Cloud

recon

Cloud DNS Enumeration

python cloudflair.py -d example.com

Cloud Service Enumeration

cloudmapper collect --account example_account

Cloud Storage Bucket Enumeration

python GCPBucketBrute.py -d example.com -p projects.txt -n

Cloud Application Enumeration

nmap -p 80,443,8080 example.com

Cloud Metadata Enumeration

python inspy.py -d example.com

Cloud Provider Enumration

python3 cloudenum.py -u example.com

Scan a Single Domain(Search for potential frontable domains)

python3 findfrontabledomains.py -d example.com

Scan a List of Domains from a File(Search for potential frontable domains)

python3 findfrontabledomains.py -f domains.txt

Domain Fronting

Scrape a Single Website

Scrape a Website with Proxy Support:

Enumerate Cloud Providers for a Specific Domain

Enumerate Cloud Providers from a List of Domains in a File

Identify privilege escalation paths and dangerous permissions in the cloud/saas configurations

BloodHound in Cloud

Graphing Azure Active Directory objects

To run DigitalOcean Audit

Attempts to find public S3 buckets from permutations of the certificates domain name

https://github.com/eth0izzle/bucket-stream python bucket-stream.py ‍‍‍

or

Scan and Generate Graph Database(Consolidates infrastructure assets and the relationships):

Export Data to JSON Format(Consolidates infrastructure assets and the relationships):

Run a Custom Plugin(Consolidates infrastructure assets and the relationships):

Discovering open S3 Buckets

AWS

Enumerate EC2 Instances:

or PACU

Enumerate S3 Buckets:

or PACU

Enumerate IAM Users:

or PACU

Enumerate RDS Instances:

or PACU

Scan for Open Elasticsearch Instances:

or PACU

Checks the permissions of the bucket

List all instances in a region:

Create a new EC2 instance:

Create a new S3 bucket:

To run AWS Audit

Google Cloud SDK

List all instances in a project:

Create a new VM instance:

Create a new Cloud Storage bucket:

Scan for buckets using the keyword “test” while completely unauthenticated

To run GCP Audit

Microsoft Azure CLI

List all virtual machines in a resource group:

Create a new virtual machine:

Create a new storage account:

AzureStealth Scan

AWStealth Scan

To run Azure Audit

S3 bucket misconfigurations

Check if a bucket is publicly accessible:

Check if bucket logging is enabled:

Check if server-side encryption is enabled

IAM misconfigurations

Check for unused IAM users and roles:

Check for unused IAM access keys:

Check for unused IAM permissions:

Security Group misconfigurations

Check for open ports in a security group:

Check for unrestricted outbound traffic:

Check for unrestricted inbound traffic from specific IP ranges:

VPC misconfigurations

Check for unused VPCs:

Check for unrestricted peering: