Skip to content
/ ud-peep Public

Search for secrets inside user data attached to EC2 instances on multiple AWS accounts

License

MIT license
16 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

akhil-reni/ud-peep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
UDPeep
UDPeep
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
udpeep_1.png
udpeep_1.png
 
 

Repository files navigation

AWS User Data Secrets Finder

One of the challenges that large orgs face is sometimes ops teams leave sensitive API keys, passwords or secrets inside AWS user data. Leaving those keys there might not directly lead to a vulnerability but any other vulnerability like a full responsive SSRF can be used to extract the secrets. To avoid this it's often suggested not to hardcode credentials there.

UDPeep is a simple command line tool that will allow you to scan your EC2 instances on AWS for secrets.

Usage

Argument Required Description
-o(output file CSV) Optional CSV output for viewing results
-r(Role ARN) Optional Provide role ARN along to switch account
-s(Role Session) Optional Role session name to be used

Installation

Clone the repository

git clone https://github.com/akhil-reni/ud-peep.git

Install UDPeep

python3 setup.py install

Setup your AWS creds - Make sure the IAM role has access to list and view EC2 attributes

aws configure


ud_peep

UDPeep POC

Contributors

  • Prakash Ashok
  • Krishna Nuthakki

About

Search for secrets inside user data attached to EC2 instances on multiple AWS accounts

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages