 | type = list(string)
80 | default = [
81 | "cloudtrail.amazonaws.com",
82 | "codeguru-profiler.amazonaws.com",
83 | "elasticfilesystem.amazonaws.com",
84 | "fms.amazonaws.com",
85 | "fsx.amazonaws.com",
86 | "networkmanager.amazonaws.com",
87 | "organizations.amazonaws.com",
88 | "replicator.lambda.amazonaws.com",
89 | "ssm.amazonaws.com",
90 | "sso.amazonaws.com",
91 | "support.amazonaws.com",
92 | "transitgateway.amazonaws.com",
93 | "trustedadvisor.amazonaws.com",
94 | ]
95 | }
96 |
97 | # ---------------------------------------------------------------------------------------------------------------------
98 | # Well known roles
99 | # ---------------------------------------------------------------------------------------------------------------------
100 | variable "well_known_role_names" {
101 | description = "List of well known role names to create"
102 | type = list(string)
103 | default = []
104 | }
105 |
--------------------------------------------------------------------------------
/terraform/well-known-roles.auto.tfvars:
--------------------------------------------------------------------------------
1 | well_known_role_names = [
2 | "ECS-SERVICE-LINKED-ROLE",
3 | "FullLambdaAccess",
4 | "LambdaAdminAccess",
5 | "GrafanaCloudWatch",
6 | "OrganizationAccountAccessRole",
7 | "AWSCloudFormationStackSetExecutionRole",
8 | "OrgMgmtRole",
9 | "service-codebuild-mirza-service-role",
10 | "ACCOUNTADMIN",
11 | "ANALYTICSDEVELOPER",
12 | "BILLING",
13 | "AWSControlTowerStackSetRole",
14 | "AWSControlTowerCloudTrailRole",
15 | "OrganizationFormationBuildAccessRole",
16 | "AWS-Landing-Zone-ConfigRecorderRole",
17 | "aws-elasticbeanstalk-ec2-role",
18 | "AWSGlueServiceRoleDefault",
19 | "EMR_DefaultRole",
20 | "EMR_EC2_DefaultRole",
21 | "DatadogAWSIntegrationRole",
22 | "workspaces",
23 | "workspaces_defaultrole",
24 | "Alert_Logic_Cloud_Defender",
25 | "CloudMGR",
26 | "CloudSploitRole",
27 | "DSWebAppsScanningRole",
28 | "DatadogAWSIntegrationRole",
29 | "Dome9-Connect",
30 | "Dome9Connect",
31 | "KochavaReadS3",
32 | "Loggly_aws",
33 | "MtSecurityScan",
34 | "NewRelic-Infrastructure-AWS-Integration",
35 | "OktaSSO",
36 | "OpsClarity-Access",
37 | "RedlineAccess",
38 | "alertlogic",
39 | "bp-cloudhealth",
40 | "bulletproof",
41 | "cb-access",
42 | "cloudability",
43 | "cloudbreak",
44 | "cloudcheckr",
45 | "cloudcraft",
46 | "cloudsploit",
47 | "AquaRole",
48 | "AquasecRole",
49 | "datadog",
50 | "deepsecurity",
51 | "dome9",
52 | "dynatrace",
53 | "freshservice",
54 | "globus",
55 | "instaclustr",
56 | "keyWatch",
57 | "kochava",
58 | "loggly",
59 | "loggly-role",
60 | "mediatemple",
61 | "mongodb",
62 | "myMMSRole",
63 | "newrelic",
64 | "okta",
65 | "opsclarity",
66 | "orbitera",
67 | "redline",
68 | "redline13",
69 | "roleWatch",
70 | "s3stat",
71 | "signalfx",
72 | "skeddly",
73 | "stackdriver",
74 | "teraproc",
75 | "teraproc-access",
76 | "threatstack",
77 | "threatstackrole",
78 | "okta",
79 | "opsworks",
80 | "PrismaCloudCustomRole",
81 | "PrismaCloudRole",
82 | "PrismaCloud",
83 | "Prisma",
84 | ]
--------------------------------------------------------------------------------
/terraform/well-known.roles.tf:
--------------------------------------------------------------------------------
1 | data aws_iam_policy_document "trust_policy_allow_nothing" {
2 | statement {
3 | sid = "AllowNothing"
4 | actions = ["sts:AssumeRole"]
5 | effect = "Deny"
6 | principals {
7 | identifiers = ["*"]
8 | type = "AWS"
9 | }
10 | }
11 | }
12 |
13 | resource "aws_iam_role" "this" {
14 | for_each = toset(var.well_known_role_names)
15 | name = each.value
16 | assume_role_policy = data.aws_iam_policy_document.trust_policy_allow_nothing.json
17 | }
--------------------------------------------------------------------------------
/test.txt:
--------------------------------------------------------------------------------
1 | wsladd@icloud.com
2 | jackfan@icloud.com
3 | wes
4 | zach
5 |
--------------------------------------------------------------------------------
/total_footprint_wordlist.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | import os
3 |
4 | wordlist_file = os.path.dirname(__file__) + '/wordlists/service-linked-roles.txt'
5 | account_no = os.path.dirname(__file__) + '/wordlists/known_valid_account_ids.txt'
6 | new_list = []
7 | # output_list = 'complete-footprint.txt'
8 |
9 | with open(account_no) as f:
10 | account_list = [x.rstrip() for x in f]
11 |
12 | with open(wordlist_file) as file:
13 | my_list = [x.rstrip() for x in file]
14 | for account_no in account_list:
15 | for item in my_list:
16 | new_list.append('arn:aws:iam::'+account_no+':'+item)
17 |
18 | #
19 | # with open(output_list, 'a+') as f:
20 | # for item in new_list:
21 | # f.write("%s\n" % item)
22 |
23 |
24 |
--------------------------------------------------------------------------------
/wordlists/familynames-usa-top1000.txt:
--------------------------------------------------------------------------------
1 | SMITH
2 | JOHNSON
3 | WILLIAMS
4 | JONES
5 | BROWN
6 | DAVIS
7 | MILLER
8 | WILSON
9 | MOORE
10 | TAYLOR
11 | ANDERSON
12 | THOMAS
13 | JACKSON
14 | WHITE
15 | HARRIS
16 | MARTIN
17 | THOMPSON
18 | GARCIA
19 | MARTINEZ
20 | ROBINSON
21 | CLARK
22 | RODRIGUEZ
23 | LEWIS
24 | LEE
25 | WALKER
26 | HALL
27 | ALLEN
28 | YOUNG
29 | HERNANDEZ
30 | KING
31 | WRIGHT
32 | LOPEZ
33 | HILL
34 | SCOTT
35 | GREEN
36 | ADAMS
37 | BAKER
38 | GONZALEZ
39 | NELSON
40 | CARTER
41 | MITCHELL
42 | PEREZ
43 | ROBERTS
44 | TURNER
45 | PHILLIPS
46 | CAMPBELL
47 | PARKER
48 | EVANS
49 | EDWARDS
50 | COLLINS
51 | STEWART
52 | SANCHEZ
53 | MORRIS
54 | ROGERS
55 | REED
56 | COOK
57 | MORGAN
58 | BELL
59 | MURPHY
60 | BAILEY
61 | RIVERA
62 | COOPER
63 | RICHARDSON
64 | COX
65 | HOWARD
66 | WARD
67 | TORRES
68 | PETERSON
69 | GRAY
70 | RAMIREZ
71 | JAMES
72 | WATSON
73 | BROOKS
74 | KELLY
75 | SANDERS
76 | PRICE
77 | BENNETT
78 | WOOD
79 | BARNES
80 | ROSS
81 | HENDERSON
82 | COLEMAN
83 | JENKINS
84 | PERRY
85 | POWELL
86 | LONG
87 | PATTERSON
88 | HUGHES
89 | FLORES
90 | WASHINGTON
91 | BUTLER
92 | SIMMONS
93 | FOSTER
94 | GONZALES
95 | BRYANT
96 | ALEXANDER
97 | RUSSELL
98 | GRIFFIN
99 | DIAZ
100 | HAYES
101 | MYERS
102 | FORD
103 | HAMILTON
104 | GRAHAM
105 | SULLIVAN
106 | WALLACE
107 | WOODS
108 | COLE
109 | WEST
110 | JORDAN
111 | OWENS
112 | REYNOLDS
113 | FISHER
114 | ELLIS
115 | HARRISON
116 | GIBSON
117 | MCDONALD
118 | CRUZ
119 | MARSHALL
120 | ORTIZ
121 | GOMEZ
122 | MURRAY
123 | FREEMAN
124 | WELLS
125 | WEBB
126 | SIMPSON
127 | STEVENS
128 | TUCKER
129 | PORTER
130 | HUNTER
131 | HICKS
132 | CRAWFORD
133 | HENRY
134 | BOYD
135 | MASON
136 | MORALES
137 | KENNEDY
138 | WARREN
139 | DIXON
140 | RAMOS
141 | REYES
142 | BURNS
143 | GORDON
144 | SHAW
145 | HOLMES
146 | RICE
147 | ROBERTSON
148 | HUNT
149 | BLACK
150 | DANIELS
151 | PALMER
152 | MILLS
153 | NICHOLS
154 | GRANT
155 | KNIGHT
156 | FERGUSON
157 | ROSE
158 | STONE
159 | HAWKINS
