Exploitationawscloudexploitationpentestingiamlambda

Pacu

Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments. It enables penetration testers to exploit configuration flaws in AWS accounts using modular functionality.

Description

Pacu, created and maintained by Rhino Security Labs, is an open-source AWS exploitation framework tailored for offensive security testing in cloud environments. It allows penetration testers to identify and exploit configuration flaws within an AWS account through a modular architecture that facilitates easy expansion of capabilities.

Current modules support a variety of attacks, including user privilege escalation, backdooring of IAM users, and targeting vulnerable Lambda functions, among others. This makes Pacu a versatile tool for assessing and demonstrating AWS security weaknesses in controlled testing scenarios.

The framework integrates with standard AWS tools and Python libraries, providing a structured approach to cloud penetration testing. It is particularly useful for red team exercises focused on AWS infrastructure.

How It Works

Pacu operates as a modular framework leveraging AWS SDKs like boto3 to interact with AWS services. Modules execute specific exploitation techniques, such as privilege escalation via misconfigurations or IAM backdooring, by manipulating AWS APIs, policies, and resources. Sessions manage credentials and state, enabling persistent testing across regions and services.

Installation

bash

sudo apt install pacu

Flags

-h, --helpshow this help message and exit

--session<session name>

--activate-sessionactivate session, use session arg to set session name

--new-session<session name>

--set-keysalias, access id, secret key, token

--import-keysAWS profile name to import keys from

--module-name<module name>

--data<service name/all>

--module-argsmodule-specific arguments

--list-moduleslist available modules

--pacu-helpshow Pacu help

--module-infoshow module information

--execexecute module

--set-regionsset regions for testing

--whoamishow current AWS identity

--versionshow version

-qquiet mode

Examples

Display the full help message and usage options for Pacu

pacu -h

Load or specify a named session for AWS testing

pacu --session <session name>

Activate a specific session by name

pacu --activate-session --session <session name>

Create a new session with the given name

pacu --new-session <session name>

Set AWS credentials using alias, access ID, secret key, and optional token

pacu --set-keys <alias> <access id> <secret key> <token>

Import AWS keys from a named AWS CLI profile

pacu --import-keys <AWS profile name>

List all available exploitation modules

pacu --list-modules

Display current AWS identity and permissions

pacu --whoami

Updated 2026-04-16kali.org ↗