Resources

IP Addresses¶

Tool	Description
UpdateCloudIPs	Collects the latest IP addresses used by AWS/GCP/Azure Full list for AWS: https://ip-ranges.amazonaws.com/ip-ranges.json

Tool	Description
aws-recon	Darkbit's multi-threaded AWS inventory collection tool
cloud_enum	Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and GCP Usage: `python cloudenum.py -k keyword`
cloud-service-enum	Cloud Services Enumeration
aws-inventory	Make an inventory of all your resources across regions Usage: `$ python aws_inventory.py` `// Select the generated JSON file when prompted` `$ firefox gui/dist/index.html`
resource-counter	Counts number of resources in categories across regions Usage: `$ python count_resources.py`
aws_public_ips	Fetch all public IP addresses tied to your AWS account Usage: `// Uses default ~/.aws/credentials` `$ aws_public_ips -f json -s apigateway,cloudfront,ec2,elasticsearch,elb,elbv2,lightsail,rds,redshift` `// With a custom profile` `$ AWS_PROFILE=production aws_public_ips`
cloudlist	Obtain public assets (hostnames, IPs)

Tool	Description
S3Scan	Generate a report of all s3 buckets and their permissions (authenticated) Usage: `$ python s3scan.py [-f <format>] [-p <profile>]`
iam_user_enum	Enumerates IAM names from a text file
dufflebag	Searches through public EBS snapshots for secrets that may have been accidentally left in

Tool	Description
pacu	AWS penetration testing toolkit Usage: `$ python pacu.py` `pacu> import_keys <profile> // Import keys` `pacu> run <module_name> // Modules`
cloudjack	CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations Usage: `$ python cloudjack.py -o json -p default`
S3Scanner	Scan for open AWS S3 buckets and dump the contents Usage: `$ cat names.txt` `flaws.cloud` `google-dev` `testing.microsoft.com` `yelp-production.s3-us-west-1.amazonaws.com` `github-dev:us-east-1` `// Dump all open buckets, log both open and closed buckets to found.txt` `$ python s3scanner.py --include-closed --out-file found.txt --dump names.txt` `// Save file listings of all open buckets to file` `$ python s3scanner.py --list names.txt`
CCAT	Cloud Container Attack Tool (CCAT) A tool for testing security of container environments (ECS, EKS, and ECR)