Principal Mapper is a tool + library for analyzing and securing your AWS IAM configuration. It generates a model of your account and/or organization and uses it to give you a better idea of the effective permissions of your IAM Users and Roles. It has privilege escalation detection built-in and is hopefully written in a way that will let you extend it for your use-cases.
This v1.1.0 update covers more types of policies (resource policies, permission boundaries, session policies, SCPs), supports AWS Organizations, enables cross-account checks, and more!
[+] [-] ncc-erik|5 years ago|reply
Principal Mapper is a tool + library for analyzing and securing your AWS IAM configuration. It generates a model of your account and/or organization and uses it to give you a better idea of the effective permissions of your IAM Users and Roles. It has privilege escalation detection built-in and is hopefully written in a way that will let you extend it for your use-cases.
This v1.1.0 update covers more types of policies (resource policies, permission boundaries, session policies, SCPs), supports AWS Organizations, enables cross-account checks, and more!
https://github.com/nccgroup/PMapper
https://research.nccgroup.com/2021/03/29/tool-release-princi...
Happy to answer any questions you have here!