GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jordanpotti → Cloudscraper

jordanpotti / Cloudscraper

Licence: mit
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

awshackingazurebugbountyreconnaissancedigitalocean

Projects that are alternatives of or similar to Cloudscraper

Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-40.94%)
Mutual labels:  hacking, reconnaissance, bugbounty
Caprover
Scalable PaaS (automated Docker+nginx) - aka Heroku on Steroids
Stars: ✭ 7,964 (+2785.51%)
Mutual labels:  aws, azure, digitalocean
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (-31.16%)
Mutual labels:  hacking, reconnaissance, bugbounty
Osint tips
OSINT
Stars: ✭ 322 (+16.67%)
Mutual labels:  hacking, reconnaissance, bugbounty
Tfsec
Security scanner for your Terraform code
Stars: ✭ 3,622 (+1212.32%)
Mutual labels:  aws, azure, digitalocean
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+104.35%)
Mutual labels:  hacking, reconnaissance, bugbounty
Bugbountyscanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Stars: ✭ 229 (-17.03%)
Mutual labels:  hacking, reconnaissance, bugbounty
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+54.71%)
Mutual labels:  hacking, reconnaissance, bugbounty
Learn Devops
🚧 Learn the craft of "DevOps" (Developer Operations) to Deploy your App and Monitor it so it stays "Up"!
Stars: ✭ 139 (-49.64%)
Mutual labels:  aws, azure, digitalocean
Hackingthe.cloud
Content for hackingthe.cloud
Stars: ✭ 101 (-63.41%)
Mutual labels:  aws, azure, hacking
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1128.62%)
Mutual labels:  hacking, reconnaissance, bugbounty
Engine
Deploy your apps on any Cloud provider in just a few seconds
Stars: ✭ 1,132 (+310.14%)
Mutual labels:  aws, azure, digitalocean
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-31.16%)
Mutual labels:  hacking, reconnaissance, bugbounty
Typhoon
Minimal and free Kubernetes distribution with Terraform
Stars: ✭ 1,397 (+406.16%)
Mutual labels:  aws, azure, digitalocean
Komiser
☁️ Cloud Environment Inspector 👮🔒 💰
Stars: ✭ 2,684 (+872.46%)
Mutual labels:  aws, azure, digitalocean
Cloudbrute
Awesome cloud enumerator
Stars: ✭ 268 (-2.9%)
Mutual labels:  digitalocean, hacking, bugbounty
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-83.7%)
Mutual labels:  bugbounty, reconnaissance
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-74.64%)
Mutual labels:  bugbounty, reconnaissance
Scoutsuite
Multi-Cloud Security Auditing Tool
Stars: ✭ 3,803 (+1277.9%)
Mutual labels:  aws, azure
frida setup
One-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-82.97%)
Mutual labels:  bugbounty, reconnaissance
View All Similar Projects ➔

logo

CloudScraper is a Tool to spider and scrape targets in search of cloud resources. Plug in a URL and it will spider and search the source of spidered pages for strings such as 's3.amazonaws.com', 'windows.net' and 'digitaloceanspaces'. AWS, Azure, Digital Ocean resources are currently supported.

@ok_bye_now

Pre-Requisites

Non-Standard Python Libraries:

  • requests
  • rfc3987
  • termcolor

Created with Python 3.6

General

This tool was inspired by a recent talk by Bryce Kunz. The talk Blue Cloud of Death: Red Teaming Azure takes us through some of the lesser known common information disclosures outside of the ever common S3 Buckets.

Usage:

usage: CloudScraper.py [-h] [-v] [-p Processes] [-d DEPTH] [-u URL] [-l TARGETLIST]

optional arguments:
  -h, --help     show this help message and exit
  -u URL         Target Scope
  -d DEPTH       Max Depth of links Default: 5
  -l TARGETLIST  Location of text file of Line Delimited targets
  -v Verbose     Verbose output
  -p Processes  Number of processes to be executed in parallel. Default: 2

example: python3 CloudScraper.py -u https://rottentomatoes.com

ToDo

  • [ ] Add key word customization

Various:

To add keywords, simply add to the list in the parser function.

Contribute

Sharing is caring! Pull requests welcome, things like adding support for more detections, multithreading etc are highly desired :)

Why

So Bryce Kunz actually made a tool to do something similar but it used scrapy and I wanted to build something myself that didn't depend on Python2 or any scraping modules such as scrapy. I did end up using BeautifulSoup to parse for href links for spidering only. Hence, CloudScraper was born. The benefit of using raw regex's instead of parsing for href links, is that many times, these are not included in href links, they can be buried in JS or other various locations. CloudScraper grabs the entire page and uses a regex to look for links. This also has its flaws such as grabbing too much or too little but at least we know we are covering our bases :)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].