Anthropic-Cybersecurity-Skills/skills/performing-cloud-penetration-testing-with-pacu/references/api-reference.md

API Reference: Performing Cloud Penetration Testing with Pacu

Pacu CLI Commands

Command	Description
pacu --new-session <name>	Create a new Pacu session
pacu --session <name> --module-name <module>	Run a specific module
pacu --session <name> --list-modules	List all available modules
pacu --session <name> --module-name <module> --module-args "<args>"	Run module with arguments

Pacu IAM Modules

Module	Description
iam__enum_users_roles_policies_groups	Full IAM enumeration
iam__privesc_scan	Scan for 21+ privilege escalation vectors
iam__backdoor_users_keys	Test ability to create access keys
iam__backdoor_assume_role	Test role assumption capabilities

Pacu Enumeration Modules

Module	Description
ec2__enum	Enumerate EC2 instances, security groups, and VPCs
s3__enum	Enumerate S3 buckets and check permissions
lambda__enum	Enumerate Lambda functions and configurations
secretsmanager__enum	Enumerate Secrets Manager secrets

boto3 Fallback Methods

Method	Description
sts.get_caller_identity()	Identify current credentials
iam.list_users()	Enumerate IAM users
iam.get_policy_version()	Analyze policy documents

Key Libraries

• pacu (pip install pacu): AWS exploitation framework by Rhino Security Labs
• boto3 (pip install boto3): AWS SDK for direct API enumeration fallback
• subprocess (stdlib): Execute Pacu modules as subprocesses

Configuration

Variable	Description
AWS_PROFILE	AWS CLI profile with test credentials
AWS_ACCESS_KEY_ID	Access key for Pacu session
AWS_SECRET_ACCESS_KEY	Secret key for Pacu session
AWS_DEFAULT_REGION	Default AWS region

Pacu Session Data

File	Description
~/.pacu/sessions/<name>/	Session directory with enumerated data
~/.pacu/sessions/<name>/downloads/	Downloaded files from modules

References

• Pacu GitHub
• Pacu Wiki
• Rhino Security: AWS Privilege Escalation
• AWS Penetration Testing Policy