{"id":13542349,"url":"https://github.com/0xsha/CloudBrute","last_synced_at":"2025-04-02T10:30:39.153Z","repository":{"id":37814955,"uuid":"294051203","full_name":"0xsha/CloudBrute","owner":"0xsha","description":"Awesome cloud enumerator ","archived":false,"fork":false,"pushed_at":"2024-03-14T08:15:18.000Z","size":293,"stargazers_count":780,"open_issues_count":0,"forks_count":124,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-04-19T08:20:33.088Z","etag":null,"topics":["amazon","bugbounty","cloud","cloud-security","cloud-storage","digitalocean","google","hacking","infosec","linode","pentest-tool","pentesting","redteam","s3-bucket","vultr"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xsha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-09T08:31:01.000Z","updated_at":"2024-06-12T15:42:44.113Z","dependencies_parsed_at":"2023-02-17T14:31:07.945Z","dependency_job_id":"23272a5c-8a50-46ad-b2d7-b35603e23500","html_url":"https://github.com/0xsha/CloudBrute","commit_stats":{"total_commits":43,"total_committers":5,"mean_commits":8.6,"dds":0.4651162790697675,"last_synced_commit":"7e34c2f9fb23a294309adf66da12bffbbbfc1eaf"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsha%2FCloudBrute","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsha%2FCloudBrute/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsha%2FCloudBrute/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xsha%2FCloudBrute/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xsha","download_url":"https://codeload.github.com/0xsha/CloudBrute/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246796745,"owners_count":20835438,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amazon","bugbounty","cloud","cloud-security","cloud-storage","digitalocean","google","hacking","infosec","linode","pentest-tool","pentesting","redteam","s3-bucket","vultr"],"created_at":"2024-08-01T10:01:05.266Z","updated_at":"2025-04-02T10:30:39.142Z","avatar_url":"https://github.com/0xsha.png","language":"Go","funding_links":[],"categories":["Go","Miscellaneous","Penetration testing/learning","Go (531)","[](#table-of-contents) Table of contents","0x02 工具 :hammer_and_wrench:","Red Team","Tools"],"sub_categories":["Buckets","[](#subdomains-scanbrute)Subdomains scan/brute","1 云服务工具","Reconaissance","Enumeration"],"readme":"# CloudBrute\n\n\nA tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). \nThe outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.  \n\n\nThe complete writeup is available. [here](https://web.archive.org/web/20210123180246/https://0xsha.io/posts/introducing-cloudbrute-wild-hunt-on-the-clouds)\n\n## At a glance \n\n![CloudBrute](./assets/cloudbrute_digram.png)\n\n\n## Motivation \n\nwe are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple platform cloud brute-force hunter.mainly to find open buckets, apps, and databases hosted on the clouds and possibly app behind proxy servers.   \nHere is the list issues on previous approaches we tried to fix:\n\n- separated wordlists \n- lack of proper concurrency \n- lack of supporting all major cloud providers \n- require authentication or keys or cloud CLI access\n- outdated endpoints and regions \n- Incorrect file storage detection \n- lack support for proxies (useful for bypassing region restrictions) \n- lack support for user agent randomization (useful for bypassing rare restrictions) \n- hard to use, poorly configured\n\n## Features\n- Cloud detection (IPINFO API and Source Code)\n- Supports all major providers\n- Black-Box (unauthenticated)\n- Fast (concurrent)\n- Modular and easily customizable \n- Cross Platform (windows, linux, mac)\n- User-Agent Randomization \n- Proxy Randomization (HTTP, Socks5) \n\n## Supported Cloud Providers\n\nMicrosoft:\n- Storage\n- Apps\n\nAmazon: \n- Storage\n- Apps\n\nGoogle: \n- Storage\n- Apps \n\nDigitalOcean: \n- storage\n\nVultr:\n- Storage \n\nLinode:\n- Storage\n\nAlibaba:\n- Storage \n\n## Version\n1.0.0\n\n\n## Usage\nJust download the latest [release](https://github.com/0xsha/CloudBrute/releases) for your operation system and follow the usage.\n\nTo make the best use of this tool, you have to understand how to configure it correctly. When you open your downloaded version, there is a config folder, and there is a config.YAML file in there.