#cloud

cloudlist on offsec.tools
Sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

#aws   #azure   #cloud   #google  

Covenant on offsec.tools
Featured
Covenant

Collaborative C2 framework for red teamers.

#api   #aws   #cloud   #framework   #google  

Kaeferjaeger on offsec.tools
Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

#cdn   #cloud   #ips   #online   #resources   #subdomains  

TokenTactics on offsec.tools
TokenTactics

Azure JWT token manipulation toolset.

#authentication   #azure   #cloud  

cloudsploit on offsec.tools
cloudsploit

Cloud Security Posture Management (CSPM).

#alibaba   #aws   #azure   #cloud   #google  

Ghostbuster on offsec.tools
Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

#aws   #cloud   #dns   #ips  

MSOLSpray on offsec.tools
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

#azure   #cloud   #microsoft   #o365   #passwords  

IAMagic on offsec.tools
IAMagic

Advanced AWS access credentials scanner.

#aws   #cloud   #credentials   #iam   #scanner  

AWS Sensitive Permissions on offsec.tools
AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

#aws   #cloud   #permissions   #privesc  

MicroBurst on offsec.tools
MicroBurst

A collection of scripts for assessing Microsoft Azure security.

#azure   #cloud   #postexploitation   #secrets  

o365recon on offsec.tools
o365recon

Retrieve information via O365 and AzureAD with valid credentials.

#activedirectory   #azure   #cloud   #enumeration   #o365   #users  

DVCA on offsec.tools
DVCA

Damn vulnerable cloud application.

#aws   #cloud   #training   #vulnerabilities  

AzureGoat on offsec.tools
AzureGoat

A damn vulnerable Azure infrastructure.

#azure   #cloud   #training   #vulnerabilities  

AWSGoat on offsec.tools
AWSGoat

A damn vulnerable AWS infrastructure.

#aws   #cloud   #training   #vulnerabilities  

GCPBucketBrute on offsec.tools
GCPBucketBrute

Enumerate Google Storage buckets, check the access and if they can be privilege escalated.

#buckets   #cloud   #google  

Splunk on offsec.tools
Splunk

The unified security and observability platform.

#aws   #azure   #cloud   #logs   #monitoring   #reports  

NetWitness on offsec.tools
NetWitness

Rapidly detect and respond to any threat, anywhere. See Everything. Fear Nothing.

#cloud   #logs   #monitoring   #reports  

AWSloot on offsec.tools
AWSloot

Pull secrets from an AWS environment.

#aws   #cloud   #secrets  

AzureADLateralMovement on offsec.tools
AzureADLateralMovement

Lateral movement graph for Azure Active Directory.

#activedirectory   #azure   #cloud   #privesc  

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

#aws   #azure   #cloud   #passwords   #subdomains  

Offensive-Azure on offsec.tools
Offensive-Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.

#azure   #cloud  

s3recon on offsec.tools
s3recon

Amazon S3 bucket finder and crawler.

#aws   #buckets   #cloud  

bucket_finder on offsec.tools
bucket_finder

DigiNinja's bucket_finder utility.

#aws   #buckets   #cloud  

CloudFrunt on offsec.tools
CloudFrunt

A tool for identifying misconfigured CloudFront domains.

#aws   #cloud   #cloudfront   #domains  

CloudJack on offsec.tools
CloudJack

Route53/CloudFront Vulnerability assessment utility.

#aws   #cloud   #cloudfront   #dns  

CloudMapper on offsec.tools
CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

#aws   #cloud  

Bucket Stream on offsec.tools
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

#aws   #buckets   #certificates   #cloud  

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

#aws   #azure   #cloud   #directories   #emails   #firebase   #fuzzing   #osint   #subdomains  

Nimbostratus on offsec.tools
Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

#aws   #cloud   #fingerprint   #pivot  

ScoutSuite on offsec.tools
ScoutSuite

Multi-cloud security auditing tool.

#alibaba   #aws   #azure   #cloud   #google   #oracle   #reports  

s3reverse on offsec.tools
s3reverse

The format of various S3 buckets is convert in one format.

#aws   #buckets   #cloud   #utils  

MagicRecon on offsec.tools
MagicRecon

A powerful shell script to maximize the recon and data collection process.

#allinone   #cloud   #emails   #recon   #screenshots   #subdomains   #vulnerabilities  

NSDetect on offsec.tools
NSDetect

Utility to detect AWS NS Takeover.

#aws   #cloud   #dns  

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

#aws   #azure   #buckets   #cloud   #digitalocean   #endpoints   #google   #online   #shorteners  

WeirdAAL on offsec.tools
WeirdAAL

AWS Attack Library.

#aws   #buckets   #cloud   #cloudfront  

barq on offsec.tools
barq

The AWS Cloud Post Exploitation framework!

