Documentation
¶
Overview ¶
Package cloudosint discovers exposed cloud storage resources — S3 buckets, Azure Blob containers, GCP Cloud Storage buckets and DigitalOcean Spaces — using passive DNS, HTTP probing and public cloud APIs.
Techniques:
- DNS-based bucket enumeration (subdomain/naming patterns)
- HTTP HEAD probes to bucket URLs (detects public read, write, no-auth)
- GrayhatWarfare API (free, indexes open buckets)
- Certificate transparency (delegates to certs module pattern)
All probes are PASSIVE or HTTP-only — no exploitation attempted. Findings include confidence scores, slog observability and redaction of any credentials per dicas.md §18.
Usage:
m := cloudosint.New()
findings, err := m.Run(ctx, module.Input{
Target: "example", // company/brand name OR domain
Options: map[string]string{
"sources": "dns,http,grayhat",
"grayhat_key": "<key>",
"probe_timeout_ms": "5000",
"max_permutations": "50",
},
})
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BucketStatus ¶
type BucketStatus string
BucketStatus classifies the access level of a cloud bucket.
const ( BucketPublicRead BucketStatus = "public_read" BucketPublicWrite BucketStatus = "public_write" BucketPrivate BucketStatus = "private" BucketNotFound BucketStatus = "not_found" BucketUnknown BucketStatus = "unknown" )
type Module ¶
type Module struct {
// contains filtered or unexported fields
}
Module implements module.Module for cloud storage OSINT.
func NewWithClient ¶
NewWithClient allows injecting a custom HTTP client (useful for tests).
Click to show internal directories.
Click to hide internal directories.