AWS Cognito

How to exploit AWS Cognito.

AWS Cognito Scanner

AWS Cognito may be vulnerable in various ways. Often, user registration is permitted where a web application may not present user registration functionality. The following tool will help find these flaws:

https://github.com/padok-team/cognito-scanner

cognito-scanner account-creation --region=eu-west-3 --user_attributes=mymail@mail.com --client_id=pucXBthcyRvzwqj0WXG28DQeav --username='cognito_user' --password='R4nd0mP4$$word'

PreviousEmail Address Forms NextJSON Web Tokens

Last updated 5 months ago