Nebula - Cloud C2 Framework, which offers reconnaissance, enumeration, exploitation, post exploitation on AWS

Aug 3, 2021

Nebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or automation engines like Ansible, Terraform, Chef, etc.

Currently covers:

  • S3 Bucket name bruteforce
  • IAM, EC2, S3, STS and Lambda Enumeration
  • IAM, EC2, STS, and S3 exploitation
  • SSM Enumeration + Exploitation
  • Custom HTTP User-Agent
  • Enumerate Read Privileges (working on write privs)
  • Reverse Shell
  • No creds Reconnaisance

There are currently 67 modules covering:

  • Reconnaissance
  • Enumeration
  • Exploit
  • Cleanup
  • Reverse Shell



From Dockerhub

Clone the Nebula Repo from Github and pull Nebula Docker image:

git clone
docker pull gl4ssesbo1/nebula:latest

and then run through:

cd Nebula
docker run -v $(pwd):/app -ti gl4ssesbo1/nebula:latest

Remember to not forget -v option, because it allows files to be saved on the system even after removing the docker image.

Using DockerFile

Clone the Nebula Repo from Github and build Docker image locally:

git clone
docker build -t nebula .....

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023