README.md
Rendering markdown...
/**
* Mock AWS Instance Metadata Service (IMDS)
*
* Simulates http://169.254.169.254/latest/meta-data/
* Used to demonstrate SSRF impact - credential theft from cloud environments
*/
import express from 'express';
const app = express();
const PORT = 8888;
// Log all requests
app.use((req, res, next) => {
console.log(`[METADATA] ${req.method} ${req.path}`);
next();
});
// Simulate IAM role listing
app.get('/latest/meta-data/iam/security-credentials/', (req, res) => {
console.log('[METADATA] >>> Listing IAM roles');
res.type('text/plain').send('vulnerable-ec2-role');
});
// Simulate credential retrieval - THE MONEY SHOT
app.get('/latest/meta-data/iam/security-credentials/vulnerable-ec2-role', (req, res) => {
console.log('[METADATA] >>> CREDENTIALS LEAKED! <<<');
res.json({
Code: 'Success',
LastUpdated: '2026-01-14T10:00:00Z',
Type: 'AWS-HMAC',
AccessKeyId: 'AKIAIOSFODNN7EXAMPLE',
SecretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
Token: 'FwoGZXIvYXdzEBYaDKSampleSessionToken...truncated',
Expiration: '2026-01-14T16:00:00Z'
});
});
// Other metadata endpoints
app.get('/latest/meta-data/instance-id', (req, res) => {
res.send('i-0123456789abcdef0');
});
app.get('/latest/meta-data/local-ipv4', (req, res) => {
res.send('10.0.0.42');
});
app.get('/latest/meta-data/public-ipv4', (req, res) => {
res.send('54.123.45.67');
});
// Catch-all
app.get('*', (req, res) => {
res.send('metadata-endpoint-response');
});
app.listen(PORT, () => {
console.log('='.repeat(50));
console.log('MOCK AWS METADATA SERVICE');
console.log('='.repeat(50));
console.log(`[*] Listening on http://127.0.0.1:${PORT}`);
console.log('[*] Simulates: http://169.254.169.254');
console.log('[*] Waiting for SSRF requests...');
console.log('');
});