update

belane · May 13, 2023 · 5f66754 · 5f66754
1 parent 7be5e1e
commit 5f66754
Showing 1 changed file with 51 additions and 30 deletions.
diff --git a/README.md b/README.md
@@ -1,29 +1,43 @@
 # CloudHunter
-Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.
+Looks for AWS, Azure, Alibaba and Google cloud storage buckets and lists permissions for vulnerable buckets.
 
 ## Usage
-```
-usage: cloudhunter.py [-h] [-p file] [-t num] [-c num] [-b] [-d] [-v] [-o] input
 
+` python3 cloudhunter.py --permutations-file permutations-big.txt COMPANY_NAME `
+
+` python3 cloudhunter.py --services aws,alibaba COMPANY_NAME `
+
+` python3 cloudhunter.py --threads 50 http://example.com `
+
+` python3 cloudhunter.py --write-test -s alibaba --open-only http://example.com `
+
+
+### Help
+
+```bash
+usage: cloudhunter.py [-h] [-p file] [-s aws,google,azure,alibaba] [-w] [-r file] [-t num] [-c num] [-b] [-d] [-v] [-o] input
 
 positional arguments:
   input                          Company name, url or any base name.
 
-optional arguments:
+options:
   -h, --help                     show this help message and exit
-  -p file, --permutations-file   Permutations file.
-  -t num, --threads num          Threads.
-  -c num, --crawl-deep num       How many pages to crawl after the first.
+  -p, --permutations-file file   Permutations file.
+  -s, --services aws,google,azure,alibaba   Specifies target services.
+  -w, --write-test               Enable write test to read rights when other methods fail.
+  -r, --resolvers file           DNS resolvers file.
+  -t, --threads num              Threads.
+  -c, --crawl-deep num           How many pages to crawl after the first.
   -b, --base-only                Checks only the base name, skips permutations generation.
   -d, --disable-bruteforce       Disable discovery by brute force.
-  -v, --verbose                  Verbose log
+  -v, --verbose                  Verbose log.
   -o, --open-only                Show only open buckets.
-
-
 ```
 
+
 ## Output
-```
+
+```bash
  python3 cloudhunter.py -t 10 http://example.com
 
            ________                ____  __            __
@@ -35,16 +49,14 @@ optional arguments:
 
 [>] Crawling http://example.com ...
 [>] 61 possible endpoints found
-    Azure Cloud           https://dmpcdn.files-example/cdn              PRIVATE
-    Google Cloud          http://demo-site.org                          OPEN      Redirect https://demo-site.org/
-    Google Cloud          https://other.net                             OPEN      
+    Azure Cloud           https://dmpcdn.files-example/cdn               PRIVATE
+    Google Cloud          http://demo-site.org                           OPEN      Redirect https://demo-site.org/
+    Google Cloud          https://other.net                              OPEN
 
-[>] 1591 name permutations.
-[>] 33411 tries, be patient.
+[>] Bruteforce 1591 name permutations.
 
 [+] Check Google Cloud
     Google Storage        example.storage.googleapis.com                 PRIVATE
-    Google Storage        example-api.storage.googleapis.com             PRIVATE
     Google Storage        example-attachments.storage.googleapis.com     OPEN      AllUsers [LR]
     Google Storage        example-backups.storage.googleapis.com         PRIVATE
     Google Storage        examplestorage.storage.googleapis.com          OPEN      AllUsers [LRWV]
@@ -54,31 +66,40 @@ optional arguments:
     Google App Engine     example.data-private.appspot.com               OPEN      Redirect https://accounts.google.com/ServiceLogin
 	...
 [+] Check Amazon Cloud
-    AWS Bucket            examplefiles.s3.amazonaws.com                  OPEN      
-    AWS Bucket            finance-example.s3.amazonaws.com               PRIVATE   
+    AWS Bucket            examplefiles.s3.amazonaws.com                  OPEN      LIST
+    AWS Bucket            finance-example.s3.amazonaws.com               PRIVATE
     AWS Bucket            examplejs.s3.amazonaws.com                     OPEN      gmantri [F] | AllUsers [RW]
-    AWS Bucket            example-logs.s3.amazonaws.com                  PRIVATE   
-    AWS Bucket            examplemedia.s3.amazonaws.com                  PRIVATE   
+    AWS Bucket            example-logs.s3.amazonaws.com                  PRIVATE
     AWS Bucket            example.media.s3.amazonaws.com                 OPEN      zectroxity [RW] | AllUsers [R]
-    AWS Bucket            exampleprod.s3.amazonaws.com                   PRIVATE   
-    AWS Bucket            exampleresources.s3.amazonaws.com              PRIVATE   
+    AWS Bucket            exampleresources.s3.amazonaws.com              PRIVATE
     AWS Bucket            s3-example.s3.amazonaws.com                    OPEN      develop [F] | AuthenticatedUsers [F] | df99361a [F]
-    AWS Bucket            exampleshop.s3.amazonaws.com                   PRIVATE   
+    AWS Bucket            exampleshop.s3.amazonaws.com                   PRIVATE
     AWS Bucket            example-web.s3.amazonaws.com                   OPEN      42cf2125 [F]
 	...
+[+] Check Alibaba Cloud
+    Alibaba Bucket        example-admin.oss-cn-hangzhou.aliyuncs.com     PRIVATE
+    Alibaba Bucket        example-data.oss-cn-beijing.aliyuncs.com       OPEN      WRITE
+    Alibaba Bucket        exampledemo.oss-cn-beijing.aliyuncs.com        OPEN      root [RW] | AllUsers [R]
+    Alibaba Bucket        demo-example.oss-cn-shanghai.aliyuncs.com      PRIVATE
+    Alibaba Bucket        example-demo.oss-cn-shenzhen.aliyuncs.com      OPEN      LIST
+	...
 [+] Check Azure Cloud
-    Storage Files         example.file.core.windows.net                  PRIVATE   
+    Storage Files         example.file.core.windows.net                  PRIVATE
     App Management        example-demo.blob.core.windows.net             PRIVATE
-    App Azure             githubexample.blob.core.windows.net            OPEN      
-    App Azure             exampletest.azurewebsites.net                  PRIVATE   
+    App Azure             githubexample.blob.core.windows.net            OPEN
+    App Azure             exampletest.azurewebsites.net                  PRIVATE
     App Azure             jira-example.azurewebsites.net                 OPEN      Redirect https://jira-example.azurewebsites.net/
-    App Azure             examplestats.azurewebsites.net                 OPEN      
-    Databases-MSSQL       example-project.database.windows.net           DOMAIN    
-    Email                 example.mail.protection.outlook.com            DOMAIN    
+    App Azure             examplestats.azurewebsites.net                 OPEN
+    Databases-MSSQL       example-project.database.windows.net           DOMAIN
+    Email                 example.mail.protection.outlook.com            DOMAIN
     SharePoint            example.sharepoint.com                         PRIVATE   Redirect https://example.sharepoint.com/
 	...
 ```
 
+## Disclaimer
+
+This tool provided is intended for legal and ethical use only. Any unauthorized or malicious use of this tool is strictly prohibited and may result in legal actions. The developers of this tool are not responsible for any misuse or damage caused by the tool. Use this tool at your own risk and with discretion and always obtain proper authorization before using this tool on any system or network that you do not own or have legal permission to test. The "write-test" option performs intrusive operations to determine bucket rights, use only with explicit authorization.
+
 
 ## Thanks