cloud_enum - enumerates public resources matching user requested keyword
Contents
Description
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates
the following:
Amazon Web Services:
Open / Protected S3 Buckets
awsapps (WorkMail, WorkDocs, Connect, etc.)
Microsoft Azure:
Storage Accounts
Open Blob Storage Containers
Hosted Databases
Virtual Machines
Web Apps
Google Cloud Platform
Open / Protected GCP Buckets
Open / Protected Firebase Realtime Databases
Google App Engine sites
Cloud Functions (enumerates project/regions with existing functions, then brute forces actual function names)
Examples
cloud_enum -k keyword
cloud_enum -k keyword -t 10
cloud_enum -k somecompany -k somecompany.io -k blockchaindoohickey
Name
cloud_enum - enumerates public resources matching user requested keyword
Options
-h,--help
Show this help message and exit.
-kKEYWORD,--keywordKEYWORD
Keyword. Can use argument multiple times.
-kfKEYFILE,--keyfileKEYFILE
Input file with a single keyword per line.
-mMUTATIONS,--mutationsMUTATIONS
Mutations. Default: /usr/lib/cloud-enum/enum_tools/fuzz.txt.
-bBRUTE,--bruteBRUTE
List to brute-force Azure container names. Default: /usr/lib/cloud-enum/enum_tools/fuzz.txt.
-tTHREADS,--threadsTHREADS
Threads for HTTP brute-force. Default = 5.
-nsNAMESERVER,--nameserverNAMESERVER
DNS server to use in brute-force.
-lLOGFILE,--logfileLOGFILE
Will APPEND found items to specified file.
-fFORMAT,--formatFormat
Format for log file (text,json,csv - defaults to text)
--disable-aws
Disable Amazon checks.
--disable-azure
Disable Azure checks.
--disable-gcp
Disable Google checks.
-qs,--quickscan
Disable all mutations and second-level scan.
Synopsis
cloud_enum [OPTIONS] [ARGS] ...
