CloudHunter
CloudHunter is a powerful reconnaissance tool crafted for the purpose of identifying and assessing security weaknesses within cloud storage containers on prominent cloud service platforms like AWS, Azure, Alibaba, and Google Cloud. Its primary goal is to uncover and organize permissions for containers that may be vulnerable, providing valuable information about the security state of cloud storage setups.
Installation
Usage
CloudHunter offers versatile usage options to adapt to different scenarios and target platforms:
Basic Usage:
Custom Permutations:
Specify Target Services:
Crawling a Website:
Write Test for Read Rights:
Options
- -p, --permutations-file file: Provide a file with bucket name permutations.
- -s, --services aws,google,azure,alibaba: Name your intended cloud services.
- -w, --write-test: When previous techniques fail, enable write test to determine read permissions.
- -r, --resolvers file: Send a file containing DNS resolvers.
- -t, --threads num: Decide how many threads to use for simultaneous processes.
- -c, --crawl-deep num: After the first page, decide how many more to crawl.
- -b, --base-only: Examine just the base name; do not examine generational permutations.
- -d, --disable-bruteforce: Disable the discovery process with force.
- -v, --verbose: Turn on verbose logs.
- -o, --open-only: Show only open buckets.
Output Example
When CloudHunter is used, it produces comprehensive output that includes the endpoints, services, and permissions that are found for each target. It offers an extensive perspective of cloud storage bucket security.
