Cloud OSINT

Cloud Storage and Buckets

• Search Open Buckets
• Search cloud storage and buckets in different cloud providers
• FullHunt (search query: is_cloud=true *domain*)

Web Cloud OSINT Resources

• Search for exposed files in Google Drive using search terms like AWS, Azure, GCP
• Use Shodan to find exposed servers, including Azure Blob Storage, Amazon AWS S3 Buckets, and Google Buckets
• Use Forager to identify key exposure in cloud services
• Use Truffle Security to explore cloud misconfigurations

Domain Identification

• Spyse: domain and subdomain enumeration
• CRT: finding domains and subdomains by SSL certificates through certificate transparency
• DNSDumpster: domain and subdomain enumeration
• Osint.sh: subdomain and domain enumeration
• Search Censys: query by domain, host, SSL certificate, among others
• Zoomeye: exposed domains and hosts on the internet similar to Shodan

Tools for Cloud OSINT

• CloudEnum: cloud service discovery and vulnerability scanning
• S3 Browser: Windows client for Amazon S3 and Amazon CloudFront

Other Resources

• Grayhat Warfare: Search Open Buckets
• Truffle Security: Forager (cloud misconfigurations)
• Censys: search query by domain, host, SSL certificate, among others

> Visit cloud osint Website <