{"id":22799175,"url":"https://github.com/dhammon/attess","last_synced_at":"2025-09-13T06:47:32.712Z","repository":{"id":159043425,"uuid":"589040440","full_name":"dhammon/Attess","owner":"dhammon","description":null,"archived":false,"fork":false,"pushed_at":"2024-08-19T03:13:58.000Z","size":32,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-30T19:15:06.208Z","etag":null,"topics":["attack-surface","aws"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dhammon.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-14T21:29:50.000Z","updated_at":"2024-08-19T03:14:02.000Z","dependencies_parsed_at":"2023-05-01T22:00:54.023Z","dependency_job_id":null,"html_url":"https://github.com/dhammon/Attess","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dhammon/Attess","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dhammon%2FAttess","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dhammon%2FAttess/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dhammon%2FAttess/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dhammon%2FAttess/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dhammon","download_url":"https://codeload.github.com/dhammon/Attess/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dhammon%2FAttess/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274930300,"owners_count":25375712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-13T02:00:10.085Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack-surface","aws"],"created_at":"2024-12-12T07:08:13.499Z","updated_at":"2025-09-13T06:47:32.695Z","avatar_url":"https://github.com/dhammon.png","language":"Python","readme":"\n```\n █████╗ ████████╗████████╗███████╗███████╗███████╗\n██╔══██╗╚══██╔══╝╚══██╔══╝██╔════╝██╔════╝██╔════╝\n███████║   ██║      ██║   █████╗  ███████╗███████╗\n██╔══██║   ██║      ██║   ██╔══╝  ╚════██║╚════██║\n██║  ██║   ██║      ██║   ███████╗███████║███████║\n╚═╝  ╚═╝   ╚═╝      ╚═╝   ╚══════╝╚══════╝╚══════╝\n\nBlackbox testing AWS public services\n```                                               \n\n\u003e Pronounced \"uh-tes\" almost like attest, which is the play on words we are looking for under the context of attesting to the security.  The name is derived from combining \"attack\" and \"access\" and this tool suite's objective is to fill the gap where so many awesome tools fall short when approaching AWS account's public internet posture.\n\n\n\n# Installation\n```\ngit clone https://github.com/dhammon/Attess\ncd Attess\npip install -r requirements.txt\n```\n\n\n# Use\n`./attess.py --help`\n\n\n\n## Account Module\nTest a single AWS account number is valid (in use).\n```\n./attess.py account 123123123123\n\n[-] Invalid AWS Account: 123123123123\n```\n\n## Accounts Module\nTest a range of AWS account numbers for use.\n```\n ./attess.py accounts 123123123123 123123123173 --threads=10\n\n[!] 100% complete\nSeconds spent: 2\n```\n\n## ECR Module\nIdentify misconfigured open container repositories through bruteforce.  Not stealthy and requires `principal: *` misconfigured policy.\n```\n./attess.py containers 123123123123\n\n[!] Completed\n```\n\n## Surface Module\nList public FQDN and IPs from AWS services.  Requires AWS credentials set:\n```bash\nexport AWS_ACCESS_KEY_ID=SOME_KEY\nexport AWS_SECRET_ACCESS_KEY=SOME_KEY\n./attess.py surface us-east-1\n['18.208.212.174']\n```\n\n\n\n# Test\n```bash\npython3 -W ignore:ImportWarning -m unittest discover -s tests/ -p test_surface.py\npython3 -W ignore:ImportWarning -m unittest discover -s tests/ -p test_surface.py -k test_reservations\n```\n\n# Credits\nAscii (ANSI Shadow) art generated using patorjk.com","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdhammon%2Fattess","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdhammon%2Fattess","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdhammon%2Fattess/lists"}