Cloud

Tools

cloudflairopen in new window
- Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys
cloud_enumopen in new window
- Multi-cloud OSINT tool
cloud-service-enumopen in new window
- Enumerate cloud servivces that a user has access to
stratus-red-teamopen in new window
- Adversary simulation in the cloud
CloudFoxopen in new window
- Find exploitable paths in cloud infrastructure
ScoutSuiteopen in new window
- Multi-cloud auditing tool
cloudscraperopen in new window
- Bypass CloudFlare's antibot page
hackingthe.cloudopen in new window
- Encyclopedia of attacks/defenses for cloud services

boto3open in new window
- Official AWS SDK for Python
s3scanneropen in new window
- Enumerate S3 buckets
aws_consoleropen in new window
- Convert AWS CLI creds into AWS console access
enumerate-iamopen in new window
- Enumerate permissions for AWS credentials
aws_stealth_enum_permopen in new window
- WARNING: No longer possible! This is interesting research I learned about at Black Hat 2023.
- Blog post: Enumerate AWS API Permissions Without Logging to CloudTrailopen in new window
s3-account-searchopen in new window
- Find the account ID that an S3 bucket belongs to
lambda-persistency-pocopen in new window
- Gain persistency on a Python lambda
aws-research-scriptsopen in new window
- Various research scripts
- As of writing, currently only enum-endpoint.py, which attempts to find endpoints for a service across all regions and environments (!)
aws-api-model-converteropen in new window
- Convert undocumented APIs in the AWS console into use for the CLI
enumate_iam_using_bucket_policyopen in new window
- Enumerate IAM users/roles by abusing S3 bucket policies

GCPBucketBruteopen in new window
- Enumerate GCP buckets, determine what access you have + if there's potential for privilege escalation