Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/belane/CloudHunter
AWS, Azure, Alibaba and Google bucket scanner
https://github.com/belane/CloudHunter
alibaba aws azure bucket bugbounty fuzzer google-cloud security-tools
Last synced: 2 months ago
JSON representation
AWS, Azure, Alibaba and Google bucket scanner
- Host: GitHub
- URL: https://github.com/belane/CloudHunter
- Owner: belane
- License: gpl-3.0
- Created: 2019-09-24T11:08:37.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-08-25T13:23:10.000Z (10 months ago)
- Last Synced: 2024-01-26T08:05:07.121Z (5 months ago)
- Topics: alibaba, aws, azure, bucket, bugbounty, fuzzer, google-cloud, security-tools
- Language: Python
- Homepage:
- Size: 83 KB
- Stars: 90
- Watchers: 4
- Forks: 22
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Lists
- awesome-pentest - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
- awesome-pentest-resource - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
- awesome-penetest - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
- my-awesome-stars - belane/CloudHunter - AWS, Azure, Alibaba and Google bucket scanner (Python)
- awesome-pentest - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
- awesome-pentest - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
- awesome-pentest - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
- venom - `CloudHunter` - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools)
- fucking-awesome-pentest - CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets. (Cloud Platform Attack Tools / Malware Analysis Books)
README
# CloudHunter
Looks for AWS, Azure, Alibaba and Google cloud storage buckets and lists permissions for vulnerable buckets.
## Usage
` python3 cloudhunter.py --permutations-file permutations-big.txt COMPANY_NAME `
` python3 cloudhunter.py --services aws,alibaba COMPANY_NAME `
` python3 cloudhunter.py --threads 50 http://example.com `
` python3 cloudhunter.py --write-test -s alibaba --open-only http://example.com `
### Help
```bash
usage: cloudhunter.py [-h] [-p file] [-s aws,google,azure,alibaba] [-w] [-r file] [-t num] [-c num] [-b] [-d] [-v] [-o] input
positional arguments:
input Company name, url or any base name.
options:
-h, --help show this help message and exit
-p, --permutations-file file Permutations file.
-s, --services aws,google,azure,alibaba Specifies target services.
-w, --write-test Enable write test to read rights when other methods fail.
-r, --resolvers file DNS resolvers file.
-t, --threads num Threads.
-c, --crawl-deep num How many pages to crawl after the first.
-b, --base-only Checks only the base name, skips permutations generation.
-d, --disable-bruteforce Disable discovery by brute force.
-v, --verbose Verbose log.
-o, --open-only Show only open buckets.
```
## Output
```bash
python3 cloudhunter.py -t 10 http://example.com
________ ____ __ __
/ ____/ /___ __ ______/ / / / /_ ______ / /____ _____
/ / / / __ \/ / / / __ / /_/ / / / / __ \/ __/ _ \/ ___/
/ /___/ / /_/ / /_/ / /_/ / __ / /_/ / / / / /_/ __/ /
\____/_/\____/\__,_/\__,_/_/ /_/\__,_/_/ /_/\__/\___/_/
[>] Crawling http://example.com ...
[>] 61 possible endpoints found
Azure Cloud https://dmpcdn.files-example/cdn PRIVATE
Google Cloud http://demo-site.org OPEN Redirect https://demo-site.org/
Google Cloud https://other.net OPEN
[>] Bruteforce 1591 name permutations.
[+] Check Google Cloud
Google Storage example.storage.googleapis.com PRIVATE
Google Storage example-attachments.storage.googleapis.com OPEN AllUsers [LR]
Google Storage example-backups.storage.googleapis.com PRIVATE
Google Storage examplestorage.storage.googleapis.com OPEN AllUsers [LRWV]
Google Storage examplestore.storage.googleapis.com PRIVATE
Google App Engine example.bigtable.appspot.com OPEN WebApp Error
Google App Engine example.beta.appspot.com OPEN
Google App Engine example.data-private.appspot.com OPEN Redirect https://accounts.google.com/ServiceLogin
...
[+] Check Amazon Cloud
AWS Bucket examplefiles.s3.amazonaws.com OPEN LIST
AWS Bucket finance-example.s3.amazonaws.com PRIVATE
AWS Bucket examplejs.s3.amazonaws.com OPEN gmantri [F] | AllUsers [RW]
AWS Bucket example-logs.s3.amazonaws.com PRIVATE
AWS Bucket example.media.s3.amazonaws.com OPEN zectroxity [RW] | AllUsers [R]
AWS Bucket exampleresources.s3.amazonaws.com PRIVATE
AWS Bucket s3-example.s3.amazonaws.com OPEN develop [F] | AuthenticatedUsers [F] | df99361a [F]
AWS Bucket exampleshop.s3.amazonaws.com PRIVATE
AWS Bucket example-web.s3.amazonaws.com OPEN 42cf2125 [F]
...
[+] Check Alibaba Cloud
Alibaba Bucket example-admin.oss-cn-hangzhou.aliyuncs.com PRIVATE
Alibaba Bucket example-data.oss-cn-beijing.aliyuncs.com OPEN WRITE
Alibaba Bucket exampledemo.oss-cn-beijing.aliyuncs.com OPEN root [RW] | AllUsers [R]
Alibaba Bucket demo-example.oss-cn-shanghai.aliyuncs.com PRIVATE
Alibaba Bucket example-demo.oss-cn-shenzhen.aliyuncs.com OPEN LIST
...
[+] Check Azure Cloud
Storage Files example.file.core.windows.net PRIVATE
App Management example-demo.blob.core.windows.net PRIVATE
App Azure githubexample.blob.core.windows.net OPEN
App Azure exampletest.azurewebsites.net PRIVATE
App Azure jira-example.azurewebsites.net OPEN Redirect https://jira-example.azurewebsites.net/
App Azure examplestats.azurewebsites.net OPEN
Databases-MSSQL example-project.database.windows.net DOMAIN
Email example.mail.protection.outlook.com DOMAIN
SharePoint example.sharepoint.com PRIVATE Redirect https://example.sharepoint.com/
...
```
## Disclaimer
This tool provided is intended for legal and ethical use only. Any unauthorized or malicious use of this tool is strictly prohibited and may result in legal actions. The developers of this tool are not responsible for any misuse or damage caused by the tool. Use this tool at your own risk and with discretion and always obtain proper authorization before using this tool on any system or network that you do not own or have legal permission to test. The "write-test" option performs intrusive operations to determine bucket rights, use only with explicit authorization.
## Thanks
- [@brianwarehime](https://github.com/brianwarehime) ([inSp3ctor](https://github.com/brianwarehime/inSp3ctor))
- [@SpenGietz](https://github.com/SpenGietz) ([GCPBucketBrute](https://github.com/RhinoSecurityLabs/GCPBucketBrute))
- [@kfosaaen](https://github.com/kfosaaen) ([MicroBurst](https://github.com/NetSPI/MicroBurst))
- [@PatrikHudak](https://github.com/PatrikHudak) ([second-order](https://gist.github.com/PatrikHudak/2006c50a694cc76ead705c91805df78b))