160 | DUNN
161 | PERKINS
162 | HUDSON
163 | SPENCER
164 | GARDNER
165 | STEPHENS
166 | PAYNE
167 | PIERCE
168 | BERRY
169 | MATTHEWS
170 | ARNOLD
171 | WAGNER
172 | WILLIS
173 | RAY
174 | WATKINS
175 | OLSON
176 | CARROLL
177 | DUNCAN
178 | SNYDER
179 | HART
180 | CUNNINGHAM
181 | BRADLEY
182 | LANE
183 | ANDREWS
184 | RUIZ
185 | HARPER
186 | FOX
187 | RILEY
188 | ARMSTRONG
189 | CARPENTER
190 | WEAVER
191 | GREENE
192 | LAWRENCE
193 | ELLIOTT
194 | CHAVEZ
195 | SIMS
196 | AUSTIN
197 | PETERS
198 | KELLEY
199 | FRANKLIN
200 | LAWSON
201 | FIELDS
202 | GUTIERREZ
203 | RYAN
204 | SCHMIDT
205 | CARR
206 | VASQUEZ
207 | CASTILLO
208 | WHEELER
209 | CHAPMAN
210 | OLIVER
211 | MONTGOMERY
212 | RICHARDS
213 | WILLIAMSON
214 | JOHNSTON
215 | BANKS
216 | MEYER
217 | BISHOP
218 | MCCOY
219 | HOWELL
220 | ALVAREZ
221 | MORRISON
222 | HANSEN
223 | FERNANDEZ
224 | GARZA
225 | HARVEY
226 | LITTLE
227 | BURTON
228 | STANLEY
229 | NGUYEN
230 | GEORGE
231 | JACOBS
232 | REID
233 | KIM
234 | FULLER
235 | LYNCH
236 | DEAN
237 | GILBERT
238 | GARRETT
239 | ROMERO
240 | WELCH
241 | LARSON
242 | FRAZIER
243 | BURKE
244 | HANSON
245 | DAY
246 | MENDOZA
247 | MORENO
248 | BOWMAN
249 | MEDINA
250 | FOWLER
251 | BREWER
252 | HOFFMAN
253 | CARLSON
254 | SILVA
255 | PEARSON
256 | HOLLAND
257 | DOUGLAS
258 | FLEMING
259 | JENSEN
260 | VARGAS
261 | BYRD
262 | DAVIDSON
263 | HOPKINS
264 | MAY
265 | TERRY
266 | HERRERA
267 | WADE
268 | SOTO
269 | WALTERS
270 | CURTIS
271 | NEAL
272 | CALDWELL
273 | LOWE
274 | JENNINGS
275 | BARNETT
276 | GRAVES
277 | JIMENEZ
278 | HORTON
279 | SHELTON
280 | BARRETT
281 | OBRIEN
282 | CASTRO
283 | SUTTON
284 | GREGORY
285 | MCKINNEY
286 | LUCAS
287 | MILES
288 | CRAIG
289 | RODRIQUEZ
290 | CHAMBERS
291 | HOLT
292 | LAMBERT
293 | FLETCHER
294 | WATTS
295 | BATES
296 | HALE
297 | RHODES
298 | PENA
299 | BECK
300 | NEWMAN
301 | HAYNES
302 | MCDANIEL
303 | MENDEZ
304 | BUSH
305 | VAUGHN
306 | PARKS
307 | DAWSON
308 | SANTIAGO
309 | NORRIS
310 | HARDY
311 | LOVE
312 | STEELE
313 | CURRY
314 | POWERS
315 | SCHULTZ
316 | BARKER
317 | GUZMAN
318 | PAGE
319 | MUNOZ
320 | BALL
321 | KELLER
322 | CHANDLER
323 | WEBER
324 | LEONARD
325 | WALSH
326 | LYONS
327 | RAMSEY
328 | WOLFE
329 | SCHNEIDER
330 | MULLINS
331 | BENSON
332 | SHARP
333 | BOWEN
334 | DANIEL
335 | BARBER
336 | CUMMINGS
337 | HINES
338 | BALDWIN
339 | GRIFFITH
340 | VALDEZ
341 | HUBBARD
342 | SALAZAR
343 | REEVES
344 | WARNER
345 | STEVENSON
346 | BURGESS
347 | SANTOS
348 | TATE
349 | CROSS
350 | GARNER
351 | MANN
352 | MACK
353 | MOSS
354 | THORNTON
355 | DENNIS
356 | MCGEE
357 | FARMER
358 | DELGADO
359 | AGUILAR
360 | VEGA
361 | GLOVER
362 | MANNING
363 | COHEN
364 | HARMON
365 | RODGERS
366 | ROBBINS
367 | NEWTON
368 | TODD
369 | BLAIR
370 | HIGGINS
371 | INGRAM
372 | REESE
373 | CANNON
374 | STRICKLAND
375 | TOWNSEND
376 | POTTER
377 | GOODWIN
378 | WALTON
379 | ROWE
380 | HAMPTON
381 | ORTEGA
382 | PATTON
383 | SWANSON
384 | JOSEPH
385 | FRANCIS
386 | GOODMAN
387 | MALDONADO
388 | YATES
389 | BECKER
390 | ERICKSON
391 | HODGES
392 | RIOS
393 | CONNER
394 | ADKINS
395 | WEBSTER
396 | NORMAN
397 | MALONE
398 | HAMMOND
399 | FLOWERS
400 | COBB
401 | MOODY
402 | QUINN
403 | BLAKE
404 | MAXWELL
405 | POPE
406 | FLOYD
407 | OSBORNE
408 | PAUL
409 | MCCARTHY
410 | GUERRERO
411 | LINDSEY
412 | ESTRADA
413 | SANDOVAL
414 | GIBBS
415 | TYLER
416 | GROSS
417 | FITZGERALD
418 | STOKES
419 | DOYLE
420 | SHERMAN
421 | SAUNDERS
422 | WISE
423 | COLON
424 | GILL
425 | ALVARADO
426 | GREER
427 | PADILLA
428 | SIMON
429 | WATERS
430 | NUNEZ
431 | BALLARD
432 | SCHWARTZ
433 | MCBRIDE
434 | HOUSTON
435 | CHRISTENSEN
436 | KLEIN
437 | PRATT
438 | BRIGGS
439 | PARSONS
440 | MCLAUGHLIN
441 | ZIMMERMAN
442 | FRENCH
443 | BUCHANAN
444 | MORAN
445 | COPELAND
446 | ROY
447 | PITTMAN
448 | BRADY
449 | MCCORMICK
450 | HOLLOWAY
451 | BROCK
452 | POOLE
453 | FRANK
454 | LOGAN
455 | OWEN
456 | BASS
457 | MARSH
458 | DRAKE
459 | WONG
460 | JEFFERSON
461 | PARK
462 | MORTON
463 | ABBOTT
464 | SPARKS
465 | PATRICK
466 | NORTON
467 | HUFF
468 | CLAYTON
469 | MASSEY
470 | LLOYD
471 | FIGUEROA
472 | CARSON
473 | BOWERS
474 | ROBERSON
475 | BARTON
476 | TRAN
477 | LAMB
478 | HARRINGTON
479 | CASEY
480 | BOONE
481 | CORTEZ
482 | CLARKE
483 | MATHIS
484 | SINGLETON
485 | WILKINS
486 | CAIN
487 | BRYAN
488 | UNDERWOOD
489 | HOGAN
490 | MCKENZIE
491 | COLLIER
492 | LUNA
493 | PHELPS
494 | MCGUIRE
495 | ALLISON
496 | BRIDGES
497 | WILKERSON
498 | NASH
499 | SUMMERS
500 | ATKINS
501 | WILCOX
502 | PITTS
503 | CONLEY
504 | MARQUEZ
505 | BURNETT
506 | RICHARD
507 | COCHRAN
508 | CHASE
509 | DAVENPORT
510 | HOOD
511 | GATES
512 | CLAY
513 | AYALA
514 | SAWYER
515 | ROMAN
516 | VAZQUEZ
517 | DICKERSON
518 | HODGE
519 | ACOSTA
520 | FLYNN
521 | ESPINOZA
522 | NICHOLSON
523 | MONROE
524 | WOLF
525 | MORROW
526 | KIRK
527 | RANDALL
528 | ANTHONY
529 | WHITAKER
530 | OCONNOR
531 | SKINNER
532 | WARE
533 | MOLINA
534 | KIRBY
535 | HUFFMAN
536 | BRADFORD
537 | CHARLES
538 | GILMORE
539 | DOMINGUEZ
540 | ONEAL
541 | BRUCE
542 | LANG
543 | COMBS
544 | KRAMER
545 | HEATH
546 | HANCOCK
547 | GALLAGHER
548 | GAINES
549 | SHAFFER
550 | SHORT
551 | WIGGINS
552 | MATHEWS
553 | MCCLAIN
554 | FISCHER
555 | WALL
556 | SMALL
557 | MELTON
558 | HENSLEY
559 | BOND
560 | DYER
561 | CAMERON
562 | GRIMES
563 | CONTRERAS
564 | CHRISTIAN
565 | WYATT
566 | BAXTER
567 | SNOW
568 | MOSLEY
569 | SHEPHERD
570 | LARSEN
571 | HOOVER
572 | BEASLEY
573 | GLENN
574 | PETERSEN
575 | WHITEHEAD
576 | MEYERS
577 | KEITH
578 | GARRISON
579 | VINCENT
580 | SHIELDS
581 | HORN
582 | SAVAGE
583 | OLSEN
584 | SCHROEDER
585 | HARTMAN
586 | WOODARD
587 | MUELLER
588 | KEMP
589 | DELEON
590 | BOOTH
591 | PATEL
592 | CALHOUN
593 | WILEY
594 | EATON
595 | CLINE
596 | NAVARRO
597 | HARRELL
598 | LESTER
599 | HUMPHREY
600 | PARRISH
601 | DURAN
602 | HUTCHINSON
603 | HESS
604 | DORSEY
605 | BULLOCK
606 | ROBLES
607 | BEARD
608 | DALTON
609 | AVILA
610 | VANCE
611 | RICH
612 | BLACKWELL
613 | YORK
614 | JOHNS
615 | BLANKENSHIP
616 | TREVINO
617 | SALINAS
618 | CAMPOS
619 | PRUITT
620 | MOSES
621 | CALLAHAN
622 | GOLDEN
623 | MONTOYA
624 | HARDIN
625 | GUERRA
626 | MCDOWELL
627 | CAREY
628 | STAFFORD
629 | GALLEGOS
630 | HENSON
631 | WILKINSON
632 | BOOKER
633 | MERRITT
634 | MIRANDA
635 | ATKINSON
636 | ORR
637 | DECKER
638 | HOBBS
639 | PRESTON
640 | TANNER
641 | KNOX
642 | PACHECO
643 | STEPHENSON
644 | GLASS
645 | ROJAS
646 | SERRANO
647 | MARKS
648 | HICKMAN
649 | ENGLISH
650 | SWEENEY
651 | STRONG
652 | PRINCE
653 | MCCLURE
654 | CONWAY
655 | WALTER
656 | ROTH
657 | MAYNARD
658 | FARRELL
659 | LOWERY
660 | HURST
661 | NIXON
662 | WEISS
663 | TRUJILLO
664 | ELLISON
665 | SLOAN
666 | JUAREZ
667 | WINTERS
668 | MCLEAN
669 | RANDOLPH
670 | LEON
671 | BOYER
672 | VILLARREAL
673 | MCCALL
674 | GENTRY
675 | CARRILLO
676 | KENT
677 | AYERS
678 | LARA
679 | SHANNON
680 | SEXTON
681 | PACE
682 | HULL
683 | LEBLANC
684 | BROWNING
685 | VELASQUEZ
