DetentionDodger: Unmasking Leaked Credentials & Their Organizational Impact
DetentionDodger is a tool designed to find users whose credentials have been leaked/compromised and the impact they have on the target.
Install
Local Installation
To install, the only thing needed, is to install the required libraries.
git clone https://github.com/Permiso-io-tools/DetentionDodger.git
python3 -m venv ./venv
source venv/bin/activate
python3 -m pip install -r requirements.txt
Then, just run the tool by running detentiondodger.py:
Docker
A Dockerfile is placed inside the main directory of the project. To build the image, inside the main directory of the project run:
docker build -t detentiondodger .
Then run the container with directories output and ~/.aws mounted to host:
Use
Finding all quarantied Users
When no user is specified using -u flag, the tool will list all the users and find the ones that either have the Quarantine Policy Attached or attempted to have it attached, by looking at the CloudTrail Logs. Then it will list all the policies them and their groups have and check the privileges based on the scenarios found on the scenarios directory.
Checking specific user
A user can be specified using -u flag. In that case, the check for the Quarantine Policy will not be done and the user will be checked only for the Privileges it has.