{"id":19986641,"url":"https://github.com/iknowjason/edge","last_synced_at":"2026-01-12T01:54:15.529Z","repository":{"id":52449413,"uuid":"484514013","full_name":"iknowjason/edge","owner":"iknowjason","description":"Whois for the Cloud:  Recon tool for cloud provider attribution.  Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.","archived":false,"fork":false,"pushed_at":"2025-10-09T20:38:13.000Z","size":8154,"stargazers_count":178,"open_issues_count":5,"forks_count":22,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-25T14:37:51.497Z","etag":null,"topics":["bugbounty","pentesting","pentesting-tools","redteam-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iknowjason.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-04-22T17:13:51.000Z","updated_at":"2025-10-20T12:06:46.000Z","dependencies_parsed_at":"2023-11-11T14:28:05.037Z","dependency_job_id":"b532943c-49bd-4837-9f81-b3145f575f22","html_url":"https://github.com/iknowjason/edge","commit_stats":{"total_commits":106,"total_committers":1,"mean_commits":106.0,"dds":0.0,"last_synced_commit":"fbe4d98bdbd699f551da546f9c82808b44c186c0"},"previous_names":["iknowjason/awesomecloudsectool"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/iknowjason/edge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iknowjason%2Fedge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iknowjason%2Fedge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iknowjason%2Fedge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iknowjason%2Fedge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iknowjason","download_url":"https://codeload.github.com/iknowjason/edge/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iknowjason%2Fedge/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28331280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"ssl_error","status_checked_at":"2026-01-12T00:36:15.229Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentesting","pentesting-tools","redteam-tools"],"created_at":"2024-11-13T04:29:51.244Z","updated_at":"2026-01-12T01:54:15.510Z","avatar_url":"https://github.com/iknowjason.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloud edge - Whois for the Cloud\n\n *Lookup an IP to find the cloud provider and other details based on the provider's published JSON, CSV, or text data* \n\nCloud edge is a recon tool focused on exploring cloud service providers.  It can be used for cloud attribution and forensics, pentesting, bug bounty, red teaming, or general R\u0026D of cloud providers.  Edge automatically loads Cloud Service Provider (CSP) published IP address ranges (AWS, Azure, GCP, Cloudflare, Digital Ocean) files and performs a prefix lookup based on the input IP address.  Can be used to integrate in with other recon tooling.  In a black box network pentest, edge quickly discovers which cloud CSP the customer is hosted with, or just double-verifying the scope for rules of engagement.  Each of these CSPs publish a list of all of their IP prefixes and/or netblocks.  For Azure and AWS, this adds the region/data center and service name.  This is an excellent enrichment for threat intelligence, allowing you to map IP addresses to physical data centers and cloud services.  Cloud Edge can be useful for reconnaissance workflows to quickly know \"what you're dealing with\" - it quickly parses and performs a lookup based on IP prefix.  \n\n![](edge-usage.png)\n\n\n# Input and Output\nHere are a few notes on how the tool works for inputs and output.  \n\n## Getting Started: First Run Download of CSP Files\n\nRun Cloud Edge and it will automatically download all cloud provider files supported.  