CloudBrute: a multi-platform Cloud Enumeration Tool
CloudBrute is a multiple platform tool that finds and enumerates a target company’s cloud infrastructure, files, open buckets, applications, and databases hosted on top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode), and possibly applications behind proxy servers.
The tool [1], developed in GO by security researcher 0xsha, is modular and easily customizable, and provides a lot of feature, like
- Cloud detection (IPINFO API)
- Supports all major providersBlack-Box (unauthenticated)
- Fast (concurrent)
- Cross Platform (windows, linux, mac)
- User-Agent Randomization
- Proxy Randomization (HTTP, Socks5)
The tool is also dependent on ProxyFor [2], a tool to help CloudBrute check on HTTP/s and Socks5 proxies.
The information collected from this enumeration is useful for bug bounty hunters, red teamers, and penetration testers.