{"id":27351904,"url":"https://github.com/wakeful/trick","last_synced_at":"2026-05-15T18:34:42.608Z","repository":{"id":286091072,"uuid":"959090258","full_name":"wakeful/trick","owner":"wakeful","description":"Tactician of Role-Interchanging Cloud Keys (Effortless AWS persistence via AssumeRole).","archived":false,"fork":false,"pushed_at":"2026-03-04T06:39:43.000Z","size":1085,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-04T12:54:44.604Z","etag":null,"topics":["aws","penetration-testing","readteam","red","red-team","redteam-tools","security","security-automation","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wakeful.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-02T08:52:29.000Z","updated_at":"2026-03-04T06:38:15.000Z","dependencies_parsed_at":"2025-04-04T09:51:37.404Z","dependency_job_id":"e8c38739-e61c-4997-acdf-783546114d64","html_url":"https://github.com/wakeful/trick","commit_stats":null,"previous_names":["wakeful/trick"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/wakeful/trick","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wakeful%2Ftrick","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wakeful%2Ftrick/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wakeful%2Ftrick/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wakeful%2Ftrick/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wakeful","download_url":"https://codeload.github.com/wakeful/trick/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wakeful%2Ftrick/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33074871,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T11:35:32.926Z","status":"ssl_error","status_checked_at":"2026-05-15T11:35:31.362Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","penetration-testing","readteam","red","red-team","redteam-tools","security","security-automation","security-tools"],"created_at":"2025-04-12T20:54:06.007Z","updated_at":"2026-05-15T18:34:42.603Z","avatar_url":"https://github.com/wakeful.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# trick\n\n\u003e **Tactician of Role-Interchanging Cloud Keys** (Effortless AWS persistence via AssumeRole).\n\n\u003e [!NOTE]\n\u003e This tool keeps persistence in AWS. It does this by using a pool of AWS IAM roles for AssumeRole operations, set up\n\u003e like a ring buffer.\n\n```shell\n$ trick -h\nUsage of trick\n -config string\n path to config file\n -refresh int\n refresh IAM every n minutes (default 12)\n -region string\n AWS region used for IAM communication (default \"eu-west-1\")\n -role value\n AWS role to assume (can be specified multiple times)\n -ui\n starts role visualization on port 8742\n -use value\n AWS role with meaningful permissions (can be specified multiple times)\n -verbose\n verbose log output\n -version\n show version\n```\n\n### Installation\n\n#### From source\n\n```shell\n# via the Go toolchain\ngo install github.com/wakeful/trick\n```\n\n#### Using a binary release\n\nYou can download a pre-built binary from the [release page](https://github.com/wakeful/trick/releases/latest) and add it\nto your user PATH.\n\n\n\u003e [!IMPORTANT]\n\u003e The `trick-jump-credentials` profile will be updated with new credentials.\n\n\u003e [!WARNING]\n\u003e The new credentials need the AWS CLI to be written correctly.\n\n### Simple scenario\n\n```shell\ntrick -role arn::42::role-a -role arn::42::role-b -role arn::42::role-c\n```\n\n\u003cdetails\u003e\n\u003csummary\u003econfig file version\u003c/summary\u003e\n\n```shell\ntrick -config path/to/config.hcl\n```\n\n```hcl\nselect_profile = profile.simple\n\n# -region eu-west-1 \\\n# -role arn::42::role-a -role arn::42::role-b -role arn::42::role-c\nprofile \"simple\" {\n chain {\n use {\n arn = \"arn::42::role-a\"\n }\n\n use {\n arn = \"arn::42::role-b\"\n }\n\n use {\n arn = \"arn::42::role-c\"\n }\n }\n}\n```\n\n\u003c/details\u003e\n\n```mermaid\nstateDiagram\n rA: role A\n rB: role B\n rC: role C\n [*] --\u003e rA\n rA --\u003e rB: wait 12min and jump\n rB --\u003e rC: wait 12min and jump\n rC --\u003e rA: wait 12min and jump\n```\n\n### Complex scenario\n\n\u003e [!TIP]\n\u003e Sometimes only a few roles in the chain have useful permissions. Instead of waiting for the next jump, we can pick the\n\u003e roles that matter to us.\n\n```shell\ntrick -region eu-west-1 -refresh 12 \\\n -role arn::42::role-a -role arn::42::role-b \\\n -role arn::42::role-c -role arn::42::role-d \\\n -use arn::42::role-a -use arn::42::role-d\n```\n\n\u003cdetails\u003e\n\u003csummary\u003econfig file version\u003c/summary\u003e\n\n```shell\ntrick -config path/to/config.hcl\n```\n\n```hcl\n# -region eu-west-1 -refresh 12 \\\n# -role arn::42::role-a -role arn::42::role-b \\\n# -role arn::42::role-c -role arn::42::role-d \\\n# -use arn::42::role-a -use arn::42::role-d\nprofile \"complex\" {\n region = \"eu-west-1\"\n\n chain {\n ttl = 12\n\n use {\n arn = \"arn::42::role-a\"\n skip = false # Defaults to false; you can skip it.\n }\n\n use {\n arn = \"arn::42::role-b\"\n skip = true\n }\n\n use {\n arn = \"arn::42::role-c\"\n skip = true\n }\n\n use {\n arn = \"arn::42::role-d\"\n }\n }\n}\n```\n\n\u003c/details\u003e\n\n```mermaid\nstateDiagram\n rA: role A\n rB: role B\n rC: role C\n rD: role D\n [*] --\u003e rA\n rA --\u003e rB: wait 12min and jump\n rB --\u003e rC: B lacks permission so we jump to C\n rC --\u003e rD: C lacks permission so we jump to D\n rD --\u003e rA: wait 12min and jump\n```\n\n\n### UI Visualization\n\nThe `-ui` flag starts a local web server that visualizes the role chain as an interactive diagram:\n\n```shell\ntrick -ui -role arn::42::role-a -role arn::42::role-b -role arn::42::role-c\n```\nOnce started, open your browser to `http://127.0.0.1:8742` to see the role chain visualization.\n\n## Acknowledgments\n\nThis project would not be possible without the excellent work of:\n\n- **[HCL (HashiCorp Configuration Language)](https://github.com/hashicorp/hcl)** - A powerful and flexible configuration language that makes `trick`'s configuration files intuitive and easy to work with.\n\n- **[Mermaid.js](https://github.com/mermaid-js/mermaid)** - The amazing diagramming and charting tool that powers our role chain visualizations.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwakeful%2Ftrick","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwakeful%2Ftrick","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwakeful%2Ftrick/lists"}