Question 1

How to install PMapper on Windows with graphviz?

Accepted Answer

First, download and install graphviz from graphviz.org, then use pip to install principalmapper. Ensure Python 3.5+ is installed, and set the PATH variable for graphviz to avoid issues with visualization.

Question 2

PMapper vs ScoutSuite for AWS security audits?

Accepted Answer

PMapper specializes in graph-based IAM analysis for privilege escalation and indirect access, while ScoutSuite offers broader multi-cloud security assessments with compliance checks. PMapper is better for deep IAM risk analysis, whereas ScoutSuite covers more services and frameworks.

Question 3

Can PMapper analyze IAM policies in real-time as changes occur?

Accepted Answer

No, PMapper is designed for offline analysis after fetching IAM data; it doesn't support real-time monitoring. You need to manually update the graph with 'pmapper graph create' to reflect recent changes in IAM configurations.

Question 4

How to visualize privilege escalation paths with PMapper?

Accepted Answer

After creating a graph using 'pmapper graph create', run 'pmapper visualize --only-privesc' to generate an SVG file focused on privilege escalation paths, as shown in the README example with clear graphical representations.

Question 5

Does PMapper support AWS Organizations for multi-account analysis?

Accepted Answer

Yes, PMapper can handle AWS Organizations by using the --account parameter or AWS CLI profiles to switch between accounts. The wiki provides guidance on setting up graphs for organizational structures.

Question 6

How to run a custom query for specific AWS actions with conditions?

Accepted Answer

Use the 'argquery' command with --action and --condition flags, like 'pmapper argquery --action ec2:RunInstances --condition ec2:InstanceType=c6gd.16xlarge' to check who can launch expensive instances, leveraging local simulation for precise results.

Principal Mapper (PMapper)

What is Principal Mapper (PMapper)?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions