Anonymous Cloud, Configuration and Subdomain Takeover Scanner
Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities.
The extension looks at all responses and will note:
- AWS S3 bucket URLs.
- Azure Storage container URLs.
- Google Storage container URLs.
- Add the JAR as an extension in Burp.
- Add the appropriate targets to scope.
- Begin manually browsing and scanning the target.
- If you want to test for permissions issues that allow all authenticated AWS/GCP users, then add your personal AWS/GCP credentials, and click the "Set Configuration" button.
- If you want to check for potential subdomain takeover vulnerabilities, add API keys for Shodan and Censys (if you want to use both), in addition to a text file list of subdomains (if you want), check the subdomain takeover configuration box, and click the "Set Configuration" button.
For a full list of the features, please check out the GitHub link below.
|Last updated||11 February 2021|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.