I watched an excellent DEF CON video on abusing public AWS Snapshots
I, in fact, needed to test this out. There are tens of hundreds of public snapshots within the numerous areas. The discuss outlines what you are able to do with these and Bishop Fox launched a instrument to do it https://github.com/BishopFox/dufflebag. I needed to script up just a few weirdAAL modules to 1) for an AWS keypair you might be testing test and see what snapshots you’ve gotten out there 2) for an AWS accountid listing public snapshots. Helpful for bug bounty or for monitoring your org for public snapshots. The account you might be utilizing will want a minimum of AmazonEC2ReadOnlyAccess privileges.
Screenshot of the 2nd operate under
 |
| itemizing snapshots for a random AWS accountid |
Should you simply wish to do it with the AWS CLI you need to use the next shell script: