A repository with information related to different resources, tools, and techniques related to Cloud OSINT
- Blob storage: http://mystorageaccount.blob.core.windows.net
- Table storage: http://mystorageaccount.table.core.windows.net
- Queue storage: http://mystorageaccount.queue.core.windows.net
- Azure Files: http://mystorageaccount.file.core.windows.net
- Database: http://mystorageaccount.database.windows.net
- https://[bucketname].s3.amazonaws.com
- https://s3-[region].amazonaws/[bucketname]/
- https://[bucketname].s3-website-[region].amazonaws.com/
- Technologies Cheatsheet - https://googlecloudcheatsheet.withgoogle.com
- GCP Regions and Zones - https://cloud.google.com/compute/docs/regions-zones
- IBM Global Cloud Data Centers - https://www.ibm.com/cloud/data-centers
- IBM Cloud IP ranges - https://cloud.ibm.com/docs/cloud-infrastructure?topic=cloud-infrastructure-ibm-cloud-ip-ranges
* site:blob.core.windows.net “keyword”
* site:"blob.core.windows.net" and intext:"CONFIDENTIAL"
* site:*.core.windows.net intext:"TLP:RED"
* site:*.core.windows.net
* site:*.core.windows.net +blob
* site:*.core.windows.net +files -web -blob
* site:*.core.windows.net -web
* site:*.core.windows.net -web -blob -files
* site:*.core.windows.net inurl:dsts.dsts
* site:*.core.windows.net inurl:"term" -web
* site:*.blob.core.windows.net ext:xls | ext:xlsx (login | password | username)
* intext:connectionstring blob filetype:config
* intext:accountkey windows.net filetype:xml
* intext:storageaccountkey windows.net filetype:txt
* site:"s3-external-1.amazonaws.com" and intext:CONFIDENTIAL
* site:"s3.amazonaws.com" and intext:CONFIDENTIAL
* site:"s3.dualstack.us-east-1.amazonaws.com" and intext:CONFIDENTIAL
* site:"s3-external-1.amazonaws.com" and intext:"TOP SECRET"
* site:"s3.amazonaws.com" and intext:"tlp:red"
* site:"s3.amazonaws.com" and intext:"tlp:amber"
* site:s3.amazonaws.com example
* site:s3.amazonaws.com example.com
* site:s3.amazonaws.com example-com
* site:s3.amazonaws.com com.example
* site:s3.amazonaws.com com-example
* site:s3.amazonaws.com filetype:xls password
* site:http://s3.amazonaws.com intitle:index.of.bucket
* site:http://amazonaws.com inurl:".s3.amazonaws.com/"
* s3 site:amazonaws.com filetype:log
* site:http://trello.com "aws.amazon.com" "password"
* site:googleapis.com +commondatastorage
* site:.firebaseio.com "COMPANY NAME"
* inurl:bc.googleusercontent.com intitle:index of
* site:storage.googleapis.com
* Bucket list for a project - site:console.cloud.google.com/storage/browser
* Details for an object - site:console.cloud.google.com/storage/browser/_details
* site:firebasestorage.googleapis.com
* site:appdomain.cloud
* site:appdomain.cloud +s3
* site:*cloud-object-storage.appdomain.cloud
* site:codeengine.appdomain.cloud
* site:containers.appdomain.cloud
* site:clb.appdomain.cloud
* site:apiconnect.appdomain.cloud
* site:cdn.appdomain.cloud
* site:lb.appdomain.cloud
* site:vmware.cloud.ibm.com - VMware Cloud Director Availability
* site:appid.cloud.ibm.com - IBM Cloud App ID Management Configuration APIs and AppID Authentication Portals
* site:site:ibmmarketingcloud.com
- site:notion.site "keyword"
- cloud.provider
- cloud.region
- cloud.service
- cloud.service:"azureCloud"
- cloud.service:"azureCloud" country:GB,US http.title:"swagger" http.status:200 - API Documentation
- cloud.service:"azureCloud" http.status:200 country:GB,US -http.title:"Your Azure Function App is up and running." -http.title"IIS Windows Server“ - Web Services that are not default splash pages
- cloud.provider:"Azure" country:GB,US http.status:200 http.title:"Index of /" ssl:true - Web Apps with directory listings enabled and SSL
- cloud.provider:"Azure" country:GB,US http.status:200 http.title:"Index of /" - Web Apps with directory listings enabled
- cloud.provider:"Azure" hostname:"cloudapp.net" http.status:200,302 - Cloud Apps
- cloud.service:"AzureCloud" http.status:200 http.title:"api" - APIs
- cloud.provider:"Amazon"
- cloud.provider:"Amazon" http.status:200,302 http.title:"Index of /"
- site:vps-*.vps.ovh.net
- Search Open Buckets - https://buckets.grayhatwarfare.com/
- Search cloud storage and buckets in different cloud providers - https://cse.google.com/cse?cx=002972716746423218710:veac6ui3rio#gsc.tab=0&gsc.q=
- FullHunt - https://fullhunt.io/search?query=is_cloud%3Atrue+*domain*
- Comand to download the results of URLs and buckets that contain a specific word and the file is .docx, xlsx and pdf - curl "https://buckets.grayhatwarfare.com/api/v1/files/[WORD TO SEARCH]?access_token=[access_token]&extensions=docx,xlsx,pdf"
- Azure Tenant Information including subdomains and configuration - https://aadinternals.com/osint/
- Misconfigured servers containing sensitive data, including Azure Blob Storage, Amazon AWS S3 Buckets, and Google Buckets - https://socradar.io/labs/bluebleed
- Cloud and other services key exposure - https://forager.trufflesecurity.com/explore
- AWS Eye is an OSINT (Open Source Intelligence) tool designed to investigate Amazon Web Services (AWS) configurations. It specializes in identifying and analyzing publicly misconfigured resources such as S3 buckets, helping security researchers and OSINT enthusiasts uncover potential cloud exposures efficiently - https://awseye.com/
- CloudEnum - https://github.com/initstring/cloud_enum
- S3 Browser - https://s3browser.com - This is not properly a tool for OSINT tasks but is a Windows client for Amazon S3 and Amazon CloudFront that could help to browse some files.
- https://spyse.com/tools/subdomain-finder domain and subdomain enumeration
- https://crt.sh Finding domains and subdomains by SSL certificates through certificate transparency
- https://dnsdumpster.com/ domain and subdomain enumeration
- https://osint.sh/subdomain/ domain and subdomain enumeration
- https://search.censys.io/?q= queries by domain, host, SSL certificate, among others
- https://www.zoomeye.org/ domains and host exposed on the internet similar to Shodan
- https://osint.sh/subdomain/ find subdomains
- https://osint.sh/dnshistory/ History of a DNS record
- https://dorksearch.com/
- https://www.dorkgpt.com/ dorks with chatgpt
- https://www.dedigger.com/# find exposed files in Google Drive, try search terms: AWS, azure, gcp, etc.