配置错误的云存储桶
Google dork
site:.s3.amazonaws.com "Company NAME"
S3 Bucket 暴力枚举¶
https://github.com/ghostlulzhacks/s3brute
$ python amazon-s3-enum.py -w BucketNames.txt -d <Domain Here>
Google Cloud Storage¶
https://github.com/RhinoSecurityLabs/GCPBucketBrute
$ python3 gcpbucketbrute.py -k <Domain Here> -u
Digital ocean Spaces¶
site:digitaloceanspaces.com <Domain Here>
https://github.com/appsecco/spaces-finder
Docker API¶
详见云安全模块
Kubernetes API¶
详见云安全模块