Cognito Scanner

CLI tool to pentest Cognito AWS instance. It implements three attacks: unwanted account creation, account oracle and identity pool escalation
Cognito Scanner logo

Cognito Scanner

A simple script that implements different Cognito attacks such as Account Oracle or Priv3.


Features

  • Implements various Cognito attacks
  • Supports multiple attack vectors
  • User-friendly interface for easy configuration and execution

Usage

  1. Configure the tool by providing your AWS access key ID, secret access key, and session token.
  2. Choose the desired attack vector (e.g., Account Oracle or Priv3).
  3. Set any additional parameters required for the chosen attack vector.
  4. Run the script to execute the selected attack.

Output

The output will be in JSON format, providing details about the attacks executed and their results.


License

Apache 2.0

This tool is released under the Apache 2.0 license.





> Visit Cognito Scanner Website <
Best Search
Popular Tags