
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
list-user-permissions-for-aws-idc
Advanced tools
List all users and their corresponding permission set within an AWS Identity Center instance. AWS Identity Center is the new name for AWS SSO.
This will iterate through all users, and determine their permission sets (either directly attached to the user, or via a Group).
As a pre-requisite, you will need Python 3.9 and above to run.
Run the following command to pip install the package:
pip install list-user-permissions-for-aws-idc
list-user-permissions-for-aws-idc
Ensure that the you run this in the account where AWS Identity Center (previously AWS SSO) instance is setup, and the in the correct region.
You may supply a region and aws profile if you use the non default:
list-user-permissions-for-aws-idc --profile my-org-profile --region us-east-1
The script outputs two files, a short 5 column CSV, and a long jsonl file.
The jsonl file contains all details about the user, account, permission set, and group (if applicable), in a denormalized jsonl file. This file contains one json document per line, to make discovery easy.
The csv file contains only the 5 columns:
If an account or permission set exists with no users attached to it, this report will not have a item on the list for it. Only permissions sets with account assignments associated with actual users will appear on the list.
Similarly, groups with no users as members will also not appear on the list.
FAQs
List users and permissions inside AWS Identity Center
We found that list-user-permissions-for-aws-idc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.