686 | LEACH
687 | CHANG
688 | HOUSE
689 | SELLERS
690 | HERRING
691 | NOBLE
692 | FOLEY
693 | BARTLETT
694 | MERCADO
695 | LANDRY
696 | DURHAM
697 | WALLS
698 | BARR
699 | MCKEE
700 | BAUER
701 | RIVERS
702 | EVERETT
703 | BRADSHAW
704 | PUGH
705 | VELEZ
706 | RUSH
707 | ESTES
708 | DODSON
709 | MORSE
710 | SHEPPARD
711 | WEEKS
712 | CAMACHO
713 | BEAN
714 | BARRON
715 | LIVINGSTON
716 | MIDDLETON
717 | SPEARS
718 | BRANCH
719 | BLEVINS
720 | CHEN
721 | KERR
722 | MCCONNELL
723 | HATFIELD
724 | HARDING
725 | ASHLEY
726 | SOLIS
727 | HERMAN
728 | FROST
729 | GILES
730 | BLACKBURN
731 | WILLIAM
732 | PENNINGTON
733 | WOODWARD
734 | FINLEY
735 | MCINTOSH
736 | KOCH
737 | BEST
738 | SOLOMON
739 | MCCULLOUGH
740 | DUDLEY
741 | NOLAN
742 | BLANCHARD
743 | RIVAS
744 | BRENNAN
745 | MEJIA
746 | KANE
747 | BENTON
748 | JOYCE
749 | BUCKLEY
750 | HALEY
751 | VALENTINE
752 | MADDOX
753 | RUSSO
754 | MCKNIGHT
755 | BUCK
756 | MOON
757 | MCMILLAN
758 | CROSBY
759 | BERG
760 | DOTSON
761 | MAYS
762 | ROACH
763 | CHURCH
764 | CHAN
765 | RICHMOND
766 | MEADOWS
767 | FAULKNER
768 | ONEILL
769 | KNAPP
770 | KLINE
771 | BARRY
772 | OCHOA
773 | JACOBSON
774 | GAY
775 | AVERY
776 | HENDRICKS
777 | HORNE
778 | SHEPARD
779 | HEBERT
780 | CHERRY
781 | CARDENAS
782 | MCINTYRE
783 | WHITNEY
784 | WALLER
785 | HOLMAN
786 | DONALDSON
787 | CANTU
788 | TERRELL
789 | MORIN
790 | GILLESPIE
791 | FUENTES
792 | TILLMAN
793 | SANFORD
794 | BENTLEY
795 | PECK
796 | KEY
797 | SALAS
798 | ROLLINS
799 | GAMBLE
800 | DICKSON
801 | BATTLE
802 | SANTANA
803 | CABRERA
804 | CERVANTES
805 | HOWE
806 | HINTON
807 | HURLEY
808 | SPENCE
809 | ZAMORA
810 | YANG
811 | MCNEIL
812 | SUAREZ
813 | CASE
814 | PETTY
815 | GOULD
816 | MCFARLAND
817 | SAMPSON
818 | CARVER
819 | BRAY
820 | ROSARIO
821 | MACDONALD
822 | STOUT
823 | HESTER
824 | MELENDEZ
825 | DILLON
826 | FARLEY
827 | HOPPER
828 | GALLOWAY
829 | POTTS
830 | BERNARD
831 | JOYNER
832 | STEIN
833 | AGUIRRE
834 | OSBORN
835 | MERCER
836 | BENDER
837 | FRANCO
838 | ROWLAND
839 | SYKES
840 | BENJAMIN
841 | TRAVIS
842 | PICKETT
843 | CRANE
844 | SEARS
845 | MAYO
846 | DUNLAP
847 | HAYDEN
848 | WILDER
849 | MCKAY
850 | COFFEY
851 | MCCARTY
852 | EWING
853 | COOLEY
854 | VAUGHAN
855 | BONNER
856 | COTTON
857 | HOLDER
858 | STARK
859 | FERRELL
860 | CANTRELL
861 | FULTON
862 | LYNN
863 | LOTT
864 | CALDERON
865 | ROSA
866 | POLLARD
867 | HOOPER
868 | BURCH
869 | MULLEN
870 | FRY
871 | RIDDLE
872 | LEVY
873 | DAVID
874 | DUKE
875 | ODONNELL
876 | GUY
877 | MICHAEL
878 | BRITT
879 | FREDERICK
880 | DAUGHERTY
881 | BERGER
882 | DILLARD
883 | ALSTON
884 | JARVIS
885 | FRYE
886 | RIGGS
887 | CHANEY
888 | ODOM
889 | DUFFY
890 | FITZPATRICK
891 | VALENZUELA
892 | MERRILL
893 | MAYER
894 | ALFORD
895 | MCPHERSON
896 | ACEVEDO
897 | DONOVAN
898 | BARRERA
899 | ALBERT
900 | COTE
901 | REILLY
902 | COMPTON
903 | RAYMOND
904 | MOONEY
905 | MCGOWAN
906 | CRAFT
907 | CLEVELAND
908 | CLEMONS
909 | WYNN
910 | NIELSEN
911 | BAIRD
912 | STANTON
913 | SNIDER
914 | ROSALES
915 | BRIGHT
916 | WITT
917 | STUART
918 | HAYS
919 | HOLDEN
920 | RUTLEDGE
921 | KINNEY
922 | CLEMENTS
923 | CASTANEDA
924 | SLATER
925 | HAHN
926 | EMERSON
927 | CONRAD
928 | BURKS
929 | DELANEY
930 | PATE
931 | LANCASTER
932 | SWEET
933 | JUSTICE
934 | TYSON
935 | SHARPE
936 | WHITFIELD
937 | TALLEY
938 | MACIAS
939 | IRWIN
940 | BURRIS
941 | RATLIFF
942 | MCCRAY
943 | MADDEN
944 | KAUFMAN
945 | BEACH
946 | GOFF
947 | CASH
948 | BOLTON
949 | MCFADDEN
950 | LEVINE
951 | GOOD
952 | BYERS
953 | KIRKLAND
954 | KIDD
955 | WORKMAN
956 | CARNEY
957 | DALE
958 | MCLEOD
959 | HOLCOMB
960 | ENGLAND
961 | FINCH
962 | HEAD
963 | BURT
964 | HENDRIX
965 | SOSA
966 | HANEY
967 | FRANKS
968 | SARGENT
969 | NIEVES
970 | DOWNS
971 | RASMUSSEN
972 | BIRD
973 | HEWITT
974 | LINDSAY
975 | LE
976 | FOREMAN
977 | VALENCIA
978 | ONEIL
979 | DELACRUZ
980 | VINSON
981 | DEJESUS
982 | HYDE
983 | FORBES
984 | GILLIAM
985 | GUTHRIE
986 | WOOTEN
987 | HUBER
988 | BARLOW
989 | BOYLE
990 | MCMAHON
991 | BUCKNER
992 | ROCHA
993 | PUCKETT
994 | LANGLEY
995 | KNOWLES
996 | COOKE
997 | VELAZQUEZ
998 | WHITLEY
999 | NOEL
1000 | VANG
--------------------------------------------------------------------------------
/wordlists/femalenames-usa-top1000.txt:
--------------------------------------------------------------------------------
1 | MARY
2 | PATRICIA
3 | LINDA
4 | BARBARA
5 | ELIZABETH
6 | JENNIFER
7 | MARIA
8 | SUSAN
9 | MARGARET
10 | DOROTHY
11 | LISA
12 | NANCY
13 | KAREN
14 | BETTY
15 | HELEN
16 | SANDRA
17 | DONNA
18 | CAROL
19 | RUTH
20 | SHARON
21 | MICHELLE
22 | LAURA
23 | SARAH
24 | KIMBERLY
25 | DEBORAH
26 | JESSICA
27 | SHIRLEY
28 | CYNTHIA
29 | ANGELA
30 | MELISSA
31 | BRENDA
32 | AMY
33 | ANNA
34 | REBECCA
35 | VIRGINIA
36 | KATHLEEN
37 | PAMELA
38 | MARTHA
39 | DEBRA
40 | AMANDA
41 | STEPHANIE
42 | CAROLYN
43 | CHRISTINE
44 | MARIE
45 | JANET
46 | CATHERINE
47 | FRANCES
48 | ANN
49 | JOYCE
50 | DIANE
51 | ALICE
52 | JULIE
53 | HEATHER
54 | TERESA
55 | DORIS
56 | GLORIA
57 | EVELYN
58 | JEAN
59 | CHERYL
60 | MILDRED
61 | KATHERINE
62 | JOAN
63 | ASHLEY
64 | JUDITH
65 | ROSE
66 | JANICE
67 | KELLY
68 | NICOLE
69 | JUDY
70 | CHRISTINA
71 | KATHY
72 | THERESA
73 | BEVERLY
74 | DENISE
75 | TAMMY
76 | IRENE
77 | JANE
78 | LORI
79 | RACHEL
80 | MARILYN
81 | ANDREA
82 | KATHRYN
83 | LOUISE
84 | SARA
85 | ANNE
86 | JACQUELINE
87 | WANDA
88 | BONNIE
89 | JULIA
90 | RUBY
91 | LOIS
92 | TINA
93 | PHYLLIS
94 | NORMA
95 | PAULA
96 | DIANA
97 | ANNIE
98 | LILLIAN
99 | EMILY
100 | ROBIN
101 | PEGGY
102 | CRYSTAL
103 | GLADYS
104 | RITA
105 | DAWN
106 | CONNIE
107 | FLORENCE
108 | TRACY
109 | EDNA
110 | TIFFANY
111 | CARMEN
112 | ROSA
113 | CINDY
114 | GRACE
115 | WENDY
116 | VICTORIA
117 | EDITH
118 | KIM
119 | SHERRY
120 | SYLVIA
121 | JOSEPHINE
122 | THELMA
123 | SHANNON
124 | SHEILA
125 | ETHEL
126 | ELLEN
127 | ELAINE
128 | MARJORIE
129 | CARRIE
130 | CHARLOTTE
131 | MONICA
132 | ESTHER
133 | PAULINE
134 | EMMA
135 | JUANITA
136 | ANITA
137 | RHONDA
138 | HAZEL
139 | AMBER
140 | EVA
141 | DEBBIE
142 | APRIL
143 | LESLIE
144 | CLARA
145 | LUCILLE
146 | JAMIE
147 | JOANNE
148 | ELEANOR
149 | VALERIE
150 | DANIELLE
151 | MEGAN
152 | ALICIA
153 | SUZANNE
154 | MICHELE
155 | GAIL
156 | BERTHA
157 | DARLENE
158 | VERONICA
159 | JILL
160 | ERIN
161 | GERALDINE
162 | LAUREN
163 | CATHY
164 | JOANN
165 | LORRAINE
166 | LYNN
167 | SALLY
168 | REGINA
169 | ERICA
170 | BEATRICE
171 | DOLORES
172 | BERNICE
173 | AUDREY
174 | YVONNE
175 | ANNETTE
176 | JUNE
177 | SAMANTHA
178 | MARION
179 | DANA
180 | STACY
181 | ANA
182 | RENEE
183 | IDA
184 | VIVIAN
185 | ROBERTA
186 | HOLLY
187 | BRITTANY
188 | MELANIE
189 | LORETTA
190 | YOLANDA
191 | JEANETTE
192 | LAURIE
193 | KATIE
194 | KRISTEN
195 | VANESSA
196 | ALMA
197 | SUE
198 | ELSIE
199 | BETH
200 | JEANNE
201 | VICKI
202 | CARLA
203 | TARA
204 | ROSEMARY
205 | EILEEN
206 | TERRI
207 | GERTRUDE
208 | LUCY
209 | TONYA
210 | ELLA
211 | STACEY
212 | WILMA
