Cloud OSINT – Navigating Tools, Techniques, And Resources For Effective Cloud Intelligence

A repository with information related to different resources, tools, and techniques related to Cloud OSINT.

Cloud OSINT (Open Source Intelligence) is pivotal in the digital age for gathering and analyzing data from cloud-based services.

This guide delves into a myriad of tools, techniques, and resources that specialize in extracting valuable information from cloud infrastructures such as Azure, AWS, and Google Cloud.

Whether you’re a cybersecurity professional or an enthusiast, the insights provided here will enhance your ability to uncover and utilize publicly available cloud data effectively.

Google Dorks

Azure

* site:blob.core.windows.net “keyword” 
* site:"blob.core.windows.net" and intext:"CONFIDENTIAL"
* site:*.core.windows.net intext:"TLP:RED"
* site:*.core.windows.net
* site:*.core.windows.net +blob
* site:*.core.windows.net +files -web -blob
* site:*.core.windows.net -web
* site:*.core.windows.net -web -blob -files
* site:*.core.windows.net inurl:dsts.dsts
* site:*.core.windows.net inurl:"term" -web
* site:*.blob.core.windows.net ext:xls | ext:xlsx (login | password | username)
* intext:connectionstring blob filetype:config
* intext:accountkey windows.net filetype:xml
* intext:storageaccountkey windows.net filetype:txt

AWS

site:”s3-external-1.amazonaws.com” and intext:CONFIDENTIAL
site:”s3.amazonaws.com” and intext:CONFIDENTIAL
site:”s3.dualstack.us-east-1.amazonaws.com” and intext:CONFIDENTIAL
site:”s3-external-1.amazonaws.com” and intext:”TOP SECRET”
site:”s3.amazonaws.com” and intext:”tlp:red”
site:”s3.amazonaws.com” and intext:”tlp:amber”
site:s3.amazonaws.com example
site:s3.amazonaws.com example.com
site:s3.amazonaws.com example-com
site:s3.amazonaws.com com.example
site:s3.amazonaws.com com-example
site:s3.amazonaws.com filetype:xls password
site:http://s3.amazonaws.com intitle:index.of.bucket
site:http://amazonaws.com inurl:”.s3.amazonaws.com/”
s3 site:amazonaws.com filetype:log
site:http://trello.com “aws.amazon.com” “password”

Google Cloud

site:googleapis.com +commondatastorage
site:.firebaseio.com “COMPANY NAME”
inurl:bc.googleusercontent.com intitle:index of
site:storage.googleapis.com
Bucket list for a project – site:console.cloud.google.com/storage/browser
Details for an object – site:console.cloud.google.com/storage/browser/_details
site:firebasestorage.googleapis.com

Shodan Dorks

Filter Reference

cloud.provider
cloud.region
cloud.service

Azure

cloud.service:”azureCloud”
cloud.service:”azureCloud” country:GB,US http.title:”swagger” http.status:200 – API Documentation
cloud.service:”azureCloud” http.status:200 country:GB,US -http.title:”Your Azure Function App is up and running.” -http.title”IIS Windows Server“ – Web Services that are not default splash pages
cloud.provider:”Azure” country:GB,US http.status:200 http.title:”Index of /” ssl:true – Web Apps with directory listings enabled and SSL
cloud.provider:”Azure” country:GB,US http.status:200 http.title:”Index of /” – Web Apps with directory listings enabled
cloud.provider:”Azure” hostname:”cloudapp.net” http.status:200,302 – Cloud Apps
cloud.service:”AzureCloud” http.status:200 http.title:”api” – APIs

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.