cloud-pivot-finderlisted

# Cloud Pivot Finder From external domains to cloud infrastructure compromise paths. ## Important CRITICAL: Only test cloud infrastructure you have explicit authorization to test. Unauthorized access to cloud resources is a criminal offense. ## Instructions ### Step 1: Cloud Provider Detection ```bash python scripts/cloud_detector.py --domain {target_domain} ``` Identify cloud hosting: 1. **IP range analysis**: Match IPs against AWS, GCP, Azure published IP ranges 2. **DNS analysis**: CNAME patterns (*.amazonaws.com, *.googleusercontent.com, *.azurewebsites.net) 3. **Header analysis**: Server headers, X-Amz-*, X-GUploader-*, x-ms-* headers 4. **Certificate analysis**: Issuer and SAN entries pointing to cloud services 5. **CDN detection**: CloudFront, Cloud CDN, Azure CDN distributions Output: Map of domain -> cloud provider -> service type. ### Step 2: Storage Bucket Enumeration ```bash python scripts/bucket_enum.py --domain {target_domain} --provider {aws|gcp|azure|all} ``` **Naming pattern brute-force:** - {domain}, {domain}-backup, {domain}-dev, {domain}-staging - {company}-assets, {company}-uploads, {company}-data - {project}-{env} combinations **Per-provider testing:** - **S3**: Check for public ListBucket, GetObject, PutObject - **GCS**: Check for allUsers/allAuthenticatedUsers permissions - **Azure Blob**: Check for public container access For each accessible bucket: 1. List contents (if ListBucket allowed) 2. Check for sensitive files (.env, credentials,