https://github.com/wakeful/trick

Tactician of Role-Interchanging Cloud Keys (Effortless AWS persistence via AssumeRole).
https://github.com/wakeful/trick

aws penetration-testing readteam red red-team redteam-tools security security-automation security-tools

Last synced: 17 days ago
JSON representation

Tactician of Role-Interchanging Cloud Keys (Effortless AWS persistence via AssumeRole).

• Host: GitHub
• URL: https://github.com/wakeful/trick
• Owner: wakeful
• License: bsd-3-clause
• Created: 2025-04-02T08:52:29.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2026-03-04T06:39:43.000Z (3 months ago)
• Last Synced: 2026-03-04T12:54:44.604Z (3 months ago)
• Topics: aws, penetration-testing, readteam, red, red-team, redteam-tools, security, security-automation, security-tools
• Language: Go
• Homepage:
• Size: 1.03 MB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# trick

> **Tactician of Role-Interchanging Cloud Keys** (Effortless AWS persistence via AssumeRole).

> [!NOTE]

> This tool keeps persistence in AWS. It does this by using a pool of AWS IAM roles for AssumeRole operations, set up

> like a ring buffer.

```shell

$ trick -h

Usage of trick

  -config string

        path to config file

  -refresh int

        refresh IAM every n minutes (default 12)

  -region string

        AWS region used for IAM communication (default "eu-west-1")

  -role value

        AWS role to assume (can be specified multiple times)

  -ui

        starts role visualization on port 8742

  -use value

        AWS role with meaningful permissions (can be specified multiple times)

  -verbose

        verbose log output

  -version

        show version

```

### Installation

#### From source

```shell

# via the Go toolchain

go install github.com/wakeful/trick

```

#### Using a binary release

You can download a pre-built binary from the [release page](https://github.com/wakeful/trick/releases/latest) and add it

to your user PATH.

> [!IMPORTANT]

> The `trick-jump-credentials` profile will be updated with new credentials.

> [!WARNING]

> The new credentials need the AWS CLI to be written correctly.

### Simple scenario

```shell

trick -role arn::42::role-a -role arn::42::role-b -role arn::42::role-c

```

config file version

```shell

trick -config path/to/config.hcl

```

```hcl

select_profile = profile.simple

# -region eu-west-1 \

# -role arn::42::role-a -role arn::42::role-b -role arn::42::role-c

profile "simple" {

  chain {

    use {

      arn = "arn::42::role-a"

    }

    use {

      arn = "arn::42::role-b"

    }

    use {

      arn = "arn::42::role-c"

    }

  }

}

```

```mermaid

stateDiagram

    rA: role A

    rB: role B

    rC: role C

    [*] --> rA

    rA --> rB: wait 12min and jump

    rB --> rC: wait 12min and jump

    rC --> rA: wait 12min and jump

```

### Complex scenario

> [!TIP]

> Sometimes only a few roles in the chain have useful permissions. Instead of waiting for the next jump, we can pick the

> roles that matter to us.

```shell

trick -region eu-west-1 -refresh 12 \

      -role arn::42::role-a -role arn::42::role-b \

      -role arn::42::role-c -role arn::42::role-d \

      -use  arn::42::role-a -use  arn::42::role-d

```

config file version

```shell

trick -config path/to/config.hcl

```

```hcl

# -region eu-west-1 -refresh 12 \

# -role arn::42::role-a -role arn::42::role-b \

# -role arn::42::role-c -role arn::42::role-d \

# -use  arn::42::role-a -use  arn::42::role-d

profile "complex" {

  region = "eu-west-1"

  chain {

    ttl = 12

    use {

      arn  = "arn::42::role-a"

      skip = false # Defaults to false; you can skip it.

    }

    use {

      arn  = "arn::42::role-b"

      skip = true

    }

    use {

      arn  = "arn::42::role-c"

      skip = true

    }

    use {

      arn = "arn::42::role-d"

    }

  }

}

```

```mermaid

stateDiagram

    rA: role A

    rB: role B

    rC: role C

    rD: role D

    [*] --> rA

    rA --> rB: wait 12min and jump

    rB --> rC: B lacks permission so we jump to C

    rC --> rD: C lacks permission so we jump to D

    rD --> rA: wait 12min and jump

```

### UI Visualization

The `-ui` flag starts a local web server that visualizes the role chain as an interactive diagram:

```shell

trick -ui -role arn::42::role-a -role arn::42::role-b -role arn::42::role-c

```

Once started, open your browser to `http://127.0.0.1:8742` to see the role chain visualization.

## Acknowledgments

This project would not be possible without the excellent work of:

- **[HCL (HashiCorp Configuration Language)](https://github.com/hashicorp/hcl)** - A powerful and flexible configuration language that makes `trick`'s configuration files intuitive and easy to work with.

- **[Mermaid.js](https://github.com/mermaid-js/mermaid)** - The amazing diagramming and charting tool that powers our role chain visualizations.