{"id":10133,"date":"2020-04-06T09:21:19","date_gmt":"2020-04-06T03:51:19","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=10133"},"modified":"2020-04-06T09:21:19","modified_gmt":"2020-04-06T03:51:19","slug":"awspx","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/awspx\/","title":{"rendered":"AWSPX : A Graph-Based Tool For Visualizing Effective Access"},"content":{"rendered":"\n<p><strong>AWSPX<\/strong> is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine <em>what<\/em> actions affect <em>which<\/em> resources, while taking into account how these actions may be combined to produce attack paths. <\/p>\n\n\n\n<p>Unlike tools like Bloodhound, awspx requires permissions to function. It is not expected to be useful in cases where these privileges have not been granted.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Quick Start<\/strong><\/p>\n\n\n\n<p>Install (see installation), load the sample database, and search for attacks:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx db &#8211;load-zip sample.zip <br>awspx attacks <\/strong><\/p>\n\n\n\n<p>OR run it against an environment of your own (attack information is included by default in this case):<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx ingest <\/strong><\/p>\n\n\n\n<p>Browse to localhost and see what you can find!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-wka1szDFbdU\/XojBqV_BEdI\/AAAAAAAAF0M\/DXVlE8MEDNYOh8NqV5lcV756ehm_1-BjQCLcBGAsYHQ\/s1600\/awspx-1.gif\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Installation<\/strong><\/p>\n\n\n\n<p>awspx requires Docker.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>git clone git@github.com:FSecureLABS\/awspx.git <br>cd awspx &amp;&amp; .\/INSTALL  <\/strong><\/p>\n\n\n\n<p><strong>If it doesn&#8217;t work out of the box, here are some things to check:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The docker container runs a Neo4j database that will forward TCP ports 7687, 7373 and 7474 to these same ports on localhost. If an existing Neo4j installation is present (e.g. BloodHound) <code><strong>awspx<\/strong><\/code> will fail. You will need to disable this service before continuing. Alternatively, you can modify network mappings yourself by editing <code><strong>INSTALL<\/strong><\/code>.<\/li><li>The docker container also forwards to TCP port 80, resulting in similar issues.<\/li><li>SELinux may prevent the docker container from doing everything it needs to. If you are running SELinux (props) and encounter issues, check SELinux.<\/li><li>Docker makes changes to iptables. You may need to adjust your iptables configuration to get awspx to work.<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>AWS Permissions<\/strong><\/p>\n\n\n\n<p>The following AWS-managed policies can be used.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><code><strong>SecurityAudit<\/strong><\/code> will allow you to ingest everything except S3 objects.<\/li><li>Add <code><strong>ReadOnlyAccess<\/strong><\/code> to also ingest S3 objects (warning: this can be very slow).<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-text-align-center has-very-dark-gray-color has-light-green-cyan-background-color\"><strong>Data Collection<\/strong><\/p>\n\n\n\n<p>Once awspx has been installed, you can create a profile by running <code><strong>awspx profile --create my-account<\/strong><\/code>, or invoke the ingestor by running <code><strong>awspx ingest<\/strong><\/code> on the command line. By default the ingestor will utilise a profile called <em>default<\/em> unless you specify something else using <code><strong>--profile<\/strong><\/code>:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx ingest &#8211;profile my-other-account <\/strong><\/p>\n\n\n\n<p>If the profile <em>my-other-account<\/em> does not exist, you will prompted to enter a AWS access key ID and secret for it. You will also be prompted an output format, which you can ignore, and a region which is not important for IAM but required for other services. You can also create a profile this without ingesting any data by using <code><strong>awspx profile<\/strong><\/code>:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx profile &#8211;create work <\/strong><\/p>\n\n\n\n<p>Further commands and arguments are provided for tweaking ingestion and attack path computation, and for managing AWS profiles and Neo4j databases. Run <code><strong>awspx -h<\/strong><\/code> and <strong><code>awspx {profile|ingest|attacks|db} -h<\/code> to <\/strong>learn more.