#aws   #cloud   #exploits   #framework  

Mass3 on offsec.tools
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

#aws   #buckets   #cloud  

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

#cloud   #crawler   #dorks   #exploits   #ssl   #subdomains  

SubDomainizer on offsec.tools
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

#aws   #azure   #buckets   #cloud   #digitalocean   #endpoints   #github   #subto  

AWS Extender CLI on offsec.tools
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

#aws   #azure   #cloud   #google  

Smogcloud on offsec.tools
Smogcloud

Find cloud assets that no one wants exposed.

#aws   #buckets   #cloud  

Pacu on offsec.tools
Pacu

The exploitation framework designed for testing the security of AWS environments.

#aws   #cloud  

AWS security checks on offsec.tools
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

#aws   #buckets   #burpsuite   #cloud   #scanner  

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

#cloud   #codeanalysis   #cves   #exploits   #malware   #reports   #sbom   #scanner   #secrets  

NSBrute on offsec.tools
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

#aws   #cloud   #subdomains   #subto  

S3Scanner on offsec.tools
S3Scanner

Scan for open S3 buckets and dump the contents.

#aws   #buckets   #cloud   #scanner  

AWSBucketDump on offsec.tools
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

#aws   #buckets   #cloud  

S3Viewer on offsec.tools
S3Viewer

Publicly open storage viewer.

#aws   #azure   #buckets   #cloud   #directorylisting   #ftp  

FestIN on offsec.tools
FestIN

The powered S3 bucket finder and content discover.

#aws   #buckets   #cloud   #crawler  

mass-s3-bucket-tester on offsec.tools
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

#aws   #buckets   #cloud  

S3BucketList on offsec.tools
S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

#aws   #browser   #buckets   #cloud   #firefox  

dirlstr on offsec.tools
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

#aws   #buckets   #cloud   #directorylisting  

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

#aws   #azure   #buckets   #burpsuite   #cloud   #google   #subdomains   #subto  

kicks3 on offsec.tools
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

#aws   #buckets   #cloud  

2tearsinabucket on offsec.tools
2tearsinabucket

Enumerate s3 buckets for a specific target.

#aws   #buckets   #cloud  

S3 Objects Check on offsec.tools
S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

#aws   #buckets   #cloud  

s3tk on offsec.tools
s3tk

A security toolkit for Amazon S3.

#aws   #buckets   #cloud  

s3cario on offsec.tools
s3cario

Performs buckets checks from a given list of subdomains.

#aws   #buckets   #cloud   #subdomains  

S3Cruze on offsec.tools
S3Cruze

All-in-one AWS S3 bucket tool.

#aws   #buckets   #cloud   #cors  

Sandcastle on offsec.tools
Sandcastle

A Python script for AWS S3 bucket enumeration.

#aws   #buckets   #cloud  

Prowler on offsec.tools
Prowler

Open Source Security tool to perform Cloud Security best practices

#aws   #azure   #cloud  

Rusty Hog on offsec.tools
Rusty Hog

A suite of secret scanners built in Rust for performance.

#aws   #buckets   #cloud   #confluence   #git   #google   #jira   #secrets   #slack  

dufflebag on offsec.tools
dufflebag

Search exposed EBS volumes for secrets.

#aws   #cloud   #ebs   #elastic   #secrets  

Oh365UserFinder on offsec.tools
Oh365UserFinder

O365 user enumeration and password spraying tool.

#cloud   #enumeration   #office   #osint   #passwords  

grafana-ssrf on offsec.tools
grafana-ssrf

Authenticated SSRF in Grafana.

#azure   #cloud   #exploits   #google   #grafana   #ssrf  

GHunt on offsec.tools
GHunt

Offensive Google framework.

#cloud   #emails   #google   #osint  

GoCloud on offsec.tools
GoCloud

Checks whether a domain is hosted on a cloud service.

#aws   #azure   #cloud   #cloudflare   #ips  

CloudScraper on offsec.tools
CloudScraper

Tool to enumerate targets in search of cloud resources.

#aws   #azure   #cloud   #digitalocean  

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

#aws   #azure   #cloud   #cloudflare   #digitalocean   #dns   #subdomains   #subto  

cloud_enum on offsec.tools
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

#aws   #azure   #cloud   #google   #osint  

Slurp on offsec.tools
Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

#aws   #buckets   #cloud  

Cloudfox on offsec.tools
Cloudfox

Automating situational awareness for cloud penetration tests.

#aws   #azure   #cloud   #google  

s3-buckets-finder on offsec.tools
s3-buckets-finder

Find AWS S3 buckets and test their permissions.

#aws   #buckets   #cloud  

Teh S3 Bucketeers on offsec.tools
Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

#aws   #buckets   #cloud  

lazys3 on offsec.tools
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

#aws   #buckets   #cloud  

TruffleHog on offsec.tools
TruffleHog

Find credentials all over the place.

#aws   #cloud   #codeanalysis   #digitalocean   #github   #secrets