BishopFox / Smogcloud
Find cloud assets that no one wants exposed π βοΈ
Stars: β 168
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Smogcloud
Awesome Shodan Queries
π A collection of interesting, funny, and depressing search queries to plug into shodan.io π©βπ»
Stars: β 2,758 (+1541.67%)
Mutual labels: cloud, security-tools, penetration-testing, infosec
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance withβ¦
Stars: β 3,439 (+1947.02%)
Mutual labels: security-tools, penetration-testing, infosec
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: β 2,775 (+1551.79%)
Mutual labels: security-tools, penetration-testing, infosec
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Stars: β 213 (+26.79%)
Mutual labels: aws, security-tools, infosec
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: β 182 (+8.33%)
Mutual labels: security-tools, penetration-testing, infosec
Awesome Security Hardening
A collection of awesome security hardening guides, tools and other resources
Stars: β 630 (+275%)
Mutual labels: security-tools, infosec, blueteam
Aws Auto Remediate
Open source application to instantly remediate common security issues through the use of AWS Config
Stars: β 191 (+13.69%)
Mutual labels: aws, cloud, security-tools
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: β 4,561 (+2614.88%)
Mutual labels: aws, cloud, security-tools
Skyark
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Stars: β 526 (+213.1%)
Mutual labels: aws, cloud, security-tools
Infosec reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: β 4,162 (+2377.38%)
Mutual labels: penetration-testing, infosec, blueteam
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: β 62 (-63.1%)
Mutual labels: security-tools, penetration-testing, infosec
Changeme
A default credential scanner.
Stars: β 928 (+452.38%)
Mutual labels: security-tools, penetration-testing, infosec
M4ngl3m3
Common password pattern generator using strings list
Stars: β 103 (-38.69%)
Mutual labels: security-tools, penetration-testing, infosec
Jwtxploiter
A tool to test security of json web token
Stars: β 130 (-22.62%)
Mutual labels: security-tools, penetration-testing
Gitlab Watchman
Monitoring GitLab for sensitive data shared publicly
Stars: β 127 (-24.4%)
Mutual labels: infosec, blueteam
Wireshark Cheatsheet
Wireshark Cheat Sheet
Stars: β 131 (-22.02%)
Mutual labels: penetration-testing, infosec
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: β 1,824 (+985.71%)
Mutual labels: security-tools, penetration-testing
Awsprocesscreds
Process credential providers for AWS SDKs and Tools
Stars: β 123 (-26.79%)
Mutual labels: aws, cloud
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: β 1,928 (+1047.62%)
Mutual labels: security-tools, penetration-testing
Aws Cli
Universal Command Line Interface for Amazon Web Services
Stars: β 11,804 (+6926.19%)
Mutual labels: aws, cloud
βοΈ Smogcloud
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis. May be useful to identify:
- Internet-facing FQDNs and IPs across one or hundreds of AWS accounts
- Misconfigurations or vulnerabilities
- Assets that are no longer in use
- Services not currently monitored
- Shadow IT
π Getting Started
-
Install and setup golang
-
Install smogcloud using the following command
go get -u github.com/BishopFox/smogcloud -
Set up aws environment variable for the account you wish to query. We suggest utilizing a read-only Security Auditor role. The following commands can be used to set environment variables:
export AWS_ACCOUNT_ID='' # Describe account export AWS_ACCESS_KEY_ID='' # Access key for aws account export AWS_SECRET_ACCESS_KEY='' # Secret key for aws account -
Run the application
smogcloudor
go run main.go
π΅οΈ Current Services
Supported services for extracting internet exposures:
* API Gateway
* CloudFront
* EC2
* Elastic Kubernetes Service
* Elastic Beanstalk
* Elastic Search
* Elastic Load Balancing
* IoT
* Lightsail
* MediaStore
* Relational Database Service
* Redshift
* Route53
* S3
π AWS Patterns
From studying Open API documentation on RESTful AWS endpoints we determined these are the patterns of exposure URIs that you may find in AWS accounts. It is important to understand how to interact with these native services to test them for vulnerabilities and other misconfigurations. Security engineers may want to monitor Cloudtrail logs or build DNS monitoring for requests to these services.
- s3
- https://{user_provided}.s3.amazonaws.com
- cloudfront
- https://{random_id}.cloudfront.net
- ec2
- ec2-{ip-seperated}.compute-1.amazonaws.com
- es
- https://{user_provided}-{random_id}.{region}.es.amazonaws.com
- elb
- http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80
- https://{user_provided}-{random_id}.{region}.elb.amazonaws.com:443
- elbv2
- https://{user_provided}-{random_id}.{region}.elb.amazonaws.com
- rds
- mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
- postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432
- route53
- {user_provided}
- execute-api
- https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided}
- cloudsearch
- transfer
- sftp://s-{random_id}.server.transfer.{region}.amazonaws.com
- iot
- mqtt://{random_id}.iot.{region}.amazonaws.com:8883
- https://{random_id}.iot.{region}.amazonaws.com:8443
- https://{random_id}.iot.{region}.amazonaws.com:443
- mq
- https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162
- ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617
- kafka
- b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com
- {user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com
- cloud9
- https://{random_id}.vfs.cloud9.{region}.amazonaws.com
- mediastore
- https://{random_id}.data.mediastore.{region}.amazonaws.com.
- kinesisvideo
- https://{random_id}.kinesisvideo.{region}.amazonaws.com
- mediaconvert
- https://{random_id}.mediaconvert.{region}.amazonaws.com
- mediapackage
- https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel
- elasticbeanstalk
- https://{random_id}.{user_provided}.elasticbeanstalk.com
- cognito
- https://{user_provided}.auth.{region}.amazoncognito.com
π References
π¨βπ» Authors
- Oscar Salazar - Initial work - Bishop Fox
- Rob Ragan - Initial work - Bishop Fox π¦ @sweepthatleg
- Brandon Gaudet - Initial work - Bishop Fox
β¨ Contributions
We do our best to maintain our tools, but can't always keep them as up to date as we'd like. So, we always appreciate code contributions, feature requests, and bug reports.
π£ Acknowledgments
Thank you for inspiration
π License
Smogcloud is licensed under GPLv3, some subcomponents have seperate licenses.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].