<\/p>\n\n\n\n<p><strong>Supported services:<\/strong> IAM, EC2, S3, Lambda<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Examples<\/strong><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx ingest &#8211;profile my-account &#8211;services S3 <\/strong><\/p>\n\n\n\n<p>The ingestor will pull only S3 data using the <code><strong>my-account<\/strong><\/code> profile and store it in a database named <code><strong>my-account.db<\/strong><\/code>. Resource based policies (and Bucket ACLs in this case) will be processed automatically. Identify based policies will be ignored since IAM has been omitted from this list of services.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx ingest &#8211;profile my-account &#8211;services IAM EC2 &#8211;database db-for-ec2 <\/strong><\/p>\n\n\n\n<p>The ingestor will pull only IAM and EC2 data, using the <code><strong>my-account<\/strong><\/code> profile, and store it in a database named <code><strong>db-for-ec2.db<\/strong><\/code>. Since IAM includes Identity based policies and assume role policy documents, this infromation will be included in <code><strong>db-for-ec2.db<\/strong><\/code><\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx ingest &#8211;profile my-account \\    <br>            &#8211;except-types AWS::S3::Object \\    <br>            &#8211;except-arns arn:aws:s3:::broken-bucket arn:aws:ec2:eu-west-1:123456789012:instance\/i-1234<\/strong> <\/p>\n\n\n\n<p>awspx will pull data for all supported services using the <code><strong>my-account<\/strong><\/code> profile but will not attempt to load S3 objects. It will also skip the bucket named <code><strong>broken-bucket<\/strong><\/code> and the EC2 instance named <code><strong>i-1234<\/strong><\/code>. A full list of recognised resource types can be found in <code><strong>lib\/aws\/resources.py<\/strong><\/code>.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx ingest &#8211;profile my-account &#8211;skip-attacks <\/strong><\/p>\n\n\n\n<p>awspx will pull data for all supported services using the <code><strong>my-account<\/strong><\/code> profile but will not compute attacks. This can be useful for large environments. Attacks can be computed separately later on by running <code><strong>awspx attacks<\/strong><\/code>.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx attacks &#8211;only-attacks AssumeRole CreateGroup <\/strong><\/p>\n\n\n\n<p>Using the current database, awspx will only compute only the Assume Role and Create Group attacks.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx db &#8211;load-zip sample.zip <\/strong><\/p>\n\n\n\n<p>awspx will create a new database named <code><strong>sample<\/strong><\/code> from sample ZIP file. Files must be placed in <code><strong>\/opt\/awspx\/data<\/strong><\/code> so that they can be accessed by the docker container. Note that attack information is not included with zip data. To include this information <code><strong>awspx attacks<\/strong><\/code> must be run after a zip has been loaded.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>awspx db &#8211;use my-other-account <\/strong><\/p>\n\n\n\n<p>awspx will switch the database to <code><strong>my-other-account<\/strong><\/code>. You will need to refresh your browser to see the changes.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Using the frontend<\/strong><\/p>\n\n\n\n<p>Once you&#8217;ve loaded a database (hint: load the sample data by running <code><strong>awspx db --load-zip sample.zip<\/strong><\/code>) you can explore it by visiting localhost in your browser.<\/p>\n\n\n\n<p>To get started, find a Resource (or Action) you&#8217;re interested in and see where the path takes you (right click on Resources to bring up the context menu, left click to see its properties).