Skip to content

DRAFT: Implementing cloud asset discovery #6865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Dec 29, 2023
Merged

DRAFT: Implementing cloud asset discovery #6865

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
4589602
adding GCP and AWS bucket enumeration
initstring Feb 19, 2023
379d11f
added GCP Firebase RTDB
initstring Feb 19, 2023
65c8665
rename firebase rtdb
initstring Feb 19, 2023
ef01846
add firebase apps
initstring Feb 19, 2023
e46d40c
fix URL
initstring Feb 19, 2023
8585fb0
add gcp appengine
initstring Feb 19, 2023
3d87956
refactor: use consistent dns variable name
initstring Feb 19, 2023
201cfdf
debugging
initstring Mar 9, 2023
a9e47e9
added aws buckets
initstring Mar 9, 2023
cf823d2
lint fixes
ehsandeep Mar 9, 2023
48628e1
adding more templates
initstring Mar 13, 2023
18a1678
fix ID
initstring Mar 13, 2023
0642076
add non-working azure VM template
initstring Mar 13, 2023
ade642e
beginning azure blob storage enumeration
initstring Mar 17, 2023
6594804
assume desired dns functionality
initstring Mar 17, 2023
1893423
revert non-working functions
initstring Mar 17, 2023
3024129
add azure databases
initstring Mar 17, 2023
c909f62
fix unique id
initstring Mar 17, 2023
9bbc012
Change severity to info
initstring Jul 26, 2023
c94db68
Change severity to info and update to v3 specs
initstring Jul 26, 2023
1d44399
Use wordlist instead of keyword
initstring Jul 26, 2023
af62c25
remove not-yet-working template
initstring Jul 26, 2023
76b64df
fix formatting and verified
DhiyaneshGeek Dec 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions cloud-enumeration/cloud-enum-aws-s3-bucket.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
id: cloud-enum-aws-s3-bucket

info:
name: Cloud Enumeration - AWS S3 Buckets
author: initstring
severity: medium
description: Searches for open and protected buckets in AWS S3
reference: tba
tags: cloud,aws

self-contained: true

variables:
baseDNS: "s3.amazonaws.com"

requests:
- raw:
- |
GET http://{{keyword}}.{{baseDNS}} HTTP/1.1
Host: {{keyword}}.{{baseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open AWS S3 Bucket"
status:
- 200
- type: status
name: "Protected AWS S3 Bucket"
status:
- 403
35 changes: 35 additions & 0 deletions cloud-enumeration/cloud-enum-gcp-app-engine.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
id: cloud-enum-gcp-app-engine

info:
name: Cloud Enumeration - GCP App Engine (Appspot)
author: initstring
severity: medium
description: Searches for App Engine Apps in GCP
reference: tba
tags: cloud,gcp

self-contained: true

variables:
baseDNS: "appspot.com"
loginRedirect: "accounts.google.com"

requests:
- raw:
- |
GET https://{{keyword}}.{{baseDNS}} HTTP/1.1
Host: {{keyword}}.{{baseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open GCP App Engine App"
status:
- 200
- type: dsl
name: "Protected GCP App Engine App"
condition: and
dsl:
- "status_code==302"
- contains(location, "login")
32 changes: 32 additions & 0 deletions cloud-enumeration/cloud-enum-gcp-bucket.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
id: cloud-enum-gcp-bucket

info:
name: Cloud Enumeration - GCP Buckets
author: initstring
severity: medium
description: Searches for open and protected buckets in GCP
reference: tba
tags: cloud,gcp

self-contained: true

variables:
baseDNS: "storage.googleapis.com"

requests:
- raw:
- |
GET http://{{keyword}}.{{baseDNS}} HTTP/1.1
Host: {{keyword}}.{{baseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open GCP Bucket"
status:
- 200
- type: status
name: "Protected GCP Bucket"
status:
- 403
28 changes: 28 additions & 0 deletions cloud-enumeration/cloud-enum-gcp-firebase-app.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
id: cloud-enum-gcp-firebase-app

info:
name: Cloud Enumeration - GCP Firebase Apps
author: initstring
severity: medium
description: Searches for Firebase Apps in GCP
reference: tba
tags: cloud,gcp

self-contained: true

variables:
baseDNS: "firebaseapp.com"

requests:
- raw:
- |
GET https://{{keyword}}.{{baseDNS}} HTTP/1.1
Host: {{keyword}}.{{baseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open GCP Firebase App"
status:
- 200
40 changes: 40 additions & 0 deletions cloud-enumeration/cloud-enum-gcp-firebase-rtdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
id: cloud-enum-gcp-firebase-rtdb

info:
name: Cloud Enumeration - GCP Firebase Realtime Database
author: initstring
severity: medium
description: Searches for Firebase Realtime Databases in GCP
reference: tba
tags: cloud,gcp

self-contained: true

variables:
baseDNS: "firebaseio.com"

requests:
- raw:
- |
GET https://{{keyword}}.{{baseDNS}}/.json HTTP/1.1
Host: {{keyword}}.{{baseDNS}}
redirects: false
attack: batteringram
threads: 10
matchers:
- type: status
name: "Open GCP Firebase RTDB"
status:
- 200
- type: status
name: "Protected GCP Firebase RTDB"
status:
- 401
- type: status
name: "Payment GCP on Google Firebase RTDB"
status:
- 402
- type: status
name: "Deactivated GCP Firebase RTDB"
status:
- 423