To start from the very beginning, Pacu is an offensive AWS exploitation framework, written by a small group of developers and researchers at Rhino Security Labs. Open source and available on GitHub under the BSD-3 license (https://github.com/RhinoSecurityLabs/pacu), Pacu and its modules are written in Python 3.

The original idea for Pacu was born out of an accumulation of research within Rhino's penetration testing team. It was found that more and more clients are using cloud server providers, such as AWS, and that there were a lot of unexplored areas that seemed ripe for exploitation. As ideas, attack vectors, and scripts piled up within the Rhino team, it became clear that some sort of framework was required to aggregate all of this research and make it easy to work with. Being penetration testers, it was also decided that it should be able to handle projects and pentests well, even if separate ones are being worked on simultaneously.

After an internal proposal and prototype of the proposed project, Pacu was accepted and the team began the process that resulted in what Pacu is today. To mirror similar projects and to ensure Pacu stays up to date with the evolving services of AWS and associated attack vectors, Pacu was developed with extensibility in mind. This was to allow for easy, external contribution to the project, as well as a simple, managed infrastructure that handled problems and allowed for easy solutions to those problems.