If the files don't exist in working directory, they will be downloaded:\n\n```\n% ./edge\n[INF] Starting Cloud Edge version 0.2.4\n[INF] File cloud.json has been downloaded and created\n[INF] File aws.json has been downloaded and created\n[INF] File cloudflare-ipv4.txt has been downloaded and created\n[INF] File cloudflare-ipv6.txt has been downloaded and created\n[INF] File digitalocean.csv has been downloaded and created\n[INF] File azure.json has been downloaded and created\n```\n\nIf you're offline and they can't be downloaded, check the ```csp-files``` directory in this repository.  Copy them to working directory.\n\n## Files from cloud providers\n\nWhen the tool runs for the first time, it automatically tries to download and load the six cloud provider IP address ranges JSON, text, and csv files to the working directory.  Here is how it works:\n\nBy default it will attempt to download the six files from the URLs below unless the files are already in the working directory.\n\n| Provider        | Local File         | Remote URL  |\n|:-------------:|:-------------:| :-----:|\n| AWS      | aws.json | https://ip-ranges.amazonaws.com/ip-ranges.json |\n| Azure    | azure.json      |  https://azservicetags.azurewebsites.net/  |\n| GCP | cloud.json      |  https://www.gstatic.com/ipranges/cloud.json |\n| Cloudflare | cloudflare-ipv4.txt | https://www.cloudflare.com/ips-v4/# |\n| Cloudflare | cloudflare-ipv6.txt | https://www.cloudflare.com/ips-v6/# |\n| Digital Ocean | digitalocean.csv | https://digitalocean.com/geo/google.csv |\n\n\nCloud Edge checks for each file before downloading.  So if the file already exists, it obviously won't be downloaded again unless you delete it.\n\nThese six files are included in this github repository in the ```csp-files``` directory.  Since the Cloud Providers frequently update their lists, ensure you have the latest files by removing the files in your working directory:  ```aws.json, azure.json, cloud.json, cloudflare-ipv4.txt, cloudflare-ipv6.txt, digitalocean.csv```.\n\nIf found in working directory, all IP prefixes are loaded into memory.  The cloud provider IP ranges files always attempt to load from working directory.  Enabling the actual lookup is done with  the ```-prefix``` flag. \n\nWhen ```-dns``` mode is enabled, DNS lookups for both A and CNAME records are buffered without display until all DNS queries are finished.  After the queries are finished, the output is displayed.\n\n\n## Default [INF] Mode enabled\n\nBy the default the output displays Informational messages starting with ```[INF]```.  This can be disabled with ```-silent``` flag.  The output will look like this:\n```\n./edge -single 140.179.144.130\n[INF] Single IP prefix lookup of 140.179.144.130\n[INF] Matched IP [140.179.144.130] to Cloud Provider via prefix [AWS:140.179.144.128/25]\n[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]\n140.179.144.130,Provider:AWS;Prefix:140.179.144.128/25;Region:cn-north-1;Service:API_GATEWAY\n```\n\nInformational messages will tell you if a record is found through a DNS 'A' record, DNS 'CNAME' record, Certificate (crt.sh), or if a prefix match is found.  Prefix matches will tell you the cloud provider detected with the matching prefix, as well as the cloud service and region if applicable.  Azure regions are not currently detected but AWS ones are.\n\n## Default CSV Output\n\nWith ```-dns``` or ```crt``` mode, the output is is sent by default to the console as comma delimited results.  This makes it easy to use other tools to parse these results.\n```\nFQDN,IP,SOURCE,CNAME,DESCRIPTION\n```\n\n* **FQDN:**  This is the DNS lookup as a FQDN.\n* **IP:**  This is the IP address returned from an A record if found.