Pentest Book
Cloud Info Gathering
# Azure IP Ranges
# AWS IP Range
- Get creation date
jq .createDate < ip-ranges.json
- Get info for specific region
jq '.prefixes[] | select(.region=="us-east-1")' < ip-ranges.json
- Get all IPs
jq -r '.prefixes | .[].ip_prefix' < ip-ranges.json
# Online services
# Google Dorks
site:* -www "compute"
site:* -www "compute" "ap-south-1" "" "u " pass OR password
# Check certificate transparency logs
# Find Cloud Services
python3 -k keywork
python3 -u
# AWS Buckets
# Dork
site:* ext:xls | ext:xlsx | ext:csv password|passwd|pass user|username|uid|email
# AWS discovering, stealing keys and endpoints
# Nimbostratus - check against acutal profile
python nimbostratus dump-credentials
# ScoutSuite - audit AWS, GCP and Azure clouds
scout --provider aws --profile stolen
# Prowler - AWS security assessment, auditing and hardening
Last modified 1yr ago
Export as PDF
Copy link
Edit on GitHub