213 | GINA
214 | KRISTIN
215 | JESSIE
216 | NATALIE
217 | AGNES
218 | VERA
219 | WILLIE
220 | CHARLENE
221 | BESSIE
222 | DELORES
223 | MELINDA
224 | PEARL
225 | ARLENE
226 | MAUREEN
227 | COLLEEN
228 | ALLISON
229 | TAMARA
230 | JOY
231 | GEORGIA
232 | CONSTANCE
233 | LILLIE
234 | CLAUDIA
235 | JACKIE
236 | MARCIA
237 | TANYA
238 | NELLIE
239 | MINNIE
240 | MARLENE
241 | HEIDI
242 | GLENDA
243 | LYDIA
244 | VIOLA
245 | COURTNEY
246 | MARIAN
247 | STELLA
248 | CAROLINE
249 | DORA
250 | JO
251 | VICKIE
252 | MATTIE
253 | TERRY
254 | MAXINE
255 | IRMA
256 | MABEL
257 | MARSHA
258 | MYRTLE
259 | LENA
260 | CHRISTY
261 | DEANNA
262 | PATSY
263 | HILDA
264 | GWENDOLYN
265 | JENNIE
266 | NORA
267 | MARGIE
268 | NINA
269 | CASSANDRA
270 | LEAH
271 | PENNY
272 | KAY
273 | PRISCILLA
274 | NAOMI
275 | CAROLE
276 | BRANDY
277 | OLGA
278 | BILLIE
279 | DIANNE
280 | TRACEY
281 | LEONA
282 | JENNY
283 | FELICIA
284 | SONIA
285 | MIRIAM
286 | VELMA
287 | BECKY
288 | BOBBIE
289 | VIOLET
290 | KRISTINA
291 | TONI
292 | MISTY
293 | MAE
294 | SHELLY
295 | DAISY
296 | RAMONA
297 | SHERRI
298 | ERIKA
299 | KATRINA
300 | CLAIRE
301 | LINDSEY
302 | LINDSAY
303 | GENEVA
304 | GUADALUPE
305 | BELINDA
306 | MARGARITA
307 | SHERYL
308 | CORA
309 | FAYE
310 | ADA
311 | NATASHA
312 | SABRINA
313 | ISABEL
314 | MARGUERITE
315 | HATTIE
316 | HARRIET
317 | MOLLY
318 | CECILIA
319 | KRISTI
320 | BRANDI
321 | BLANCHE
322 | SANDY
323 | ROSIE
324 | JOANNA
325 | IRIS
326 | EUNICE
327 | ANGIE
328 | INEZ
329 | LYNDA
330 | MADELINE
331 | AMELIA
332 | ALBERTA
333 | GENEVIEVE
334 | MONIQUE
335 | JODI
336 | JANIE
337 | MAGGIE
338 | KAYLA
339 | SONYA
340 | JAN
341 | LEE
342 | KRISTINE
343 | CANDACE
344 | FANNIE
345 | MARYANN
346 | OPAL
347 | ALISON
348 | YVETTE
349 | MELODY
350 | LUZ
351 | SUSIE
352 | OLIVIA
353 | FLORA
354 | SHELLEY
355 | KRISTY
356 | MAMIE
357 | LULA
358 | LOLA
359 | VERNA
360 | BEULAH
361 | ANTOINETTE
362 | CANDICE
363 | JUANA
364 | JEANNETTE
365 | PAM
366 | KELLI
367 | HANNAH
368 | WHITNEY
369 | BRIDGET
370 | KARLA
371 | CELIA
372 | LATOYA
373 | PATTY
374 | SHELIA
375 | GAYLE
376 | DELLA
377 | VICKY
378 | LYNNE
379 | SHERI
380 | MARIANNE
381 | KARA
382 | JACQUELYN
383 | ERMA
384 | BLANCA
385 | MYRA
386 | LETICIA
387 | PAT
388 | KRISTA
389 | ROXANNE
390 | ANGELICA
391 | JOHNNIE
392 | ROBYN
393 | FRANCIS
394 | ADRIENNE
395 | ROSALIE
396 | ALEXANDRA
397 | BROOKE
398 | BETHANY
399 | SADIE
400 | BERNADETTE
401 | TRACI
402 | JODY
403 | KENDRA
404 | JASMINE
405 | NICHOLE
406 | RACHAEL
407 | CHELSEA
408 | MABLE
409 | ERNESTINE
410 | MURIEL
411 | MARCELLA
412 | ELENA
413 | KRYSTAL
414 | ANGELINA
415 | NADINE
416 | KARI
417 | ESTELLE
418 | DIANNA
419 | PAULETTE
420 | LORA
421 | MONA
422 | DOREEN
423 | ROSEMARIE
424 | ANGEL
425 | DESIREE
426 | ANTONIA
427 | HOPE
428 | GINGER
429 | JANIS
430 | BETSY
431 | CHRISTIE
432 | FREDA
433 | MERCEDES
434 | MEREDITH
435 | LYNETTE
436 | TERI
437 | CRISTINA
438 | EULA
439 | LEIGH
440 | MEGHAN
441 | SOPHIA
442 | ELOISE
443 | ROCHELLE
444 | GRETCHEN
445 | CECELIA
446 | RAQUEL
447 | HENRIETTA
448 | ALYSSA
449 | JANA
450 | KELLEY
451 | GWEN
452 | KERRY
453 | JENNA
454 | TRICIA
455 | LAVERNE
456 | OLIVE
457 | ALEXIS
458 | TASHA
459 | SILVIA
460 | ELVIRA
461 | CASEY
462 | DELIA
463 | SOPHIE
464 | KATE
465 | PATTI
466 | LORENA
467 | KELLIE
468 | SONJA
469 | LILA
470 | LANA
471 | DARLA
472 | MAY
473 | MINDY
474 | ESSIE
475 | MANDY
476 | LORENE
477 | ELSA
478 | JOSEFINA
479 | JEANNIE
480 | MIRANDA
481 | DIXIE
482 | LUCIA
483 | MARTA
484 | FAITH
485 | LELA
486 | JOHANNA
487 | SHARI
488 | CAMILLE
489 | TAMI
490 | SHAWNA
491 | ELISA
492 | EBONY
493 | MELBA
494 | ORA
495 | NETTIE
496 | TABITHA
497 | OLLIE
498 | JAIME
499 | WINIFRED
500 | KRISTIE
501 | MARINA
502 | ALISHA
503 | AIMEE
504 | RENA
505 | MYRNA
506 | MARLA
507 | TAMMIE
508 | LATASHA
509 | BONITA
510 | PATRICE
511 | RONDA
512 | SHERRIE
513 | ADDIE
514 | FRANCINE
515 | DELORIS
516 | STACIE
517 | ADRIANA
518 | CHERI
519 | SHELBY
520 | ABIGAIL
521 | CELESTE
522 | JEWEL
523 | CARA
524 | ADELE
525 | REBEKAH
526 | LUCINDA
527 | DORTHY
528 | CHRIS
529 | EFFIE
530 | TRINA
531 | REBA
532 | SHAWN
533 | SALLIE
534 | AURORA
535 | LENORA
536 | ETTA
537 | LOTTIE
538 | KERRI
539 | TRISHA
540 | NIKKI
541 | ESTELLA
542 | FRANCISCA
543 | JOSIE
544 | TRACIE
545 | MARISSA
546 | KARIN
547 | BRITTNEY
548 | JANELLE
549 | LOURDES
550 | LAUREL
551 | HELENE
552 | FERN
553 | ELVA
554 | CORINNE
555 | KELSEY
556 | INA
557 | BETTIE
558 | ELISABETH
559 | AIDA
560 | CAITLIN
561 | INGRID
562 | IVA
563 | EUGENIA
564 | CHRISTA
565 | GOLDIE
566 | CASSIE
567 | MAUDE
568 | JENIFER
569 | THERESE
570 | FRANKIE
571 | DENA
572 | LORNA
573 | JANETTE
574 | LATONYA
575 | CANDY
576 | MORGAN
577 | CONSUELO
578 | TAMIKA
579 | ROSETTA
580 | DEBORA
581 | CHERIE
582 | POLLY
583 | DINA
584 | JEWELL
585 | FAY
586 | JILLIAN
587 | DOROTHEA
588 | NELL
589 | TRUDY
590 | ESPERANZA
591 | PATRICA
592 | KIMBERLEY
593 | SHANNA
594 | HELENA
595 | CAROLINA
596 | CLEO
597 | STEFANIE
598 | ROSARIO
599 | OLA
600 | JANINE
601 | MOLLIE
602 | LUPE
603 | ALISA
604 | LOU
605 | MARIBEL
606 | SUSANNE
607 | BETTE
608 | SUSANA
609 | ELISE
610 | CECILE
611 | ISABELLE
612 | LESLEY
613 | JOCELYN
614 | PAIGE
615 | JONI
616 | RACHELLE
617 | LEOLA
618 | DAPHNE
619 | ALTA
620 | ESTER
621 | PETRA
622 | GRACIELA
623 | IMOGENE
624 | JOLENE
625 | KEISHA
626 | LACEY
627 | GLENNA
628 | GABRIELA
629 | KERI
630 | URSULA
631 | LIZZIE
632 | KIRSTEN
633 | SHANA
634 | ADELINE
635 | MAYRA
636 | JAYNE
637 | JACLYN
638 | GRACIE
639 | SONDRA
640 | CARMELA
641 | MARISA
642 | ROSALIND
643 | CHARITY
644 | TONIA
645 | BEATRIZ
646 | MARISOL
647 | CLARICE
648 | JEANINE
649 | SHEENA
650 | ANGELINE
651 | FRIEDA
652 | LILY
653 | ROBBIE
654 | SHAUNA
655 | MILLIE
656 | CLAUDETTE
657 | CATHLEEN
658 | ANGELIA
659 | GABRIELLE
660 | AUTUMN
661 | KATHARINE
662 | SUMMER
663 | JODIE
664 | STACI
665 | LEA
666 | CHRISTI
667 | JIMMIE
668 | JUSTINE
669 | ELMA
670 | LUELLA
671 | MARGRET
672 | DOMINIQUE
673 | SOCORRO
674 | RENE
675 | MARTINA
676 | MARGO
677 | MAVIS
678 | CALLIE
679 | BOBBI
680 | MARITZA
681 | LUCILE
682 | LEANNE
683 | JEANNINE
684 | DEANA
685 | AILEEN
686 | LORIE
687 | LADONNA
688 | WILLA
689 | MANUELA
690 | GALE
691 | SELMA
692 | DOLLY
693 | SYBIL
694 | ABBY
695 | LARA
696 | DALE
697 | IVY
698 | DEE
699 | WINNIE
700 | MARCY
701 | LUISA
702 | JERI
703 | MAGDALENA
704 | OFELIA
705 | MEAGAN
706 | AUDRA
707 | MATILDA
708 | LEILA
709 | CORNELIA
710 | BIANCA
711 | SIMONE
712 | BETTYE
713 | RANDI
714 | VIRGIE
715 | LATISHA
716 | BARBRA
717 | GEORGINA
718 | ELIZA
719 | LEANN
720 | BRIDGETTE
721 | RHODA
722 | HALEY
723 | ADELA
724 | NOLA
725 | BERNADINE
726 | FLOSSIE
727 | ILA
728 | GRETA
729 | RUTHIE
730 | NELDA
731 | MINERVA
732 | LILLY
733 | TERRIE
734 | LETHA
735 | HILARY
736 | ESTELA
737 | VALARIE
738 | BRIANNA
739 | ROSALYN
740 | EARLINE
741 | CATALINA
742 | AVA
743 | MIA
744 | CLARISSA
745 | LIDIA
746 | CORRINE
747 | ALEXANDRIA
748 | CONCEPCION
749 | TIA
