CloudScraper is a Tool to spider and scrape targets in search of cloud resources. Plug in a URL and it will spider and search the source of spidered pages for strings such as 's3.amazonaws.com', 'windows.net' and 'digitaloceanspaces'. AWS, Azure, Digital Ocean resources are currently supported.
Link: https://github.com/RhinoSecurityLabs/CloudScraper
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Link: https://github.com/initstring/cloud_enum
Link: https://github.com/0xsha/CloudBrute
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
A PowerShell module where I’ve tried to put all the knowledge I’ve gained during the years spent with Office 365 and Azure AD. It is a result of hours of reverse-engineering and debugging of Microsoft tools related to Azure AD, such as PowerShell modules, directory synchronisation, and admin portals.
Link: AAD Internals (o365blog.com)
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
Link: https://github.com/dafthack/MSOLSpray
MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled.