• Stars
    star
    154
  • Rank 242,095 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created about 7 years ago
  • Updated almost 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool to hunt for publicly accessible DigitalOcean Spaces

Spaces finder

Spaces finder is a tool to quickly enumerate DigitalOcean Spaces to look for loot. It's similar to a subdomain bruteforcer but is made specifically for DigitalOcean Spaces and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.

By Bharath

Built on top of AWSBucketDump by @ok_bye_now

Pre-Requisites

Non-Standard Python Libraries:

Overview

  • This is a tool that enumerates DigitalOcean Spaces and looks for interesting files
  • I have example wordlists but I haven't put much time into refining them
  • https://github.com/danielmiessler/SecLists will have all the word lists you need
  • If you are targeting a specific company, you will likely want to use jhaddix's enumall tool which leverages recon-ng and Alt-DNS
  • As far as word lists for grepping interesting files, that is completely up to you. The one I provided has some basics and yes, those word lists are based on files that I personally have found with this tool.
  • Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool. Keep in mind that it is in bytes.

Usage:

usage: python3 spaces_finder.py [-h] [-D] [-t THREADS] -l HOSTLIST [-g GREPWORDS] [-m MAXSIZE]

optional arguments:
  -h, --help    show this help message and exit`
  -D            Download files. This requires significant diskspace`
  -d            If set to 1 or True, create directories for each host w/ results`
  -t THREADS    number of threads`
  -l HOSTLIST`
  -g GREPWORDS  Provide a wordlist to grep for`
  -m MAXSIZE    Maximum file size to download.`

python3 spaces_finder.py -l SpacesNames.txt -g interesting_keywords.txt -D -m 500000 -d 1 -t 5

More Repositories

1

breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
CSS
920
star
2

dvna

Damn Vulnerable NodeJS Application
SCSS
686
star
3

the-art-of-subdomain-enumeration

This repository contains all the supplement material for the book "The art of sub-domain enumeration"
Python
633
star
4

bugcrowd-levelup-subdomain-enumeration

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Python
632
star
5

vulnerable-apps

Python
214
star
6

attacking-cloudgoat2

A step-by-step walkthrough of CloudGoat 2.0 scenarios.
133
star
7

dvja

Damn Vulnerable Java (EE) Application
CSS
128
star
8

defcon24-infra-monitoring-workshop

Defcon24 Workshop Contents : Ninja Level Infrastructure Monitoring
124
star
9

defcon-26-workshop-attacking-and-auditing-docker-containers

DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source
107
star
10

sqlinjection-training-app

A simple PHP application to learn SQL Injection detection and exploitation techniques.
PHP
95
star
11

VyAPI

VyAPI - A cloud based vulnerable hybrid Android App
Java
85
star
12

using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019
CSS
81
star
13

json-flash-csrf-poc

This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.
ActionScript
75
star
14

dvcsharp-api

Damn Vulnerable C# Application (API)
C#
70
star
15

practical-recon-levelup0x02

This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd LevelUp 0x02 virtual conference
CSS
61
star
16

winmanipulate

A simple tool to manipulate window objects inย Windows
Visual Basic
44
star
17

opa-traefik-microservice-authz

Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).
JavaScript
41
star
18

raneto-docker

Docker container for Markdown based Raneto Knowledgebase
JavaScript
38
star
19

osint-viz-platform-reconvillage

The repository for Building visualisation platforms for OSINT data using open source solutions
Python
31
star
20

docker-data-science-toolbox

Data Science Command Line Toolbox in a docker container
Shell
28
star
21

docker-datasploit

Docker container for datasploit framework
Shell
26
star
22

sqlinjectionloginbypass

A simple app to demo SQL Injection login bypass
PHP
25
star
23

owasp-threat-dragon-gitlab

OWASP Threat Dragon with Gitlab Integration
JavaScript
23
star
24

kubeseco

Application Security Workflow Automation using Docker and Kubernetes
JavaScript
22
star
25

alldaydevops-aism

All Day DevOps - Automated Infrastructure Security Monitoring and Defence (ELK + AWS Lambda)
Python
22
star
26

devsecops-using-cloudnative-workshop

This repo contains workshop material delivered at #nullcon2020
HTML
15
star
27

datasploit-ansible

Ansible Playbook for setting up Datasploit
14
star
28

ansible-module-owasp-zap

Ansible module for OWASP ZAP using Python API to scan web targets for security issues
HTML
13
star
29

alldaydevops-shua

This repository contains all the talk materials and ebook from the talk System Hardening Using Ansible given at All Day DevOps 2016 online conference
12
star
30

owasp-webgoat-dot-net-docker

Docker container for running OWASP WebGoat.NET application
11
star
31

nullblr-bachaav-aismd

null Bangalore Public Bachaav 10 December 2016 Automated Infrastructure Security Monitoring & Defence
HTML
10
star
32

prowler-aws-securityhub-integration

Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks
Python
7
star
33

c0c0n-2019-ctf-writeups

CTF write-ups from c0c0n 2019 CTF challenges that we participated
7
star
34

bsides-delhi-recon

This repository contains all the material from the talk "Doing recon like it's 2017" given at Bsides Delhi 2017 conference
Python
5
star
35

django-rev-shell

A simple django app to provide a reverse shell when deployed and invoked.
Python
4
star
36

nodejs-google-idp-sample

Presentation with proof of concept code on using Google as Identity Provider for Web API authentication using NodeJS as backend and VueJS as frontend
JavaScript
3
star
37

container-image-scanner-api

A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses
Go
2
star
38

automated-defence-ssh-bruteforce-aws

Source code for Automated Defence - Blocking SSH bruteforce attacks in AWS
JavaScript
2
star
39

secrets-in-google-cloud-run-with-google-cloud-build

Baking secrets in Google Cloud Run containers using Google Cloud Build
Python
2
star
40

owasp-bayarea-adef

Visual Basic
2
star
41

asn-search-api

A Golang API over MaxMind ASN database
Go
2
star
42

kubernetes-ptaas-scripts

Scripts to generate kubeconfig files required to perform a PT.
Shell
2
star
43

http-basics-docker

PHP
1
star