750 | SHARRON
751 | RAE
752 | DONA
753 | ERICKA
754 | JAMI
755 | ELNORA
756 | CHANDRA
757 | LENORE
758 | NEVA
759 | MARYLOU
760 | MELISA
761 | TABATHA
762 | SERENA
763 | AVIS
764 | ALLIE
765 | SOFIA
766 | JEANIE
767 | ODESSA
768 | NANNIE
769 | HARRIETT
770 | LORAINE
771 | PENELOPE
772 | MILAGROS
773 | EMILIA
774 | BENITA
775 | ALLYSON
776 | ASHLEE
777 | TANIA
778 | TOMMIE
779 | ESMERALDA
780 | KARINA
781 | EVE
782 | PEARLIE
783 | ZELMA
784 | MALINDA
785 | NOREEN
786 | TAMEKA
787 | SAUNDRA
788 | HILLARY
789 | AMIE
790 | ALTHEA
791 | ROSALINDA
792 | JORDAN
793 | LILIA
794 | ALANA
795 | GAY
796 | CLARE
797 | ALEJANDRA
798 | ELINOR
799 | MICHAEL
800 | LORRIE
801 | JERRI
802 | DARCY
803 | EARNESTINE
804 | CARMELLA
805 | TAYLOR
806 | NOEMI
807 | MARCIE
808 | LIZA
809 | ANNABELLE
810 | LOUISA
811 | EARLENE
812 | MALLORY
813 | CARLENE
814 | NITA
815 | SELENA
816 | TANISHA
817 | KATY
818 | JULIANNE
819 | JOHN
820 | LAKISHA
821 | EDWINA
822 | MARICELA
823 | MARGERY
824 | KENYA
825 | DOLLIE
826 | ROXIE
827 | ROSLYN
828 | KATHRINE
829 | NANETTE
830 | CHARMAINE
831 | LAVONNE
832 | ILENE
833 | KRIS
834 | TAMMI
835 | SUZETTE
836 | CORINE
837 | KAYE
838 | JERRY
839 | MERLE
840 | CHRYSTAL
841 | LINA
842 | DEANNE
843 | LILIAN
844 | JULIANA
845 | ALINE
846 | LUANN
847 | KASEY
848 | MARYANNE
849 | EVANGELINE
850 | COLETTE
851 | MELVA
852 | LAWANDA
853 | YESENIA
854 | NADIA
855 | MADGE
856 | KATHIE
857 | EDDIE
858 | OPHELIA
859 | VALERIA
860 | NONA
861 | MITZI
862 | MARI
863 | GEORGETTE
864 | CLAUDINE
865 | FRAN
866 | ALISSA
867 | ROSEANN
868 | LAKEISHA
869 | SUSANNA
870 | REVA
871 | DEIDRE
872 | CHASITY
873 | SHEREE
874 | CARLY
875 | JAMES
876 | ELVIA
877 | ALYCE
878 | DEIRDRE
879 | GENA
880 | BRIANA
881 | ARACELI
882 | KATELYN
883 | ROSANNE
884 | WENDI
885 | TESSA
886 | BERTA
887 | MARVA
888 | IMELDA
889 | MARIETTA
890 | MARCI
891 | LEONOR
892 | ARLINE
893 | SASHA
894 | MADELYN
895 | JANNA
896 | JULIETTE
897 | DEENA
898 | AURELIA
899 | JOSEFA
900 | AUGUSTA
901 | LILIANA
902 | YOUNG
903 | CHRISTIAN
904 | LESSIE
905 | AMALIA
906 | SAVANNAH
907 | ANASTASIA
908 | VILMA
909 | NATALIA
910 | ROSELLA
911 | LYNNETTE
912 | CORINA
913 | ALFREDA
914 | LEANNA
915 | CAREY
916 | AMPARO
917 | COLEEN
918 | TAMRA
919 | AISHA
920 | WILDA
921 | KARYN
922 | CHERRY
923 | QUEEN
924 | MAURA
925 | MAI
926 | EVANGELINA
927 | ROSANNA
928 | HALLIE
929 | ERNA
930 | ENID
931 | MARIANA
932 | LACY
933 | JULIET
934 | JACKLYN
935 | FREIDA
936 | MADELEINE
937 | MARA
938 | HESTER
939 | CATHRYN
940 | LELIA
941 | CASANDRA
942 | BRIDGETT
943 | ANGELITA
944 | JANNIE
945 | DIONNE
946 | ANNMARIE
947 | KATINA
948 | BERYL
949 | PHOEBE
950 | MILLICENT
951 | KATHERYN
952 | DIANN
953 | CARISSA
954 | MARYELLEN
955 | LIZ
956 | LAURI
957 | HELGA
958 | GILDA
959 | ADRIAN
960 | RHEA
961 | MARQUITA
962 | HOLLIE
963 | TISHA
964 | TAMERA
965 | ANGELIQUE
966 | FRANCESCA
967 | BRITNEY
968 | KAITLIN
969 | LOLITA
970 | FLORINE
971 | ROWENA
972 | REYNA
973 | TWILA
974 | FANNY
975 | JANELL
976 | INES
977 | CONCETTA
978 | BERTIE
979 | ALBA
980 | BRIGITTE
981 | ALYSON
982 | VONDA
983 | PANSY
984 | ELBA
985 | NOELLE
986 | LETITIA
987 | KITTY
988 | DEANN
989 | BRANDIE
990 | LOUELLA
991 | LETA
992 | FELECIA
993 | SHARLENE
994 | LESA
995 | BEVERLEY
996 | ROBERT
997 | ISABELLA
998 | HERMINIA
999 | TERRA
1000 | CELINA
--------------------------------------------------------------------------------
/wordlists/github-scrape.txt:
--------------------------------------------------------------------------------
1 | ecsTaskExecutionRole
2 | ECS-SERVICE-LINKED-ROLE
3 | FullLambdaAccess
4 | workspaces_DefaultRole
5 | LambdaAdminAccess
6 | GrafanaCloudWatch
7 | OrganizationAccountAccessRole
8 | AWSCloudFormationStackSetExecutionRole
9 | OrgMgmtRole
10 | service-role/codebuild-mirza-service-role
11 | ACCOUNTADMIN
12 | ANALYTICSDEVELOPER
13 | BILLING
14 | AWSControlTowerStackSetRole
15 | AWSControlTowerCloudTrailRole
16 | OrganizationFormationBuildAccessRole
17 | AWS-Landing-Zone-ConfigRecorderRole
18 | aws-elasticbeanstalk-ec2-role
--------------------------------------------------------------------------------
/wordlists/malenames-usa-top1000.txt:
--------------------------------------------------------------------------------
1 | JAMES
2 | JOHN
3 | ROBERT
4 | MICHAEL
5 | WILLIAM
6 | DAVID
7 | RICHARD
8 | CHARLES
9 | JOSEPH
10 | THOMAS
11 | CHRISTOPHER
12 | DANIEL
13 | PAUL
14 | MARK
15 | DONALD
16 | GEORGE
17 | KENNETH
18 | STEVEN
19 | EDWARD
20 | BRIAN
21 | RONALD
22 | ANTHONY
23 | KEVIN
24 | JASON
25 | MATTHEW
26 | GARY
27 | TIMOTHY
28 | JOSE
29 | LARRY
30 | JEFFREY
31 | FRANK
32 | SCOTT
33 | ERIC
34 | STEPHEN
35 | ANDREW
36 | RAYMOND
37 | GREGORY
38 | JOSHUA
39 | JERRY
40 | DENNIS
41 | WALTER
42 | PATRICK
43 | PETER
44 | HAROLD
45 | DOUGLAS
46 | HENRY
47 | CARL
48 | ARTHUR
49 | RYAN
50 | ROGER
51 | JOE
52 | JUAN
53 | JACK
54 | ALBERT
55 | JONATHAN
56 | JUSTIN
57 | TERRY
58 | GERALD
59 | KEITH
60 | SAMUEL
61 | WILLIE
62 | RALPH
63 | LAWRENCE
64 | NICHOLAS
65 | ROY
66 | BENJAMIN
67 | BRUCE
68 | BRANDON
69 | ADAM
70 | HARRY
71 | FRED
72 | WAYNE
73 | BILLY
74 | STEVE
75 | LOUIS
76 | JEREMY
77 | AARON
78 | RANDY
79 | HOWARD
80 | EUGENE
81 | CARLOS
82 | RUSSELL
83 | BOBBY
84 | VICTOR
85 | MARTIN
86 | ERNEST
87 | PHILLIP
88 | TODD
89 | JESSE
90 | CRAIG
91 | ALAN
92 | SHAWN
93 | CLARENCE
94 | SEAN
95 | PHILIP
96 | CHRIS
97 | JOHNNY
98 | EARL
99 | JIMMY
100 | ANTONIO
101 | DANNY
102 | BRYAN
103 | TONY
104 | LUIS
105 | MIKE
106 | STANLEY
107 | LEONARD
108 | NATHAN
109 | DALE
110 | MANUEL
111 | RODNEY
112 | CURTIS
113 | NORMAN
114 | ALLEN
115 | MARVIN
116 | VINCENT
117 | GLENN
118 | JEFFERY
119 | TRAVIS
120 | JEFF
121 | CHAD
122 | JACOB
123 | LEE
124 | MELVIN
125 | ALFRED
126 | KYLE
127 | FRANCIS
128 | BRADLEY
129 | JESUS
130 | HERBERT
131 | FREDERICK
132 | RAY
133 | JOEL
134 | EDWIN
135 | DON
136 | EDDIE
137 | RICKY
138 | TROY
139 | RANDALL
140 | BARRY
141 | ALEXANDER
142 | BERNARD
143 | MARIO
144 | LEROY
145 | FRANCISCO
146 | MARCUS
147 | MICHEAL
148 | THEODORE
149 | CLIFFORD
150 | MIGUEL
151 | OSCAR
152 | JAY
153 | JIM
154 | TOM
155 | CALVIN
156 | ALEX
157 | JON
158 | RONNIE
159 | BILL
160 | LLOYD
161 | TOMMY
162 | LEON
163 | DEREK
164 | WARREN
165 | DARRELL
166 | JEROME
167 | FLOYD
168 | LEO
169 | ALVIN
170 | TIM
171 | WESLEY
172 | GORDON
173 | DEAN
174 | GREG
175 | JORGE
176 | DUSTIN
177 | PEDRO
178 | DERRICK
179 | DAN
180 | LEWIS
181 | ZACHARY
182 | COREY
183 | HERMAN
184 | MAURICE
185 | VERNON
186 | ROBERTO
187 | CLYDE
188 | GLEN
189 | HECTOR
190 | SHANE
191 | RICARDO
192 | SAM
193 | RICK
194 | LESTER
195 | BRENT
196 | RAMON
197 | CHARLIE
198 | TYLER
199 | GILBERT
200 | GENE
201 | MARC
202 | REGINALD
203 | RUBEN
204 | BRETT
205 | ANGEL
206 | NATHANIEL
207 | RAFAEL
208 | LESLIE
209 | EDGAR
210 | MILTON
211 | RAUL
212 | BEN
213 | CHESTER
214 | CECIL
215 | DUANE
216 | FRANKLIN
217 | ANDRE
218 | ELMER
219 | BRAD
220 | GABRIEL
221 | RON
222 | MITCHELL
223 | ROLAND
224 | ARNOLD
225 | HARVEY
226 | JARED
