010 New Cloud.md

{{title}}: Cloud

COMMANDS

DISCOVERY

Passive

• Search Censys:
  • Certificates: https://search.censys.io/search?resource=certificates&q=jetrist.net
  • Hosts: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=promoted-tortoise.jetrist.net

Active

• Gobuster full domain: gobuster dns -d $tgtdomain -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -o domain.gobuster.txt -i

• Gobuster sub domains: gobuster dns -d $tgtdomain -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -o subdomain.gobuster.txt -i

• Place output to an IP list: cat domain.gobuster.txt | cut -d "[" -f5 | cut -d "]" -f1 | cut -d, -f -999 --output-delimiter=$'\n' | awk NF >> iplist.txt

• Get hostnames from iplist: for ip in $(cat iplist.txt); do host $ip >> hosts.raw; done

• Clean up the file: cat hosts.raw | cut -d " " -f 5 | sed 's/\.$//g' > hosts.txt

• Dnsrecon: dnsrecon --iw -d www.promoted-tortoise.jetrist.net -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -k -t brt,crt,std --threads 10 -c www.promoted-tortoise.jetrist.net.dnsrecon.csv

WORKING LOG

DATA

Usernames

Wordlist Adds

Credentials

Keys, AccountIDs, and Tokens

******PERMANENT******



******TEMP******

Hosts & Endpoints

***********COMPUTE*************


***********FUNCTIONS*************



***********STORAGE*************

Internal IPs

ip-10-130-0-204

External IPs

Domains