Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ex0dus-0x/sneak

A container/VM malware that finds and exploits SSRF opportunities in a compromised cloud environment
https://github.com/ex0dus-0x/sneak

Last synced: 9 days ago
JSON representation

A container/VM malware that finds and exploits SSRF opportunities in a compromised cloud environment

Awesome Lists containing this project

README

        

# sneak

__NOTE__: as a mini-research + bug bounty project, I uploaded this to be picked up
by supply chain defense pipelines through some malicious packages. If you have come across this, please
[reach out to me](mailto:[email protected]) for next steps!

A container/VM "malware" that finds and exploits SSRF opportunities in
a compromised cloud environment.

## Introduction

This is a proof-of-concept of a binary that can be dropped in a cloud environment
to leak and exfiltrate sensitive data from the instance metadata service, and
also enumerate for other server-side request forgery (SSRF) opportunities.

Supported heuristics:

* Cloud Metadata
* AWS IMDSv1
* Google Cloud
* DigitalOcean
* Microsoft Azure
* Environmental Variables
* Other network services (TODO)