227 | ADRIAN
228 | KARL
229 | CORY
230 | CLAUDE
231 | ERIK
232 | DARRYL
233 | JAMIE
234 | NEIL
235 | JESSIE
236 | CHRISTIAN
237 | JAVIER
238 | FERNANDO
239 | CLINTON
240 | TED
241 | MATHEW
242 | TYRONE
243 | DARREN
244 | LONNIE
245 | LANCE
246 | CODY
247 | JULIO
248 | KELLY
249 | KURT
250 | ALLAN
251 | NELSON
252 | GUY
253 | CLAYTON
254 | HUGH
255 | MAX
256 | DWAYNE
257 | DWIGHT
258 | ARMANDO
259 | FELIX
260 | JIMMIE
261 | EVERETT
262 | JORDAN
263 | IAN
264 | WALLACE
265 | KEN
266 | BOB
267 | JAIME
268 | CASEY
269 | ALFREDO
270 | ALBERTO
271 | DAVE
272 | IVAN
273 | JOHNNIE
274 | SIDNEY
275 | BYRON
276 | JULIAN
277 | ISAAC
278 | MORRIS
279 | CLIFTON
280 | WILLARD
281 | DARYL
282 | ROSS
283 | VIRGIL
284 | ANDY
285 | MARSHALL
286 | SALVADOR
287 | PERRY
288 | KIRK
289 | SERGIO
290 | MARION
291 | TRACY
292 | SETH
293 | KENT
294 | TERRANCE
295 | RENE
296 | EDUARDO
297 | TERRENCE
298 | ENRIQUE
299 | FREDDIE
300 | WADE
301 | AUSTIN
302 | STUART
303 | FREDRICK
304 | ARTURO
305 | ALEJANDRO
306 | JACKIE
307 | JOEY
308 | NICK
309 | LUTHER
310 | WENDELL
311 | JEREMIAH
312 | EVAN
313 | JULIUS
314 | DANA
315 | DONNIE
316 | OTIS
317 | SHANNON
318 | TREVOR
319 | OLIVER
320 | LUKE
321 | HOMER
322 | GERARD
323 | DOUG
324 | KENNY
325 | HUBERT
326 | ANGELO
327 | SHAUN
328 | LYLE
329 | MATT
330 | LYNN
331 | ALFONSO
332 | ORLANDO
333 | REX
334 | CARLTON
335 | ERNESTO
336 | CAMERON
337 | NEAL
338 | PABLO
339 | LORENZO
340 | OMAR
341 | WILBUR
342 | BLAKE
343 | GRANT
344 | HORACE
345 | RODERICK
346 | KERRY
347 | ABRAHAM
348 | WILLIS
349 | RICKEY
350 | JEAN
351 | IRA
352 | ANDRES
353 | CESAR
354 | JOHNATHAN
355 | MALCOLM
356 | RUDOLPH
357 | DAMON
358 | KELVIN
359 | RUDY
360 | PRESTON
361 | ALTON
362 | ARCHIE
363 | MARCO
364 | WM
365 | PETE
366 | RANDOLPH
367 | GARRY
368 | GEOFFREY
369 | JONATHON
370 | FELIPE
371 | BENNIE
372 | GERARDO
373 | ED
374 | DOMINIC
375 | ROBIN
376 | LOREN
377 | DELBERT
378 | COLIN
379 | GUILLERMO
380 | EARNEST
381 | LUCAS
382 | BENNY
383 | NOEL
384 | SPENCER
385 | RODOLFO
386 | MYRON
387 | EDMUND
388 | GARRETT
389 | SALVATORE
390 | CEDRIC
391 | LOWELL
392 | GREGG
393 | SHERMAN
394 | WILSON
395 | DEVIN
396 | SYLVESTER
397 | KIM
398 | ROOSEVELT
399 | ISRAEL
400 | JERMAINE
401 | FORREST
402 | WILBERT
403 | LELAND
404 | SIMON
405 | GUADALUPE
406 | CLARK
407 | IRVING
408 | CARROLL
409 | BRYANT
410 | OWEN
411 | RUFUS
412 | WOODROW
413 | SAMMY
414 | KRISTOPHER
415 | MACK
416 | LEVI
417 | MARCOS
418 | GUSTAVO
419 | JAKE
420 | LIONEL
421 | MARTY
422 | TAYLOR
423 | ELLIS
424 | DALLAS
425 | GILBERTO
426 | CLINT
427 | NICOLAS
428 | LAURENCE
429 | ISMAEL
430 | ORVILLE
431 | DREW
432 | JODY
433 | ERVIN
434 | DEWEY
435 | AL
436 | WILFRED
437 | JOSH
438 | HUGO
439 | IGNACIO
440 | CALEB
441 | TOMAS
442 | SHELDON
443 | ERICK
444 | FRANKIE
445 | STEWART
446 | DOYLE
447 | DARREL
448 | ROGELIO
449 | TERENCE
450 | SANTIAGO
451 | ALONZO
452 | ELIAS
453 | BERT
454 | ELBERT
455 | RAMIRO
456 | CONRAD
457 | PAT
458 | NOAH
459 | GRADY
460 | PHIL
461 | CORNELIUS
462 | LAMAR
463 | ROLANDO
464 | CLAY
465 | PERCY
466 | DEXTER
467 | BRADFORD
468 | MERLE
469 | DARIN
470 | AMOS
471 | TERRELL
472 | MOSES
473 | IRVIN
474 | SAUL
475 | ROMAN
476 | DARNELL
477 | RANDAL
478 | TOMMIE
479 | TIMMY
480 | DARRIN
481 | WINSTON
482 | BRENDAN
483 | TOBY
484 | VAN
485 | ABEL
486 | DOMINICK
487 | BOYD
488 | COURTNEY
489 | JAN
490 | EMILIO
491 | ELIJAH
492 | CARY
493 | DOMINGO
494 | SANTOS
495 | AUBREY
496 | EMMETT
497 | MARLON
498 | EMANUEL
499 | JERALD
500 | EDMOND
501 | EMIL
502 | DEWAYNE
503 | WILL
504 | OTTO
505 | TEDDY
506 | REYNALDO
507 | BRET
508 | MORGAN
509 | JESS
510 | TRENT
511 | HUMBERTO
512 | EMMANUEL
513 | STEPHAN
514 | LOUIE
515 | VICENTE
516 | LAMONT
517 | STACY
518 | GARLAND
519 | MILES
520 | MICAH
521 | EFRAIN
522 | BILLIE
523 | LOGAN
524 | HEATH
525 | RODGER
526 | HARLEY
527 | DEMETRIUS
528 | ETHAN
529 | ELDON
530 | ROCKY
531 | PIERRE
532 | JUNIOR
533 | FREDDY
534 | ELI
535 | BRYCE
536 | ANTOINE
537 | ROBBIE
538 | KENDALL
539 | ROYCE
540 | STERLING
541 | MICKEY
542 | CHASE
543 | GROVER
544 | ELTON
545 | CLEVELAND
546 | DYLAN
547 | CHUCK
548 | DAMIAN
549 | REUBEN
550 | STAN
551 | AUGUST
552 | LEONARDO
553 | JASPER
554 | RUSSEL
555 | ERWIN
556 | BENITO
557 | HANS
558 | MONTE
559 | BLAINE
560 | ERNIE
561 | CURT
562 | QUENTIN
563 | AGUSTIN
564 | MURRAY
565 | JAMAL
566 | DEVON
567 | ADOLFO
568 | HARRISON
569 | TYSON
570 | BURTON
571 | BRADY
572 | ELLIOTT
573 | WILFREDO
574 | BART
575 | JARROD
576 | VANCE
577 | DENIS
578 | DAMIEN
579 | JOAQUIN
580 | HARLAN
581 | DESMOND
582 | ELLIOT
583 | DARWIN
584 | ASHLEY
585 | GREGORIO
586 | BUDDY
587 | XAVIER
588 | KERMIT
589 | ROSCOE
590 | ESTEBAN
591 | ANTON
592 | SOLOMON
593 | SCOTTY
594 | NORBERT
595 | ELVIN
596 | WILLIAMS
597 | NOLAN
598 | CAREY
599 | ROD
600 | QUINTON
601 | HAL
602 | BRAIN
603 | ROB
604 | ELWOOD
605 | KENDRICK
606 | DARIUS
607 | MOISES
608 | SON
609 | MARLIN
610 | FIDEL
611 | THADDEUS
612 | CLIFF
613 | MARCEL
614 | ALI
615 | JACKSON
616 | RAPHAEL
617 | BRYON
618 | ARMAND
619 | ALVARO
620 | JEFFRY
621 | DANE
622 | JOESPH
623 | THURMAN
624 | NED
625 | SAMMIE
626 | RUSTY
627 | MICHEL
628 | MONTY
629 | RORY
630 | FABIAN
631 | REGGIE
632 | MASON
633 | GRAHAM
634 | KRIS
635 | ISAIAH
636 | VAUGHN
637 | GUS
638 | AVERY
639 | LOYD
640 | DIEGO
641 | ALEXIS
642 | ADOLPH
643 | NORRIS
644 | MILLARD
645 | ROCCO
646 | GONZALO
647 | DERICK
648 | RODRIGO
649 | GERRY
650 | STACEY
651 | CARMEN
652 | WILEY
653 | RIGOBERTO
654 | ALPHONSO
655 | TY
656 | SHELBY
657 | RICKIE
658 | NOE
659 | VERN
660 | BOBBIE
661 | REED
662 | JEFFERSON
663 | ELVIS
664 | BERNARDO
665 | MAURICIO
666 | HIRAM
667 | DONOVAN
668 | BASIL
669 | RILEY
670 | OLLIE
671 | NICKOLAS
672 | MAYNARD
673 | SCOT
674 | VINCE
675 | QUINCY
676 | EDDY
677 | SEBASTIAN
678 | FEDERICO
679 | ULYSSES
680 | HERIBERTO
681 | DONNELL
682 | COLE
683 | DENNY
684 | DAVIS
685 | GAVIN
686 | EMERY
687 | WARD
688 | ROMEO
689 | JAYSON
690 | DION
691 | DANTE
692 | CLEMENT
693 | COY
694 | ODELL
695 | MAXWELL
696 | JARVIS
697 | BRUNO
698 | ISSAC
699 | MARY
700 | DUDLEY
701 | BROCK
702 | SANFORD
703 | COLBY
704 | CARMELO
705 | BARNEY
706 | NESTOR
707 | HOLLIS
708 | STEFAN
709 | DONNY
710 | ART
711 | LINWOOD
712 | BEAU
713 | WELDON
714 | GALEN
715 | ISIDRO
716 | TRUMAN
717 | DELMAR
718 | JOHNATHON
719 | SILAS
720 | FREDERIC
721 | DICK
722 | KIRBY
723 | IRWIN
724 | CRUZ
725 | MERLIN
726 | MERRILL
727 | CHARLEY
728 | MARCELINO
729 | LANE
730 | HARRIS
731 | CLEO
732 | CARLO
733 | TRENTON
734 | KURTIS
735 | HUNTER
736 | AURELIO
737 | WINFRED
738 | VITO
739 | COLLIN
740 | DENVER
741 | CARTER
742 | LEONEL
743 | EMORY
744 | PASQUALE
745 | MOHAMMAD
746 | MARIANO
747 | DANIAL
748 | BLAIR
749 | LANDON
750 | DIRK
751 | BRANDEN
752 | ADAN
753 | NUMBERS
754 | CLAIR
755 | BUFORD
756 | GERMAN
757 | BERNIE
758 | WILMER
759 | JOAN
760 | EMERSON
761 | ZACHERY
762 | FLETCHER
763 | JACQUES
764 | ERROL
765 | DALTON
766 | MONROE
767 | JOSUE
768 | DOMINIQUE
769 | EDWARDO
770 | BOOKER