<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Action Colors<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Action Effect color palette:<\/strong><ul><li><strong>Allow:<\/strong> Green edges<\/li><li><strong>Deny:<\/strong> Red edges<\/li><li><strong>Conditional:<\/strong> Dashed edges<\/li><\/ul><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Action Access Type color palette:<\/strong><ul><li><strong>List:<\/strong> Yellow<\/li><li><strong>Read:<\/strong> Pink<\/li><li><strong>Write:<\/strong> Indigo<\/li><li><strong>Tagging:<\/strong> Teal<\/li><li><strong>Permissions Management:<\/strong> Purple<\/li><\/ul><\/li><\/ul>\n\n\n\n<p>Actions are represented visually using a linear gradient comprised of the Effect and Access colors (in that order). Conditional attacks are presented using a dotted line.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Shortcut Keys<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">Key<\/th><th class=\"has-text-align-center\" data-align=\"center\">Action<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">Alt + Enter<\/td><td class=\"has-text-align-center\" data-align=\"center\">Rerun Layout<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Tab<\/td><td class=\"has-text-align-center\" data-align=\"center\">Switch between Actions and Resources search view<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Ctrl + Drag<\/td><td class=\"has-text-align-center\" data-align=\"center\">Box select<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Ctrl + Left Click<\/td><td class=\"has-text-align-center\" data-align=\"center\">toggle selection<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Delete<\/td><td class=\"has-text-align-center\" data-align=\"center\">Remove selected nodes<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Escape<\/td><td class=\"has-text-align-center\" data-align=\"center\">Close properties<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Ctrl + C<\/td><td class=\"has-text-align-center\" data-align=\"center\">Copy selection properties (JSON)<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Ctrl + A<\/td><td class=\"has-text-align-center\" data-align=\"center\">Select all<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Ctrl + S<\/td><td class=\"has-text-align-center\" data-align=\"center\">Open search bar<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div class=\"wp-block-buttons aligncenter is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/FSecureLABS\/awspx\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which resources, while taking into account how these actions may be combined to produce attack paths. Unlike tools like Bloodhound, awspx requires permissions to function. It is not expected to be useful [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16215,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","fifu_image_alt":"AWSPX : A Graph-Based Tool For Visualizing Effective Access","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[311],"class_list":["post-10133","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-awspx"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AWSPX : A Graph-Based Tool For Visualizing Effective Access<\/title>\n<meta name=\"description\" content=\"AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/awspx\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AWSPX : A Graph-Based Tool For Visualizing Effective Access\" \/>\n<meta property=\"og:description\" content=\"AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/awspx\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-06T03:51:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"AWSPX : A Graph-Based Tool For Visualizing Effective Access\",\"datePublished\":\"2020-04-06T03:51:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/\"},\"wordCount\":886,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png\",\"keywords\":[\"AWSPX\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/awspx\/\",\"name\":\"AWSPX : A Graph-Based Tool For Visualizing Effective