Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  1. OFFENSIVE SECURITY
  2. Web Application
  3. Exploitation
  4. Authentication

AWS Cognito

How to exploit AWS Cognito.

PreviousEmail Address FormsNextJSON Web Tokens

Last updated 11 months ago

AWS Cognito Scanner

AWS Cognito may be vulnerable in various ways. Often, user registration is permitted where a web application may not present user registration functionality. The following tool will help find these flaws:

cognito-scanner account-creation --region=eu-west-3 --user_attributes=mymail@mail.com --client_id=pucXBthcyRvzwqj0WXG28DQeav --username='cognito_user' --password='R4nd0mP4$$word'

https://github.com/padok-team/cognito-scanner