CloudBrute: a multi-platform Cloud Enumeration Tool

CloudBrute is a multiple platform tool that finds and enumerates a target company’s cloud infrastructure, files, open buckets, applications, and databases hosted on top cloud providers (AmazonGoogleMicrosoftDigitalOceanAlibabaVultrLinode), and possibly applications behind proxy servers.

The tool [1], developed in GO by security researcher 0xsha, is modular and easily customizable, and provides a lot of feature, like

  • Cloud detection (IPINFO API)
  • Supports all major providersBlack-Box (unauthenticated)
  • Fast (concurrent)
  • Cross Platform (windows, linux, mac)
  • User-Agent Randomization
  • Proxy Randomization (HTTP, Socks5)

The tool is also dependent on ProxyFor [2], a tool to help CloudBrute check on HTTP/s and Socks5 proxies.

The information collected from this enumeration is useful for bug bounty hunters, red teamers, and penetration testers.



Related posts

  1. How many data are shared by iOS and Android telemetry?
  2. “My piano didn’t fit in the elevator!”, a piano album
  3. Cybersecurity Roundup #17
  4. Privacy Roundup #16
  5. Technology Roundup #16