Access\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png\",\"datePublished\":\"2020-04-06T03:51:19+00:00\",\"description\":\"AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/awspx\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AWSPX : A Graph-Based Tool For Visualizing Effective Access","description":"AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/awspx\/","og_locale":"en_US","og_type":"article","og_title":"AWSPX : A Graph-Based Tool For Visualizing Effective Access","og_description":"AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine","og_url":"https:\/\/kalilinuxtutorials.com\/awspx\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-04-06T03:51:19+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/awspx\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/awspx\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"AWSPX : A Graph-Based Tool For Visualizing Effective Access","datePublished":"2020-04-06T03:51:19+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/awspx\/"},"wordCount":886,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","keywords":["AWSPX"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/awspx\/","url":"https:\/\/kalilinuxtutorials.com\/awspx\/","name":"AWSPX : A Graph-Based Tool For Visualizing Effective Access","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","datePublished":"2020-04-06T03:51:19+00:00","description":"AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/awspx\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/awspx\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-Lkxu70IOhz0\/XojBEjQQGvI\/AAAAAAAAF0E\/WSHSlgiEgtc6yIfdiSMUNbZt2SvG2bEhACLcBGAsYHQ\/s1600\/awspx-svg.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":10251,"url":"https:\/\/kalilinuxtutorials.com\/dnsteal\/","url_meta":{"origin":10133,"position":0},"title":"DNSteal : DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests","author":"R K","date":"April 13, 2020","format":false,"excerpt":"DNSteal is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple filesGzip compression supportedNow supports the customisation of subdomains and\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10166,"url":"https:\/\/kalilinuxtutorials.com\/tweetshell\/","url_meta":{"origin":10133,"position":1},"title":"TweetShell : Multi-Thread Twitter BruteForcer In Shell Script","author":"R K","date":"April 9, 2020","format":false,"excerpt":"Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords\/min using 20 threads. Multi-thread Twitter BruteForcer in Shell Script. Features Multi-thread (400 pass\/min, 20 threads)Save\/Resume sessionsAnonymous attack\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10162,"url":"https:\/\/kalilinuxtutorials.com\/jackdaw\/","url_meta":{"origin":10133,"position":2},"title":"Jackdaw : Gather Gather Gather","author":"R K","date":"April 8, 2020","format":false,"excerpt":"Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6487,"url":"https:\/\/kalilinuxtutorials.com\/lmyn-lets-map-your-network\/","url_meta":{"origin":10133,"position":3},"title":"LMYN : Lets Map Your Network To Visualise Your Physical Network","author":"R K","date":"September 13, 2019","format":false,"excerpt":"LMYN or Lets Map Your Network enables you to visualise your physical network in form of graph with zero manual error. It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a \u2018true\u2019 understanding of a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":31784,"url":"https:\/\/kalilinuxtutorials.com\/falconhound\/","url_meta":{"origin":10133,"position":4},"title":"FalconHound &#8211; Empowering Blue Teams With Automated BloodHound Integration","author":"Varshini","date":"January 22, 2024","format":false,"excerpt":"FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJEnm2u1I499eBVjA7J0j3RKdTMtcD2VNtds1h38yAwJOOCoWmUfbS2MhEACX78XzXg7zVkQ67324hnvxKppLO9DBn7RECOiuIXYQXymSgZGcRi0CNVj6fM-xZVzZ_IUZoAze-LTo88i0VZ_nkKNfhCWxghj8lCzgiQm30c_VvYE-2QT5nhAjN6qrBvC8S\/s16000\/Untitled%20design%20%283%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJEnm2u1I499eBVjA7J0j3RKdTMtcD2VNtds1h38yAwJOOCoWmUfbS2MhEACX78XzXg7zVkQ67324hnvxKppLO9DBn7RECOiuIXYQXymSgZGcRi0CNVj6fM-xZVzZ_IUZoAze-LTo88i0VZ_nkKNfhCWxghj8lCzgiQm30c_VvYE-2QT5nhAjN6qrBvC8S\/s16000\/Untitled%20design%20%283%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJEnm2u1I499eBVjA7J0j3RKdTMtcD2VNtds1h38yAwJOOCoWmUfbS2MhEACX78XzXg7zVkQ67324hnvxKppLO9DBn7RECOiuIXYQXymSgZGcRi0CNVj6fM-xZVzZ_IUZoAze-LTo88i0VZ_nkKNfhCWxghj8lCzgiQm30c_VvYE-2QT5nhAjN6qrBvC8S\/s16000\/Untitled%20design%20%283%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJEnm2u1I499eBVjA7J0j3RKdTMtcD2VNtds1h38yAwJOOCoWmUfbS2MhEACX78XzXg7zVkQ67324hnvxKppLO9DBn7RECOiuIXYQXymSgZGcRi0CNVj6fM-xZVzZ_IUZoAze-LTo88i0VZ_nkKNfhCWxghj8lCzgiQm30c_VvYE-2QT5nhAjN6qrBvC8S\/s16000\/Untitled%20design%20%283%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJEnm2u1I499eBVjA7J0j3RKdTMtcD2VNtds1h38yAwJOOCoWmUfbS2MhEACX78XzXg7zVkQ67324hnvxKppLO9DBn7RECOiuIXYQXymSgZGcRi0CNVj6fM-xZVzZ_IUZoAze-LTo88i0VZ_nkKNfhCWxghj8lCzgiQm30c_VvYE-2QT5nhAjN6qrBvC8S\/s16000\/Untitled%20design%20%283%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJEnm2u1I499eBVjA7J0j3RKdTMtcD2VNtds1h38yAwJOOCoWmUfbS2MhEACX78XzXg7zVkQ67324hnvxKppLO9DBn7RECOiuIXYQXymSgZGcRi0CNVj6fM-xZVzZ_IUZoAze-LTo88i0VZ_nkKNfhCWxghj8lCzgiQm30c_VvYE-2QT5nhAjN6qrBvC8S\/s16000\/Untitled%20design%20%283%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":34386,"url":"https:\/\/kalilinuxtutorials.com\/project-apeman\/","url_meta":{"origin":10133,"position":5},"title":"Project Apeman : A Comprehensive Guide To Graph-Based AWS Security Analysis","author":"Varshini","date":"August 12, 2024","format":false,"excerpt":"Project Apeman is an advanced tool for security professionals, designed to streamline the analysis of AWS environments using a graph-based approach. This guide offers detailed instructions on setting up and deploying Project Apeman, including system requirements, installation steps, and data ingestion. Get ready to enhance your security posture with this\u2026","rel":"","context":"In &quot;Pentesting Tools&quot;","block_context":{"text":"Pentesting Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/penetration-testing-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ2-L47Qnxp5N9Ke_kP3_6ORtdVXRiV46mI5Qb1HSOgGJNIDsjkKQRo-a_DRSi3itPK25u2j7IY13IG7QjAFzVll7BCjuiTiIY1h2MjPObBIXviFdWGxs5kLsJ72hGYtuY2x74DISN-XP6h4GcwsCqke6u2Lvy-dFzvK1pcVC4JpERivcxiyM_FbaH0pDn\/s16000\/Project%20Apeman.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ2-L47Qnxp5N9Ke_kP3_6ORtdVXRiV46mI5Qb1HSOgGJNIDsjkKQRo-a_DRSi3itPK25u2j7IY13IG7QjAFzVll7BCjuiTiIY1h2MjPObBIXviFdWGxs5kLsJ72hGYtuY2x74DISN-XP6h4GcwsCqke6u2Lvy-dFzvK1pcVC4JpERivcxiyM_FbaH0pDn\/s16000\/Project%20Apeman.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ2-L47Qnxp5N9Ke_kP3_6ORtdVXRiV46mI5Qb1HSOgGJNIDsjkKQRo-a_DRSi3itPK25u2j7IY13IG7QjAFzVll7BCjuiTiIY1h2MjPObBIXviFdWGxs5kLsJ72hGYtuY2x74DISN-XP6h4GcwsCqke6u2Lvy-dFzvK1pcVC4JpERivcxiyM_FbaH0pDn\/s16000\/Project%20Apeman.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ2-L47Qnxp5N9Ke_kP3_6ORtdVXRiV46mI5Qb1HSOgGJNIDsjkKQRo-a_DRSi3itPK25u2j7IY13IG7QjAFzVll7BCjuiTiIY1h2MjPObBIXviFdWGxs5kLsJ72hGYtuY2x74DISN-XP6h4GcwsCqke6u2Lvy-dFzvK1pcVC4JpERivcxiyM_FbaH0pDn\/s16000\/Project%20Apeman.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ2-L47Qnxp5N9Ke_kP3_6ORtdVXRiV46mI5Qb1HSOgGJNIDsjkKQRo-a_DRSi3itPK25u2j7IY13IG7QjAFzVll7BCjuiTiIY1h2MjPObBIXviFdWGxs5kLsJ72hGYtuY2x74DISN-XP6h4GcwsCqke6u2Lvy-dFzvK1pcVC4JpERivcxiyM_FbaH0pDn\/s16000\/Project%20Apeman.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ2-L47Qnxp5N9Ke_kP3_6ORtdVXRiV46mI5Qb1HSOgGJNIDsjkKQRo-a_DRSi3itPK25u2j7IY13IG7QjAFzVll7BCjuiTiIY1h2MjPObBIXviFdWGxs5kLsJ72hGYtuY2x74DISN-XP6h4GcwsCqke6u2Lvy-dFzvK1pcVC4JpERivcxiyM_FbaH0pDn\/s16000\/Project%20Apeman.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10133","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=10133"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10133\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16215"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=10133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=10133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=10133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}