Pacu

Rhino Security is a consultancy that specializes in cloud penetration testing and has done extensive work in looking at security issues in cloud environments like AWS. They have created an exploitation tool called Pacu that is designed to interoperate with the AWS API. The tool is written in Python and somewhat feels like Metasploit, but not exactly. It has over 35 modules for AWS environments and can manage multiple AWS profiles. The tool features components in reconnaissance, enumeration, mapping, privilege escalation, and even persistence modules. You can pull the tool from the following location: http://www.github.com/RhinoSecurityLabs/pacu. 39 h

here are only three unauthenticated modules:

− s3__bucket_finder for public buckets

− iam__enum_users tries to use AssumeRole to look for users

− iam__enum_roles same but for roles

While IAM enum_users and roles are "unauthenticated", they do require a "valid" AWS credential. You can bring your own.