\n* **SOURCE:**  This is the source of the lookup.  Either A, CNAME, or Certificate.\n* **CNAME:** This returns the CNAME or ALIAS if the request is a CNAME.\n* **DESCRIPTION:** This returns any results from the IP address ranges description if ```-prefix``` is enabled.\n\nWith ```-prefix``` mode and either ```-ip``` or ```-nmap```, the output is sent by default to the console as comma delimited results:\n\n```\nIP,DESCRIPTION\n```\n\nThe ```IP``` is the IP address and the ```DESCRIPTION``` is the results from the IP address ranges lookup in the cloud provider IP address ranges JSON files, if applicable.\n\n\nWith ```-ptr``` mode and either ```ip``` or ```nmap```, the output is sent by default to the console as comma delimited results:\n```\nIP,PTR\n```\n\nThe ```IP``` is the IP address and the ```PTR``` is the results from the DNS PTR lookup if found.\n\n## IP Address files with -IP\nThe ```-ip``` flag signals to iterate through a list of IP addresses and can be used in ```prefix``` or ```ptr``` mode.  When you run the tool with ```-ip \u003chosts.txt\u003e```, it expects each IP address in a separate line, and will iterate through the list doing lookups.  Here is an example of the file contents:\n```\nuser@host:~/demo$ cat ip.txt \n3.133.110.237\n18.117.232.92\n18.221.247.211\n3.137.199.52\n```\n\n## Nmap XML files\nThe ```-nmap``` flag signals to parse an nmap XML file.  It will look for any host in the nmap scan file marked as \"Up.\"  For example, ```-nmap scan1.xml``` will tell the tool to parse the scan1.xml file and look for any hosts marked as Up by nmap.  You then run it with either -ptr or -prefix to do a lookup of the IP.\n\n## Subdomain enumeration with -wordlist\nThe tool performs classic subdomain enumeration by iterating through a wordlist containing hostnames, one hostname per line.  This is used in ```-dns``` mode with ```-wordlist \u003chosts.txt\u003e```.  An example of what this looks like for the hosts.txt file:\n\n```\nuser@host:~/demo$ more subdomains-5k.txt \nwww\nblog\nnews\nblogs\nen\nonline\n```\n\n# Options\n```\n$ edge -help\nUsage of edge:\n  -crt\n    \tCertificate transparency lookup mode\n  -csv string\n    \tOutput results to CSV file\n  -dns\n    \tA and CNAME record lookup mode\n  -domain string\n    \tThe domain to perform guessing against.\n  -ip string\n    \tThe text file to use with IP addresses\n  -nmap string\n    \tNmap scan xml file to use.\n  -output\n    \tEnable output to CSV\n  -prefix\n    \tIP Prefix CSP lookup mode\n  -ptr\n    \tPTR lookup mode\n  -resolver string\n    \tThe DNS server to use. (default \"8.8.8.8:53\")\n  -silent\n    \tEnable silent mode to suppress [INF]\n  -single string\n    \tSingle IP address to do a prefix lookup\n  -verbose\n    \tEnable verbose output\n  -wordlist string\n    \tThe wordlist to use for guessing.\n  -workers int\n    \tThe amount of workers to use. (default 10)\n```\n\n# Examples\n\n**Example #1:**  Look up a single IP address\n```\nedge -single \u003cip_address\u003e\n```\n\n**Description:**  Perform a prefix lookup of a single IP address supplied with ```\u003cip_addr\u003e``` against the cloud provider's JSON files.\n\n**Sample Output:**\n```\nedge -single 140.179.144.130\n[INF] Single IP prefix lookup of 140.179.144.130\n[INF] Matched IP [140.179.144.130] to Cloud Provider via prefix [AWS:140.179.144.128/25]\n[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]\n140.179.144.130,Provider:AWS;Prefix:140.179.144.128/25;Region:cn-north-1;Service:API_GATEWAY\n```\n\n***\n**Example #2:**  Look up a single IP address and suppress Info messages\n```\n$ edge -single \u003cip_address\u003e -silent\n```\n\n**Description:**  Same as above, except enable the silent mode.  