Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Link: https://github.com/initstring/cloud_enum
Link: https://github.com/0xsha/CloudBrute
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
Gstrike is a password spraying tool designed specifically for performing targeted password attacks against Google Workspace accounts, allowing you to efficiently test the strength of user passwords within a Google Workspace environment.
Link: https://github.com/y0k4i-1337/gstrike
Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools (see the benchmark below).
Example:
sudo docker run -it evilsocket/legba:latest http.enum --payloads "REDACTED" --http-success-string "COMPASS" --http-success-codes 204 --quiet --target "<https://mail.google.com/mail/gxlu?email={PAYLOAD}@google.com>"
Link: https://github.com/evilsocket/legba
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
Link: ‣