Description
CloudBrute enumerates cloud resources (S3 buckets, Azure blobs, GCP storage) by brute-forcing naming patterns. It identifies misconfigured public cloud storage that may expose sensitive data. Supports AWS, Azure, GCP, and DigitalOcean.
Installation
BASH
go install github.com/0xsha/CloudBrute@latestBasic Usage
BASH
# Enumerate cloud storage
CloudBrute -d target.com -k keyword -w wordlist.txt
# With specific provider
CloudBrute -d target.com -k target -w wordlist.txt -p awsAdvanced Usage
BASH
# All providers
CloudBrute -d target.com -k target -w wordlist.txt -p all
# Custom threads
CloudBrute -d target.com -k target -w wordlist.txt -t 50
# Output
CloudBrute -d target.com -k target -w wordlist.txt -o results.txt
# Multiple keywords
CloudBrute -d target.com -k "target,prod,dev,staging,backup" -w wordlist.txt -p allCommon Workflows
BASH
# Quick bucket enumeration
echo -e "dev\nstaging\nprod\nbackup\nassets\nuploads\ndata\nlogs\nconfig" > cloud_words.txt
CloudBrute -d target.com -k target -w cloud_words.txt -p all -t 30
# Check discovered buckets for public access
aws s3 ls s3://discovered-bucket --no-sign-request