BishopFox / smogcloud
Find cloud assets that no one wants exposed π βοΈ
β338Updated 4 years ago
Alternatives and similar repositories for smogcloud:
Users that are interested in smogcloud are comparing it to the libraries listed below
- Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.β242Updated last month
- Search exposed EBS volumes for secretsβ297Updated last year
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ138Updated 3 years ago
- β244Updated 8 months ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.β505Updated last year
- Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloβ¦β124Updated 11 months ago
- A tool geared towards pentesting APIs using OpenAPI definitions.β174Updated 2 years ago
- A tool to hunt for credentials in github wild AKA git*huntβ293Updated 2 years ago
- Cloud-related research releases from the Rhino Security Labs team.β379Updated 4 years ago
- A tool for identifying misconfigured CloudFront domainsβ350Updated 4 years ago
- AWS S3 Bucket/Object Finderβ118Updated 3 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.β134Updated 4 years ago
- This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaβ¦β171Updated 6 years ago
- Bugbounty scope toolβ325Updated last week
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).β123Updated last year
- FestIn - Open S3 Bucket Scannerβ231Updated 4 years ago
- These are the regexes that power truffleHogβ215Updated 2 years ago
- secretz, minimizing the large attack surface of Travis CIβ325Updated 2 years ago
- Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers β¦β145Updated 11 months ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.β300Updated 2 years ago
- Weaponizing Live CT logs for automated monitoring ofΒ assetsβ132Updated 3 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes β¦β256Updated 2 years ago
- A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover supportβ294Updated last week
- GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingβ¦β205Updated last year
- An automated target reconnaissance pipeline.β429Updated 2 years ago
- Benchmarking repo for secrets scanningβ230Updated 6 months ago
- A highly configurable Framework for easy automated web scanningβ372Updated 4 years ago
- A tool to enumerate S3 buckets manually or via certstreamβ82Updated last year
- A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server forβ¦β189Updated 4 years ago
- Cross Origin Resource Sharing MisConfiguration Scannerβ172Updated 3 years ago