Merge pull request #22 from cfpadok/develop

feat: add new tool for cognito aws pentesting

pentesting-cloud/aws-security/aws-privilege-escalation/aws-cognito-privesc.md

@@ -20,6 +20,24 @@ For more info about Cognito check:
 [aws-cognito-enum](../aws-services/aws-cognito-enum/)
 {% endcontent-ref %}
 
+### Tool for pentesting
+
+[Cognito Scanner](https://github.com/padok-team/cognito-scanner) is a CLI tool in python that implements different attacks on Cognito including a privesc escalation.
+
+#### Installation
+
+```bash
+$ pip install cognito-scanner
+```
+
+#### Usage
+
+```bash
+$ cognito-scanner --help
+```
+
+For more information check https://github.com/padok-team/cognito-scanner
+
 ### Gathering credentials from Identity Pool
 
 As Cognito can grant **IAM role credentials** to both **authenticated** an **unauthenticated** **users**, if you locate the **Identity Pool ID** of an application (should be hardcoded on it) you can obtain new credentials and therefore privesc (inside an AWS account where you probably didn't even have any credential previously).

pentesting-cloud/aws-security/aws-services/aws-cognito-enum/README.md

@@ -34,6 +34,24 @@ The learn what is a **Cognito Identity Pool check**:
 [cognito-identity-pools.md](cognito-identity-pools.md)
 {% endcontent-ref %}
 
+## Tool for pentesting
+
+[Cognito Scanner](https://github.com/padok-team/cognito-scanner) is a CLI tool in python that implements different attacks on Cognito including account enumeration and privesc escalation.
+
+### Installation
+
+```bash
+$ pip install cognito-scanner
+```
+
+### Usage
+
+```bash
+$ cognito-scanner --help
+```
+
+For more information check https://github.com/padok-team/cognito-scanner
+
 ## Enumeration
 
 {% code overflow="wrap" %}

pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md

@@ -30,6 +30,24 @@ This is **useful to keep information of a user** (who will be always using the s
 
 Moreover, the service **cognito-sync** is the service that allow to **manage and syncronize this information** (in the datasets, sending info in streams and SNSs msgs...).
 
+### Tool for pentesting
+
+[Cognito Scanner](https://github.com/padok-team/cognito-scanner) is a CLI tool in python that implements different attacks on Cognito including unwanted account creation and identity pool escalation.
+
+#### Installation
+
+```bash
+$ pip install cognito-scanner
+```
+
+#### Usage
+
+```bash
+$ cognito-scanner --help
+```
+
+For more information check https://github.com/padok-team/cognito-scanner
+
 ## Accessing IAM Roles
 
 ### Unauthenticated

pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-user-pools.md

@@ -33,6 +33,24 @@ User pools provide:
 * **User enumeration**: The registration functionality can be used to find usernames that already exists. This information can be useful for the brute-force attack.
 * **Login brute-force**: In the [**Authentication**](cognito-user-pools.md#authentication) section you have all the **methods** that a user have to **login**, you could try to brute-force them **find valid credentials**.
 
+### Tool for pentesting
+
+[Cognito Scanner](https://github.com/padok-team/cognito-scanner) is a CLI tool in python that implements different attacks on Cognito including unwanted account creation and account oracle.
+
+#### Installation
+
+```bash
+$ pip install cognito-scanner
+```
+
+#### Usage
+
+```bash
+$ cognito-scanner --help
+```
+
+For more information check https://github.com/padok-team/cognito-scanner
+
 ## Registration
 
 User Pools allows by **default** to **register new users**.