This suppresses the [INF] messages with extra information.\n\n**Sample Output:**\n```\nedge -single 140.179.144.130\n140.179.144.130,Provider:AWS;Prefix:140.179.144.128/25;Region:cn-north-1;Service:API_GATEWAY\n```\n***\n**Example #3:**  Use local provider JSON files instead of downloading them.\n\n```\nedge -single \u003cip_address\u003e -silent -nd\n```\n\n**Description:**  Don't try to download the provider JSON files, but instead use the local files in working directory.\n\n***\n**Example #4:**  Wordlist subdomain enumeration with certificate transparancy and prefix lookup.\n\n```\nedge -domain \u003cdomain\u003e -dns -crt -prefix -wordlist \u003cwordlist.txt\u003e\n```\n\n**Description:**  Perform a wordlist subdomain enumeration of all A and CNAME records based on wordlist.txt against domain with certificate transparency lookup.  For each enumerated host found with Cert transparency, also do a DNS lookup.  Do an IP prefix lookup of the IP address across all three cloud service provider's published list of IP prefixes.\n\n**Sample Output:**\n```\nedge -domain tesla.com -dns -crt -prefix -wordlist subdomains-5k.txt\n[INF] Found host via crt.sh [nas-origin.tesla.com]\nnas-origin.tesla.com,,Certificate,,\n[INF] Found host via crt.sh [eua-origin.tesla.com]\neua-origin.tesla.com,,Certificate,,\n[INF] Found host via CNAME [fleetview.prd.na.fn.tesla.com.:fleetview.prd.usw2.fn.tesla.com]\nfleetview.prd.na.fn.tesla.com.,,CNAME,fleetview.prd.usw2.fn.tesla.com,\n[INF] Found host via CNAME [fleetview.prd.usw2.fn.tesla.com.:a69ff530d53f14d8e8059a3aee44e9ab-1848028946.us-west-2.elb.amazonaws.com]\nfleetview.prd.usw2.fn.tesla.com.,,CNAME,a69ff530d53f14d8e8059a3aee44e9ab-1848028946.us-west-2.elb.amazonaws.com,\n[INF] Found host via A [a69ff530d53f14d8e8059a3aee44e9ab-1848028946.us-west-2.elb.amazonaws.com:52.39.128.70]\n[INF] Matched Cloud Provider via prefix [AWS:52.36.0.0/14]\n[INF] Matched IP [52.39.128.70] to Cloud Service [EC2] and Region [us-west-2]\n```\n***\n**Example #5:**  Wordlist subdomain enumeration without certificate transparency or IP prefix lookup.\n\n```\nedge -domain \u003cdomain\u003e -dns -wordlist \u003cwordlist.txt\u003e\n```\n\n**Description:** Perform just a wordlist scan of all A and CNAME records based on wordlist.\n\n**Sample Output:**\n```\nedge -domain tesla.com -dns -wordlist subdomains-5k.txt\n[INF] Found host via CNAME [fleetview.prd.na.fn.tesla.com.:fleetview.prd.usw2.fn.tesla.com]\nfleetview.prd.na.fn.tesla.com.,,CNAME,fleetview.prd.usw2.fn.tesla.com,\n[INF] Found host via A [e9056.b.akamaiedge.net:23.2.254.58]\ne9056.b.akamaiedge.net,23.2.254.58,A,teslamotors.vanity3.ca1.qualtrics.com,\n```\n***\n**Example #6:**  Wordlist subdomain enumeration without certificate transparency but looking up IP prefix for any IP addresses found.\n\n```\nedge -domain \u003cdomain\u003e -dns -wordlist \u003cwordlist.txt\u003e -prefix\n```\n\n**Description:** Perform just a wordlist scan of all A and CNAME records based on wordlist.  For every IP address enumerated, perform a prefix lookup.\n\n***\n\n**Example #7:**  Certificate transparency log lookup.\n\n```\nedge -domain \u003cdomain\u003e -crt\n``` \n\n**Description:** Do a Certificate Transparency log lookup using https://crt.sh\n\n**Sample Output:**\n```\nedge -domain tesla.com -crt\n[INF] Running certificate transparency lookup crt.sh\n[INF] Found host via crt.sh [solarbonds.tesla.com]\nsolarbonds.tesla.com,,Certificate,,\n[INF] Found host via crt.sh [energydesk.tesla.com]\nenergydesk.tesla.com,,Certificate,,\n```\n\n***\n\n**Example #8:** Certificate transparency with DNS lookup\n\n```\nedge -domain \u003cdomain\u003e -dns -crt\n```\n\n**Description:** Perform a Certificate transparency lookup.  For each host discovered via Cert Transparency, do a full DNS A or CNAME lookup.\n\n*** \n\n**Example #9:** IP prefix lookup with IP address list\n\n```\nedge -prefix -ip \u003cip-hosts.txt\u003e\n```\n\n**Description:** Perform a lookup of the IP address for the cloud service provider IP prefix.  Takes a list of IP addresses in ip-hosts.txt and looks through it doing a lookup.  One IP address per line.\n\n**Sample Output:**\n```\nedge -prefix -ip ip-hosts.txt\n[INF] Matched IP [140.179.144.130] to Cloud Provider via prefix [AWS:140.179.144.128/25]\n[INF] Matched IP [140.179.144.130] to Cloud Service [API_GATEWAY] and Region [cn-north-1]\n140.179.144.130,Provider:AWS;Prefix:140.179.144.128/25;Region:cn-north-1;Service:API_GATEWAY\n[INF] Matched IP [18.189.124.22] to Cloud Provider via prefix [AWS:18.189.0.0/16]\n[INF] Matched IP [18.189.124.22] to Cloud Service [EC2] and Region [us-east-2]\n18.189.124.22,Provider:AWS;Prefix:18.189.0.0/16;Region:us-east-2;Service:EC2\n[INF] Matched IP [20.60.128.132] to Cloud Provider via prefix [Azure:20.60.0.0/16]\n[INF] Matched IP [20.60.128.132] to Cloud Service [AzureStorage]\n20.60.128.132,Provider:Azure;Prefix:20.60.0.0/16;Name:Storage;ID:Storage;Platform:Azure;SystemService:AzureStorage\n```\n\n*** \n\n**Example #10:** DNS PTR lookup with ip address list\n\n```\nedge -ptr -ip \u003cip-hosts.txt\u003e\n```\n\n**Description:** Does a DNS PTR lookup based on the IP address on each line of ip-hosts.txt.\n\n**Sample Output:**\n```\nedge -ptr -ip ip-hosts.txt\n140.179.144.130,ec2-140-179-144-130.cn-north-1.compute.amazonaws.com.cn.\n```\n\n*** \n\n**Example #11:** Parses nmap file and does prefix lookup of IP addresses found\n\n```\nedge -prefix -nmap \u003cresults.xml\u003e\n```\n\n**Description:** Parses an nmap scan XML file, identifying all \"Up\" hosts.  For every \"Up\" host in nmap XML scan results, do an IP prefix lookup for the cloud service provider.\n\n*** \n\n**Example #12:** Parses nmap file and does DNS PTR lookup of each IP address found\n\n\n```\nedge -ptr -nmap \u003cresults.xml\u003e\n```\n\n**Description:** Parses an nmap scan XML file, and does a PTR lookup of every \"Up\" host.\n\n*** \n\n**Example #13:** Adds concurrency with 100 workers to boost performance\n\n```\nedge -domain \u003cdomain\u003e -dns -wordlist \u003cwordlist.txt\u003e -workers 100\n```\n\n**Description:** Uses a DNS concurrency scan of 100 workers.  This increases the scan speed.  Default workers: 10.\n\n*** \n\n**Example #14:** Specify a DNS resolver\n\n```\nedge -domain \u003cdomain\u003e -dns -wordlist \u003cwordlist.txt\u003e -resolver 8.8.4.4:53\n```\n\n**Description:** Specify a DNS resolver of 8.8.4.4 on port 53.  Default is 8.8.8.8.\n\n# Installing\n\n## Binaries\nYou can grab the pre-compiled binaries or build it.  Make sure you also get the cloud provider IP prefix JSON files.\n\n## Building\nTested and built with go 1.25\n\n```\n$ git clone https://github.com/iknowjason/edge.git\n$ cd edge\n~/edge$ go build edge.go\n~/edge$ ./edge (Verify it)\n```\n\n\n\n# Credits\n@mosesrenegade for tool inspiration\n\n@0xdabbad00 for general AWS tools and inspiration\n\nThis tool was inspired from many other tools and authors, including dnsrecon and gobuster.  Yeah I know.  Not a lot new here - just another subdomain enumeration tool.  I just really wanted to learn Golang :-)\n\n\"Black Hat Go\" book\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiknowjason%2Fedge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiknowjason%2Fedge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiknowjason%2Fedge/lists"}