methodaws provides security operators with a number of data-rich AWS enumeration capabilities to help them gain visibility into their AWS environments. Designed with data-modeling and data-integration needs in mind, methodaws can be used on its own as an interactive CLI, orchestrated as part of a broader data pipeline, or leveraged from within the Method Platform.
The number of security-relevant AWS resources that methodaws can enumerate are constantly growing. For the most up to date listing, please see the documentation here
To learn more about methodaws, please see the Documentation site for the most detailed information.
For the full list of available installation options, please see the Installation page. For convenience, here are some of the most commonly used options:
docker run methodsecurity/methodawsdocker run ghcr.io/method-security/methodaws:0.0.1- Download the latest binary from the Github Releases page
- Installation documentation
methodaws is built using the AWS Go SDK and leverages the same AWS Credentials that are used by the AWS CLI. Specifically, it looks for the proper environment variables to be exported with credential information. For more information, please see the AWS documentation on how to export AWS credentials as environment variables.
methodaws <resource> enumerate --regions <AWS Region># Enumerate S3 buckets in a specific region
methodaws s3 enumerate --regions us-east-1
# Enumerate EC2 instances in a specific region
methodaws ec2 enumerate --regions us-east-1
# Enumerate API Gateway resources in multiple regions
methodaws api-gateway enumerate --regions us-east-1 --regions us-west-2
# Enumerate Lambda functions in all regions (default)
methodaws lambda enumerate
# Get current AWS caller identity
methodaws sts arn --regions us-east-1
# Generate EKS credentials for a cluster
methodaws eks creds --regions us-east-1 --name my-cluster
# List objects in a specific S3 bucket
methodaws s3 list --regions us-east-1 --name my-bucketmethodaws supports enumeration and management of the following AWS resources:
| Resource | Commands | Description |
|---|---|---|
api-gateway (alias: agw) |
enumerate |
API Gateway REST and HTTP APIs |
| cloudfront | enumerate |
CloudFront distributions |
| ec2 | enumerate |
EC2 instances |
| eks | enumerate, creds |
EKS clusters and Kubernetes credentials |
| iam | enumerate |
IAM users, roles, and policies |
| lambda | enumerate |
Lambda functions |
| load-balancer | enumerate |
Application and Network Load Balancers |
| rds | enumerate |
RDS database instances |
| route53 | enumerate |
Route53 DNS records |
| s3 | enumerate, list, external |
S3 buckets and objects |
| security-group | enumerate |
EC2 security groups |
| sts | arn |
AWS Security Token Service |
| vpc | enumerate |
Virtual Private Clouds |
| waf | enumerate |
Web Application Firewalls |
Interested in contributing to methodaws? Please see our Contribution page.
If you're looking for an easy way to tie methodaws into your broader cybersecurity workflows, or want to leverage some autonomy to improve your overall security posture, you'll love the broader Method Platform.
For more information, see [https://method.security]
methodaws is a Method Security open source project.
Learn more about Method's open source source work by checking out our other projects here.
Have an idea for a Tool to contribute? Open a Discussion here.