Building NPK gave me some extensive first-hand experience with AWS Cognito. After all, Cognito forms the foundation of user authentication and authorization in NPK. So when I heard about the research done by Andres Riancho at BlackHat Vegas in 2019, I couldn’t ignore it. I was impressed enough with the results of his research that I decided to extend it.
Hirogen was born. Hirogen is a node.js CLI utility for inspecting and interacting with AWS Cognito implementations. It allows for registration against Cognito user pools, sign-in against Cognito, Amazon, and Google identity providers, and includes support for MFA. It provides a quick way to check for common permissions for assumed roles, and makes it trivial to export the acquired credentials to the CLI to perform custom interactions.
Learn more on GitHub.