771 | WILFORD
772 | SONNY
773 | SHELTON
774 | CARSON
775 | THERON
776 | RAYMUNDO
777 | DAREN
778 | TRISTAN
779 | HOUSTON
780 | ROBBY
781 | LINCOLN
782 | JAME
783 | GENARO
784 | GALE
785 | BENNETT
786 | OCTAVIO
787 | CORNELL
788 | LAVERNE
789 | HUNG
790 | ARRON
791 | ANTONY
792 | HERSCHEL
793 | ALVA
794 | GIOVANNI
795 | GARTH
796 | CYRUS
797 | CYRIL
798 | RONNY
799 | STEVIE
800 | LON
801 | FREEMAN
802 | ERIN
803 | DUNCAN
804 | KENNITH
805 | CARMINE
806 | AUGUSTINE
807 | YOUNG
808 | ERICH
809 | CHADWICK
810 | WILBURN
811 | RUSS
812 | REID
813 | MYLES
814 | ANDERSON
815 | MORTON
816 | JONAS
817 | FOREST
818 | MITCHEL
819 | MERVIN
820 | ZANE
821 | RICH
822 | JAMEL
823 | LAZARO
824 | ALPHONSE
825 | RANDELL
826 | MAJOR
827 | JOHNIE
828 | JARRETT
829 | BROOKS
830 | ARIEL
831 | ABDUL
832 | DUSTY
833 | LUCIANO
834 | LINDSEY
835 | TRACEY
836 | SEYMOUR
837 | SCOTTIE
838 | EUGENIO
839 | MOHAMMED
840 | SANDY
841 | VALENTIN
842 | CHANCE
843 | ARNULFO
844 | LUCIEN
845 | FERDINAND
846 | THAD
847 | EZRA
848 | SYDNEY
849 | ALDO
850 | RUBIN
851 | ROYAL
852 | MITCH
853 | EARLE
854 | ABE
855 | WYATT
856 | MARQUIS
857 | LANNY
858 | KAREEM
859 | JAMAR
860 | BORIS
861 | ISIAH
862 | EMILE
863 | ELMO
864 | ARON
865 | LEOPOLDO
866 | EVERETTE
867 | JOSEF
868 | GAIL
869 | ELOY
870 | DORIAN
871 | RODRICK
872 | REINALDO
873 | LUCIO
874 | JERROD
875 | WESTON
876 | HERSHEL
877 | BARTON
878 | PARKER
879 | LEMUEL
880 | LAVERN
881 | BURT
882 | JULES
883 | GIL
884 | ELISEO
885 | AHMAD
886 | NIGEL
887 | EFREN
888 | ANTWAN
889 | ALDEN
890 | MARGARITO
891 | COLEMAN
892 | REFUGIO
893 | DINO
894 | OSVALDO
895 | LES
896 | DEANDRE
897 | NORMAND
898 | KIETH
899 | IVORY
900 | ANDREA
901 | TREY
902 | NORBERTO
903 | NAPOLEON
904 | JEROLD
905 | FRITZ
906 | ROSENDO
907 | MILFORD
908 | SANG
909 | DEON
910 | CHRISTOPER
911 | ALFONZO
912 | LYMAN
913 | JOSIAH
914 | BRANT
915 | WILTON
916 | RICO
917 | JAMAAL
918 | DEWITT
919 | CAROL
920 | BRENTON
921 | YONG
922 | OLIN
923 | FOSTER
924 | FAUSTINO
925 | CLAUDIO
926 | JUDSON
927 | GINO
928 | EDGARDO
929 | BERRY
930 | ALEC
931 | TANNER
932 | JARRED
933 | DONN
934 | TRINIDAD
935 | TAD
936 | SHIRLEY
937 | PRINCE
938 | PORFIRIO
939 | ODIS
940 | MARIA
941 | LENARD
942 | CHAUNCEY
943 | CHANG
944 | TOD
945 | MEL
946 | MARCELO
947 | KORY
948 | AUGUSTUS
949 | KEVEN
950 | HILARIO
951 | BUD
952 | SAL
953 | ROSARIO
954 | ORVAL
955 | MAURO
956 | DANNIE
957 | ZACHARIAH
958 | OLEN
959 | ANIBAL
960 | MILO
961 | JED
962 | FRANCES
963 | THANH
964 | DILLON
965 | AMADO
966 | NEWTON
967 | CONNIE
968 | LENNY
969 | TORY
970 | RICHIE
971 | LUPE
972 | HORACIO
973 | BRICE
974 | MOHAMED
975 | DELMER
976 | DARIO
977 | REYES
978 | DEE
979 | MAC
980 | JONAH
981 | JERROLD
982 | ROBT
983 | HANK
984 | SUNG
985 | RUPERT
986 | ROLLAND
987 | KENTON
988 | DAMION
989 | CHI
990 | ANTONE
991 | WALDO
992 | FREDRIC
993 | BRADLY
994 | QUINN
995 | KIP
996 | BURL
997 | WALKER
998 | TYREE
999 | JEFFEREY
1000 | AHMED
--------------------------------------------------------------------------------
/wordlists/service-linked-roles.txt:
--------------------------------------------------------------------------------
1 | aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer
2 | aws-service-role/accountdiscovery.ssm.amazonaws.com/AWSServiceRoleForAmazonSSM_AccountDiscovery
3 | aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager
4 | aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh
5 | aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner
6 | aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_RDSCluster
7 | aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager
8 | aws-service-role/autoscaling-plans.amazonaws.com/AWSServiceRoleForAutoScalingPlans_EC2AutoScaling
9 | aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup
10 | aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket
11 | aws-service-role/bugbust.amazonaws.com/AWSServiceRoleForBugBust
12 | aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable
13 | aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels
14 | aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels_
15 | aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime
16 | aws-service-role/cks.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceCustomKeyStores
17 | aws-service-role/cloud9.amazonaws.com/AWSCloud9ServiceRolePolicy
18 | aws-service-role/cloudhsm.amazonaws.com/AWSServiceRoleForCloudHSM
19 | aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail
20 | aws-service-role/codeguru-profiler.amazonaws.com/AWSServiceRoleForCodeGuruProfiler
21 | aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer
22 | aws-service-role/codestar-notifications.amazonaws.com/AWSServiceRoleForCodeStarNotifications
23 | aws-service-role/comprehend.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ComprehendEndpoint
24 | aws-service-role/compute-optimizer.amazonaws.com/AWSServiceRoleForComputeOptimizer
25 | aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
26 | aws-service-role/connect.amazonaws.com/AmazonConnectServiceLinkedRolePolicy
27 | aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport
28 | aws-service-role/custom-resource.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CustomResource
29 | aws-service-role/dax.amazonaws.com/AWSServiceRoleForDAX
30 | aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery
31 | aws-service-role/devops-guru.amazonaws.com/AmazonDevOpsGuruServiceRolePolicy
32 | aws-service-role/directconnect.amazonaws.com/AWSServiceRoleForNetworkManager
33 | aws-service-role/directconnect.amazon.com/AWSServiceRoleForDirectConnect
34 | aws-service-role/dms.amazonaws.com/AWSServiceRoleForMigrationHubDMSAccess
35 | aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable
36 | aws-service-role/ec2.amazonaws.com/AWSServiceRoleForNetworkManager
37 | aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet
38 | aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest
39 | aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS
40 | aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService
41 | aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS
42 | aws-service-role/eks-connector.amazonaws.com/AWSServiceRoleForAmazonEKSConnector
43 | aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate
44 | aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup
45 | aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache
46 | aws-service-role/elasticache.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ElastiCacheRG
47 | aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem
48 | aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup
49 | aws-service-role/email.cognito-idp.amazonaws.com/AmazonCognitoIdp
50 | aws-service-role/email.cognito-idp.amazonaws.com/AmazonCognitoIdpEmailService
51 | aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers
52 | aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService
53 | aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchAlarms_ActionSSM
54 | aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchAlarms_ActionSSMIncidents
55 | aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents
56 | aws-service-role/events.workmail.amazonaws.com/AmazonWorkMailEvents
57 | aws-service-role/fis.amazonaws.com/AWSServiceRoleForFIS
58 | aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
59 | aws-service-role/fsx.amazonaws.com/AWSServiceRoleForAmazonFSx
60 | aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator
61 | aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty
62 | aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector
63 | aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise
64 | aws-service-role/ivs.amazonaws.com/AWSServiceRoleForIVSRecordToS3
65 | aws-service-role/kafka.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_KafkaCluster
66 | aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect
67 | aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess
68 | aws-service-role/lambda.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_LambdaConcurrency
69 | aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots
70 | aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots_
71 | aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement
72 | aws-service-role/license-manager.amazonaws.com/AWSServiceRoleForAWSLicenseManagerRole
73 | aws-service-role/license-manager.master-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMasterAccountRole
74 | aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole
75 | aws-service-role/logger.cloudfront.amazonaws.com/AWSServiceRoleForCloudFrontLogger
76 | aws-service-role/macie.amazonaws.com/AWSServiceRoleForAmazonMacie
77 | aws-service-role/management.chatbot.amazonaws.com/AWSServiceRoleForAWSChatbot
78 | aws-service-role/mediatailor.amazonaws.com/AWSServiceRoleForMediaTailor
79 | aws-service-role/memorydb.amazonaws.com/AWSServiceRoleForMemoryDB
80 | aws-service-role/mgn.amazonaws.com/AWSServiceRoleForApplicationMigrationService
81 | aws-service-role/migrationhub.amazonaws.com/AWSServiceRoleForMigrationHub
82 | aws-service-role/migrationhub-strategy.amazonaws.com/AWSMigrationHubStrategyServiceRolePolicy
83 | aws-service-role/mq.amazonaws.com/AWSServiceRoleForAmazonMQ
84 | aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys
85 | aws-service-role/neptune.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_NeptuneCluster
86 | aws-service-role/network-firewall.amazonaws.com/AWSServiceRoleForNetworkFirewall
87 | aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway
88 | aws-service-role/opsdatasync.ssm.amazonaws.com/AWSServiceRoleForSystemsManagerOpsDataSync
89 | aws-service-role/opsinsights.ssm.amazonaws.com/AWSSSMOpsInsightsServiceRolePolicy
90 | aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations
91 | aws-service-role/panorama.amazonaws.com/AWSServiceRoleForAWSPanorama
92 | aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS
93 | aws-service-role/rds.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_RDSCluster
94 | aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift
95 | aws-service-role/replicator.lambda.amazonaws.com/AWSServiceRoleForLambdaReplicator
96 | aws-service-role/reports.backup.amazonaws.com/AWSServiceRoleForBackupReports
97 | aws-service-role/robomaker.amazonaws.com/AWSServiceRoleForRoboMaker
98 | aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver
99 | aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint
100 | aws-service-role/securityhub.amazonaws.com/AWSServiceRoleForSecurityHub
101 | aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceCatalogAppRegistryServiceRolePolicy
102 | aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry
103 | aws-service-role/sms.amazonaws.com/AWSServiceRoleForMigrationHubSMSAccess
104 | aws-service-role/sms.amazonaws.com/AWSServiceRoleForSMS
105 | aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM
106 | aws-service-role/ssm-incidents.amazonaws.com/AWSServiceRoleforIncidentManager
107 | aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO
108 | aws-service-role/storage-lens.s3.amazonaws.com/AWSServiceRoleForS3StorageLens
109 | aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport
110 | aws-service-role/transcription.chime.amazonaws.com/AWSServiceRoleForAmazonChimeTranscription
111 | aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisor
112 | aws-service-role/trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisorReporting
113 | aws-service-role/voiceconnector.chime.amazonaws.com/AWSServiceRoleForAmazonChimeVoiceConnector
114 | aws-service-role/waf.amazonaws.com/AWSServiceRoleForWAFLogging
115 | aws-service-role/waf-regional.amazonaws.com/AWSServiceRoleForWAFRegionalLogging
116 | aws-service-role/wafv2.amazonaws.com/AWSServiceRoleForWAFV2Logging
117 | aws-service-role/worklink.amazonaws.com/AWSServiceRoleForAmazonWorkLinkecsTaskExecutionRole
118 | ECS-SERVICE-LINKED-ROLE
119 | FullLambdaAccess
120 | workspaces_DefaultRole
121 | LambdaAdminAccess
122 | GrafanaCloudWatch
123 | OrganizationAccountAccessRole
124 | AWSCloudFormationStackSetExecutionRole
125 | OrgMgmtRole
126 | service-codebuild-mirza-service-role
127 | ACCOUNTADMIN
128 | ANALYTICSDEVELOPER
129 | BILLING
130 | AWSControlTowerStackSetRole
131 | AWSControlTowerCloudTrailRole
132 | OrganizationFormationBuildAccessRole
133 | AWS-Landing-Zone-ConfigRecorderRole
134 | aws-elasticbeanstalk-ec2-role
135 | AWSGlueServiceRoleDefault
136 | EMR_DefaultRole
137 | EMR_EC2_DefaultRole
138 | DatadogAWSIntegrationRole
139 | workspaces
140 | workspaces_DefaultRole
141 | workspaces_defaultrole
142 | Alert_Logic_Cloud_Defender
143 | CloudCheckr
144 | CloudMGR
145 | CloudSploitRole
146 | DSWebAppsScanningRole
147 | DatadogAWSIntegrationRole
148 | Dome9-Connect
149 | Dome9Connect
150 | KochavaReadS3
151 | Loggly_aws
152 | MtSecurityScan
153 | NewRelic-Infrastructure-AWS-Integration
154 | OktaSSO
155 | OpsClarity-Access
156 | Orbitera
157 | RedlineAccess
158 | Stackdriver
159 | ThreatStackRole
160 | alertlogic
161 | bp-cloudhealth
162 | bulletproof
163 | cb-access
164 | cloudability
165 | cloudbreak
166 | cloudcheckr
167 | cloudcraft
168 | cloudmgr
169 | cloudsploit
170 | AquaRole
171 | AquasecRole
172 | datadog
173 | deepsecurity
174 | dome9
175 | dynatrace
176 | freshservice
177 | globus
178 | instaclustr
179 | keyWatch
180 | kochava
181 | loggly
182 | loggly-role
183 | mediatemple
184 | mongodb
185 | myMMSRole
186 | newrelic
187 | okta
188 | opsclarity
189 | orbitera
190 | redline
191 | redline13
192 | roleWatch
193 | s3stat
194 | signalfx
195 | skeddly
196 | stackdriver
197 | teraproc
198 | teraproc-access
199 | threatstack
200 | threatstackrole
201 | newrelic-infrastructure-aws-integration
202 | okta
203 | oktasso
204 | opsworks
205 | PrismaCloudCustomRole
206 | PrismaCloudRole
207 | PrismaCloud
208 | Prisma
209 |
--------------------------------------------------------------------------------