Pacu – AWS penetration testing toolkit

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, the tool allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more.

some of the current key features are:

  • Comprehensive AWS security-testing toolkit, supported by a leading cybersecurity firm.
  • Wide range of powerful scanning and exploitation capabilities offer by 36 modules (and counting)* which can be chained together.
  • Open-source and modular structure allows easy auditing and community-driven improvement.
Pacu - AWS penetration testing toolkit

Pacu – AWS penetration testing toolkit

Pacu uses a range of plug-in modules to assist an attacker in enumeration, privilege escalation, data exfiltration, service exploitation, and log manipulation within AWS environments. At present, Pacu has 36 modules for executing AWS attacks.

You can read more about this tool and download the latest release here: