GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jordanpotti → OffensiveCloudDistribution

jordanpotti / OffensiveCloudDistribution

Licence: MIT license
Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Programming Languages

HCL
1544 projects
shell
77523 projects

Labels

securityreconbugbountyscanningredteam

Projects that are alternatives of or similar to OffensiveCloudDistribution

Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (+52.33%)
Mutual labels:  recon, bugbounty, redteam
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+3898.84%)
Mutual labels:  recon, bugbounty, scanning
fuzzmost
all manner of wordlists
Stars: ✭ 23 (-73.26%)
Mutual labels:  recon, bugbounty
ScanApi
Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
Stars: ✭ 34 (-60.47%)
Mutual labels:  recon, bugbounty
flydns
Related subdomains finder
Stars: ✭ 29 (-66.28%)
Mutual labels:  recon, bugbounty
Autorecon
Simple shell script for automated domain recognition with some tools
Stars: ✭ 244 (+183.72%)
Mutual labels:  recon, bugbounty
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (+193.02%)
Mutual labels:  recon, redteam
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+65.12%)
Mutual labels:  recon, bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+120.93%)
Mutual labels:  recon, bugbounty
WhoEnum
Mass querying whois records
Stars: ✭ 24 (-72.09%)
Mutual labels:  recon, bugbounty
apkizer
apkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-53.49%)
Mutual labels:  recon, bugbounty
ShadowClone
Unleash the power of cloud
Stars: ✭ 224 (+160.47%)
Mutual labels:  recon, bugbounty
Sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+156.98%)
Mutual labels:  recon, bugbounty
Phonia
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.
Stars: ✭ 221 (+156.98%)
Mutual labels:  recon, scanning
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+2862.79%)
Mutual labels:  recon, scanning
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+241.86%)
Mutual labels:  recon, bugbounty
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-18.6%)
Mutual labels:  recon, bugbounty
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (+119.77%)
Mutual labels:  recon, bugbounty
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (+120.93%)
Mutual labels:  recon, bugbounty
ICU
An Extended, Modulair, Host Discovery Framework
Stars: ✭ 40 (-53.49%)
Mutual labels:  recon, bugbounty
View All Similar Projects ➔

OffensiveCloudDistribution

Have you ever needed to scan 3 million hosts with masscan? What about running EyeWitness on 5k servers.. Without sacrificing accuracy, those things will take quite awhile! What if you could stand up 50 EC2 instances to each take a small part of the work, have each of the instances spit the results to an S3 Bucket, and then spin down the instances. All while staying in the Free AWS Tier. This Terraform module lets you do that!

@ok_bye_now

@thesubtlety

What do I need to get started?

  • An AWS or GCP account
  • Terraform

Yes, thats it! The scripts contained here configure the EC2 instances, kick the actions off and throw the results into an S3 bucket for you.

Getting Started

AWS Instructions

  1. Download and install Terraform for your platform. https://www.vasos-koupparis.com/terraform-getting-started-install/
  2. Create an AWS account if you don't already have one.
  3. Retrieve the AWS access and secret keys
  4. git clone https://github.com/jordanpotti/OffensiveCloudDistribution
  5. cd OffensiveCloudDistribution/aws_tf
  6. terraform init
  7. terraform apply ; You will need to enter a couple values here such as how many instances, the host name, the IP you want to SSH into the instances with and a line delimited list of IP's to scan.
  8. The results will give you the IP, as well as the Private SSH key. Copy this key into a .pem file to SSH into the servers.
  9. The results of the scan (Or custom action specified by you) will end up in a randomly named S3 Bucket. Download the files placed there from the scan before you run terraform destroy since this will destroy your S3 bucket as well.

For GCP instructions, check out the readme located in the gcp_tf directory

Note

To bypass the module asking for variables, simply add a terraform.tfvars file in the aws_tf or gcp_tf directory to add the values, eg:

secret_key = ""
access_key = ""
scan_list = ""
instance_count = ""
allow_ingress = ""
host_name = ""

Other Platforms

Currently, the Terraform module here is based on AWS and GCP, PR's are welcome :)

Disclaimer:

Please be aware of the AWS and GCP Free Tier rules. Using instances that qualify for the free tier, you can utilize 750 hours per month. By modifying certain pieces of the Terraform module (Like changing the instance size), and not destroying resources after your job is done, you will likely incur hefty charges.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].