\n\nIt looks like this \n```yaml\nproviders: [\"amazon\",\"alibaba\",\"amazon\",\"microsoft\",\"digitalocean\",\"linode\",\"vultr\",\"google\"] # supported providers\nenvironments: [ \"test\", \"dev\", \"prod\", \"stage\" , \"staging\" , \"bak\" ] # used for mutations\nproxytype: \"http\"  # socks5 / http\nipinfo: \"\"      # IPINFO.io API KEY\n```\n\nFor IPINFO API, you can register and get a free key at [IPINFO](https://ipinfo.io), the environments used to generate URLs, such as test-keyword.target.region and test.keyword.target.region, etc.\n\nWe provided some wordlist out of the box, but it's better to customize and minimize your wordlists (based on your recon) before executing the tool.\n\nAfter setting up your API key, you are ready to use CloudBrute. \n\n\n```\n ██████╗██╗      ██████╗ ██╗   ██╗██████╗ ██████╗ ██████╗ ██╗   ██╗████████╗███████╗\n██╔════╝██║     ██╔═══██╗██║   ██║██╔══██╗██╔══██╗██╔══██╗██║   ██║╚══██╔══╝██╔════╝\n██║     ██║     ██║   ██║██║   ██║██║  ██║██████╔╝██████╔╝██║   ██║   ██║   █████╗  \n██║     ██║     ██║   ██║██║   ██║██║  ██║██╔══██╗██╔══██╗██║   ██║   ██║   ██╔══╝  \n╚██████╗███████╗╚██████╔╝╚██████╔╝██████╔╝██████╔╝██║  ██║╚██████╔╝   ██║   ███████╗\n ╚═════╝╚══════╝ ╚═════╝  ╚═════╝ ╚═════╝ ╚═════╝ ╚═╝  ╚═╝ ╚═════╝    ╚═╝   ╚══════╝\n                                                V 1.0.7\nusage: CloudBrute [-h|--help] -d|--domain \"\u003cvalue\u003e\" -k|--keyword \"\u003cvalue\u003e\"\n                  -w|--wordlist \"\u003cvalue\u003e\" [-c|--cloud \"\u003cvalue\u003e\"] [-t|--threads\n                  \u003cinteger\u003e] [-T|--timeout \u003cinteger\u003e] [-p|--proxy \"\u003cvalue\u003e\"]\n                  [-a|--randomagent \"\u003cvalue\u003e\"] [-D|--debug] [-q|--quite]\n                  [-m|--mode \"\u003cvalue\u003e\"] [-o|--output \"\u003cvalue\u003e\"]\n                  [-C|--configFolder \"\u003cvalue\u003e\"]\n\n                  Awesome Cloud Enumerator\n\nArguments:\n\n  -h  --help          Print help information\n  -d  --domain        domain\n  -k  --keyword       keyword used to generator urls\n  -w  --wordlist      path to wordlist\n  -c  --cloud         force a search, check config.yaml providers list\n  -t  --threads       number of threads. Default: 80\n  -T  --timeout       timeout per request in seconds. Default: 10\n  -p  --proxy         use proxy list\n  -a  --randomagent   user agent randomization\n  -D  --debug         show debug logs. Default: false\n  -q  --quite         suppress all output. Default: false\n  -m  --mode          storage or app. Default: storage\n  -o  --output        Output file. Default: out.txt\n  -C  --configFolder  Config path. Default: config\n\n\n```\n\nfor example \n```\nCloudBrute -d target.com -k target -m storage -t 80 -T 10 -w \"./data/storage_small.txt\"\n```\nplease note -k keyword used to generate URLs, so if you want the full domain to be part of mutation, you have used it for both domain (-d) and keyword (-k) arguments \n\nIf a cloud provider not detected or want force searching on a specific provider, you can use -c option.\n```\nCloudBrute -d target.com -k keyword -m storage -t 80 -T 10 -w -c amazon -o target_output.txt\n```\n\n\n## Dev \n- Clone the repo \n- go build -o CloudBrute main.go\n- go test internal \n\n\n\n## in action\n\n[![asciicast](https://asciinema.org/a/QIYRNgJMKhGX3woUTB3kh0HmC.svg)](https://asciinema.org/a/QIYRNgJMKhGX3woUTB3kh0HmC)\n\n##  How to contribute\n- Add a module or fix something and then pull request.\n- Share it with whomever you believe can use it.\n- Do the extra work and share your findings with community \u0026hearts;\n\n\n## FAQ\n\n##### How to make the best out of this tool? \nRead the usage.\n\n##### I get errors; what should I do? \nMake sure you read the usage correctly, and if you think you found a bug open an issue. \n\n##### When I use proxies, I get too many errors, or it's too slow?\nIt's because you use public proxies, use private and higher quality proxies. You can use [ProxyFor](https://github.com/0xsha/proxyfor) to verify the good proxies with your chosen provider. \n\n##### too fast or too slow ?\nchange -T (timeout) option to get best results for your run.\n\n\n## Credits \n\nInspired by every single repo listed  [here](https://github.com/mxm0z/awesome-sec-s3) .\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xsha%2FCloudBrute","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xsha%2FCloudBrute","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xsha%2FCloudBrute/lists"}