CloudBrute v1.0.7 releases: Awesome cloud enumerator
CloudBrute
CloudBrute is a tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
The complete writeup is available here
Motivation
While working on HunterSuite, and as part of the job, we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple platform cloud brute-force hunter.mainly to find open buckets, apps, and databases hosted on the clouds and possibly app behind proxy servers.
Here is the list issues we found with previous tools:
- separated wordlists
- lack of proper concurrency
- lack of supporting all major cloud providers
- require authentication or keys or cloud CLI access
- outdated endpoints and regions
- Incorrect file storage detection
- lack support for proxies (useful for bypassing region restrictions)
- lack support for user agent randomization (useful for bypassing rare restrictions)
- hard to use, poorly configured
Features
- Cloud detection (IPINFO API)
- Supports all major providers
- Black-Box (unauthenticated)
- Fast (concurrent)
- Modular and easily customizable
- Cross-Platform (windows, linux, mac)
- User-Agent Randomization
- Proxy Randomization (HTTP, Socks5)
Supported Cloud Providers
Microsoft:
- Storage
- Apps
Amazon:
- Storage
- Apps
Google:
- Storage
- Apps
DigitalOcean:
- storage
Vultr:
- Storage
Linode:
- Storage
Alibaba:
- Storage
Changelog v1.0.7
- 27ddeac added DigitalOcean apps
- ed9e12f introducing brand new detection mode
- a819bf1 introducing brand new detection mode
Download & Use
Copyright (c) 2020 HunterSuite
