Merge branch 'master' of github.com:carlospolop/hacktricks-cloud

HackTricks-wiki · Dec 23, 2023 · c9f5748 · c9f5748
2 parents ef4fff0 + 8aace0f
commit c9f5748
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/pentesting-cloud/aws-security/aws-services/aws-api-gateway-enum.md b/pentesting-cloud/aws-security/aws-services/aws-api-gateway-enum.md
@@ -44,6 +44,12 @@ By default, **CloudWatch Logs** are **off**, **Access Logging** is **off**, and
 
 ### Enumeration
 
+{% hint style="success" %}
+Note that in both AWS apis to enumerate resources (**`apigateway`** and **`apigatewayv2`**) the only permission you need and the only read permission grantable is **`apigateway:GET`**, with that you can **enumerate everything.**
+{% endhint %}
+
+{% tabs %}
+{% tab title="apigateway" %}
 ```bash
 # Generic info
 aws apigateway get-account
@@ -82,8 +88,16 @@ aws apigateway get-usage-plans #Get limit use info
 aws apigateway get-usage-plan-keys --usage-plan-id <plan_id> #Get clear text values of api keys
 aws apigateway get-usage-plan-key --usage-plan-id <plan_id> --key-id <key_id>
 ###Already consumed
-aws --profile myadmin --region eu-west-1 apigateway get-usage --usage-plan-id <plan_id> --start-date 2023-07-01 --end-date 2023-07-12
+aws apigateway get-usage --usage-plan-id <plan_id> --start-date 2023-07-01 --end-date 2023-07-12
+```
+{% endtab %}
+
+{% tab title="apigatewayv2" %}
+```bash
+## TODO
 ```
+{% endtab %}
+{% endtabs %}
 
 ## Different Authorizations to access API Gateway endpoints