reddit hackernews mail facebook facebook linkedin


Find cloud assets that no one wants exposed.
#aws   #buckets   #cloud  

Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis. May be useful to identify:

- Internet-facing FQDNs and IPs across one or hundreds of AWS accounts
- Misconfigurations or vulnerabilities
- Assets that are no longer in use
- Services not currently monitored
- Shadow IT

Supported services for extracting internet exposures:
- API Gateway
- CloudFront
- EC2
- Elastic Kubernetes Service
- Elastic Beanstalk
- Elastic Search
- Elastic Load Balancing
- IoT
- Lightsail
- MediaStore
- Relational Database Service
- Redshift
- Route53
- S3