• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2021
  • March
  • 26
  • Smogcloud – Find Cloud Assets That No One Wants Exposed

Smogcloud – Find Cloud Assets That No One Wants Exposed

March 26, 2021 Comments Off on Smogcloud – Find Cloud Assets That No One Wants Exposed
Smogcloud - Find Cloud Assets That No One Wants Exposed cybersecurity ethical hacking hack android hack app hack wordpress hacker news hacking hacking tools for windows keylogger kit kitploit password brute force penetration testing pentest pentest android pentest linux pentest toolkit pentest tools spy tool kit spyware tools

Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis. May be useful to identify:

  • Internet-facing FQDNs and IPs across one or hundreds of AWS accounts
  • Misconfigurations or vulnerabilities
  • Assets that are no longer in use
  • Services not currently monitored
  • Shadow IT

Getting Started

  1. Install and setup golang

  2. Install smogcloud using the following command

        go get -u github.com/BishopFox/smogcloud
  3. Set up aws environment variable for the account you wish to query. We suggest utilizing a read-only Security Auditor role. The following commands can be used to set environment variables:

    export AWS_ACCOUNT_ID=''            # Describe account
    export AWS_ACCESS_KEY_ID='' # Access key for aws account
    export AWS_SECRET_ACCESS_KEY='' # Secret key for aws account
  4. Run the application

    smogcloud

    or

    go run main.go

Current Services

Supported services for extracting internet exposures:

* API Gateway
* CloudFront
* EC2
* Elastic Kubernetes Service
* Elastic Beanstalk
* Elastic Search
* Elastic Load Balancing
* IoT
* Lightsail
* MediaStore
* Relational Database Service
* Redshift
* Route53
* S3

AWS Patterns

From studying Open API documentation on RESTful AWS endpoints we determined these are the patterns of exposure URIs that you may find in AWS accounts. It is important to understand how to interact with these native services to test them for vulnerabilities and other misconfigurations. Security engineers may want to monitor Cloudtrail logs or build DNS monitoring for requests to these services.

  • s3
    • https://{user_provided}.s3.amazonaws.com
  • cloudfront
    • https://{random_id}.cloudfront.net
  • ec2
    • ec2-{ip-seperated}.compute-1.amazonaws.com
  • es
    • https://{user_provided}-{random_id}.{region}.es.amazonaws.com
  • elb
    • http://{user_provided}-{random_id}.{region}.elb.amazonaws.com:80
    • https://{user_provided}-{random_id}.{region}.elb.amazonaws.com:443
  • elbv2
    • https://{user_provided}-{random_id}.{region}.elb.amazonaws.com
  • rds
    • mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
    • postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432
  • route53
    • {user_provided}
  • execute-api
    • https://{random_id}.execute-api.{region}.amazonaws.com/{user_provided}
  • cloudsearch
    • https://doc-{user_provided}-{random_id}.{region}.cloudsearch.amazonaws.com
  • transfer
    • sftp://s-{random_id}.server.transfer.{region}.amazonaws.com
  • iot
    • mqtt://{random_id}.iot.{region}.amazonaws.com:8883
    • https://{random_id}.iot.{region}.amazonaws.com:8443
    • https://{random_id}.iot.{region}.amazonaws.com:443
  • mq
    • https://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:8162
    • ssl://b-{random_id}-{1,2}.mq.{region}.amazonaws.com:61617
  • kafka
    • b-{1,2,3,4}.{user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com
    • {user_provided}.{random_id}.c{1,2}.kafka.{region}.amazonaws.com
  • cloud9
    • https://{random_id}.vfs.cloud9.{region}.amazonaws.com
  • mediastore
    • https://{random_id}.data.mediastore.{region}.amazonaws.com.
  • kinesisvideo
    • https://{random_id}.kinesisvideo.{region}.amazonaws.com
  • mediaconvert
    • https://{random_id}.mediaconvert.{region}.amazonaws.com
  • mediapackage
    • https://{random_id}.mediapackage.{region}.amazonaws.com/in/v1/{random_id}/channel
  • elasticbeanstalk
    • https://{random_id}.{user_provided}.elasticbeanstalk.com
  • cognito
    • https://{user_provided}.auth.{region}.amazoncognito.com

References

  • AWS SDK Go
  • API-guru Open API for AWS
  • aws-cli

Authors

  • Oscar Salazar – Initial work – Bishop Fox
  • Rob Ragan – Initial work – Bishop Fox
    @sweepthatleg
  • Brandon Gaudet – Initial work – Bishop Fox

Contributions

We do our best to maintain our tools, but can’t always keep them as up to date as we’d like. So, we always appreciate code contributions, feature requests, and bug reports.

Acknowledgments

Thank you for inspiration

  • Cloudmapper
  • AWS Public IPs
  • John Backes & Tiros
  • IAM Access Analyzer
  • Cartography

Download Smogcloud

Post navigation

Gitrecon – OSINT Tool To Get Information From A Github Profile And Find GitHub User’S Email Addresses Leaked On Commits
CVE-2021-3450, CVE-2021-3449: OpenSSL Security Vulnerabilities Alert

Related Articles

Gitrecon - OSINT Tool To Get Information From A Github Profile And Find GitHub User'S Email Addresses Leaked On Commits

Gitrecon – OSINT Tool To Get Information From A Github Profile And Find GitHub User’S Email Addresses Leaked On Commits

- Hack Tools
March 25, 2021
mediator

mediator: end-to-end encrypted, extensible reverse shell

- Hack Tools
March 25, 2021
CORScanner

CORScanner v0.9.11 releases: Fast CORS misconfiguration vulnerabilities scanner

- Hack Tools
March 25, 2021
hacker gadgets
hacker phone covers

Recent Posts

CVE-2018-1567

CVE-2021-20453/CVE-2021-20454: WebSphere Application Server XML External Entity Injection Vulnerability

April 22, 2021
Four Arrested in Bavaria for Alleged Amphetamine Distribution

Four Arrested in Bavaria for Alleged Amphetamine Distribution

April 22, 2021
remote denial of server

University was banned from contributing to the Linux kernel for deliberately inserting vulnerabilities

April 22, 2021
CVE-2021-22893

CVE-2021-22893: Pulse Connect Secure RCE Vulnerability Alert

April 21, 2021
German Man Allegedly Bought Drugs on the Darkweb

German Man Allegedly Bought Drugs on the Darkweb

April 20, 2021
Microsoft fixes Windows NTFS Denial of Service Vulnerability (CVE-2021-28312)

Microsoft fixes Windows NTFS Denial of Service Vulnerability (CVE-2021-28312)

April 20, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW