Comments (6)
Nice work!
Looks like its fixed :)
from pmapper.
Hello @Kamerabuilt ,
First look, I'm guessing it's the aws:MultiFactorAuthPresent
condition that's tripping things up. The relevant source code is https://github.com/nccgroup/PMapper/blob/master/principalmapper/graphing/sts_edges.py#L84-L86 . If that's not working, then all the MFA stuff might be broken and that'd be a bigger problem.
Please confirm the following:
- Which version of PMapper are you're using?
- Is the user is able to assume the role (i.e. no mispellings in any of the policies)?
- Does the user has an MFA device configured?
- Is this for a live AWS account or a mock account on LocalStack?
from pmapper.
- I am using the latest PMapper version (I reinstalled it from scratch today). Is there a way to confirm which version exactly? I tried running -v (version), but it does not seem to be supported.
- Yes, user can assume the role and execute the admin privileges associated with that role (through MFA)
- Yes, and it is needed to assume the role per the Trust policy
- It is a live AWS account (my personal account)
from pmapper.
Added a fix in v1.2.0-dev
with 06f1dc1 . This issue actually extends to any edge-checks that involves resource policies that can be affected by MFA. Probably gonna have to do some more fixing here before releasing v1.2.0.
from pmapper.
Can I test the 1.2.0-dev (if so how)?
Is there a way to display the current version of PMapper?
from pmapper.
Sure can! Just clone the repo and checkout the 1.2.0-dev
branch. Then do pip install .
from the PMapper directory after you finish cloning. If you run pip show principalmapper
it should show you the current version, and v1.2.0 will have a --version
arg.
from pmapper.
Related Issues (20)
- PMapper 1.1.5 builds edges that include role/AWSServiceRoleForSupport when performing authorization checks HOT 10
- Terraform Plans HOT 2
- Graph Deletion HOT 1
- Stuck at Generating Edges based on lambda data HOT 2
- MFA requirements in roles can lead to misleading results
- can_privesc() method only returns one edge_list ?
- Traceback when doing connected query for role that does not exist
- FileNotFoundError in graph_cli
- Exception When Policy is Only Used as Permission Boundary HOT 1
- Permission boundaries not considered when querying
- Python 3.10 fails to run HOT 1
- Does not run in 3.11 due to mapping import error HOT 1
- iam:ListAccessKeys denied exception in gathering.py
- Stack trace on incorrect PMAPPER_STORAGE environment variable
- Stack trace on missing credentials
- Crash while scanning principals that use deprecated permission policies HOT 3
- Performance issues scanning large accounts HOT 8
- AWS Policy with minimal permissions
- Collections Module issue in Python 3.10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pmapper.