CloudBrute is a multiple platform tool that finds and enumerates a target company’s cloud infrastructure, files, open buckets, applications, and databases hosted on top cloud providers (AmazonGoogleMicrosoftDigitalOceanAlibabaVultrLinode), and possibly applications behind proxy servers.

The tool [1], developed in GO by security researcher 0xsha, is modular and easily customizable, and provides a lot of feature, like

  • Cloud detection (IPINFO API)
  • Supports all major providersBlack-Box (unauthenticated)
  • Fast (concurrent)
  • Cross Platform (windows, linux, mac)
  • User-Agent Randomization
  • Proxy Randomization (HTTP, Socks5)

The tool is also dependent on ProxyFor [2], a tool to help CloudBrute check on HTTP/s and Socks5 proxies.

The information collected from this enumeration is useful for bug bounty hunters, red teamers, and penetration testers.