Resources

IP Addresses¶

Tool	Description
UpdateCloudIPs	Collects the latest IP addresses used by AWS/GCP/Azure Full list for AWS: https://ip-ranges.amazonaws.com/ip-ranges.json

Tool	Description
aws-recon	Darkbit's multi-threaded AWS inventory collection tool
cloud_enum	Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and GCP Usage: `python cloudenum.py -k keyword`
cloud-service-enum	Cloud Services Enumeration
aws-inventory	Make an inventory of all your resources across regions Usage: `$ python aws_inventory.py` `// Select the generated JSON file when prompted` `$ firefox gui/dist/index.html`
resource-counter	Counts number of resources in categories across regions Usage: `$ python count_resources.py`
aws_public_ips	Fetch all public IP addresses tied to your AWS account Usage: `// Uses default ~/.aws/credentials` `$ aws_public_ips -f json -s apigateway,cloudfront,ec2,elasticsearch,elb,elbv2,lightsail,rds,redshift` `// With a custom profile` `$ AWS_PROFILE=production aws_public_ips`
aws_key_triage_tool	Script to automate initial triage/enumeration on a set of aws keys in an input file Determine whether AWS keys are valid and if so what those keys have access to
cloudlist	Obtain public assets (hostnames, IPs)

Tool	Description
S3Scan	Generate a report of all s3 buckets and their permissions (authenticated) Usage: `$ python s3scan.py [-f <format>] [-p <profile>]`
iam_user_enum	Enumerates IAM names from a text file
dufflebag	Searches through public EBS snapshots for secrets that may have been accidentally left in

Tool	Description
pacu	AWS penetration testing toolkit Usage: `$ python pacu.py` `pacu> import_keys <profile> // Import keys` `pacu> run <module_name> // Modules`
cloudjack	CloudJack assesses AWS accounts for subdomain hijacking vulnerabilities as a result of decoupled Route53 and CloudFront configurations Usage: `$ python cloudjack.py -o json -p default`
S3Scanner	Scan for open AWS S3 buckets and dump the contents Usage: `$ cat names.txt` `flaws.cloud` `google-dev` `testing.microsoft.com` `yelp-production.s3-us-west-1.amazonaws.com` `github-dev:us-east-1` `// Dump all open buckets, log both open and closed buckets to found.txt` `$ python s3scanner.py --include-closed --out-file found.txt --dump names.txt` `// Save file listings of all open buckets to file` `$ python s3scanner.py --list names.txt`
CCAT	Cloud Container Attack Tool (CCAT) A tool for testing security of container environments (ECS, EKS, and ECR)