Giter VIP home page Giter VIP logo

west-wind / obs-recon Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 0.0 6 KB

A python script to automate recon of OBS buckets & download interesting files on Huawei cloud. The idea behind this project is to help companies that use Huawei Cloud services. Running this tool against a list of newly created OBS buckets, will audit their access and find sensitive files exposed to the internet. The result from this tool can be easily shipped to a SIEM tool.

License: MIT License

Python 100.00%
huaweicloud cloud reconnaissance obs bucket storage scanner downloader cloud-auditing audit

obs-recon's Introduction

OBS Recon

OBS Recon is a python script created to download interesting files from open OBS buckets on HUAWEI Cloud. Files with certain extensions are downloaded and saved for information disclosure/cloud security misconfiguration analysis, or to even be sent to the SIEM for alerting SOC.

Installing

Prerequisites

  • Python 2.7

Dependencies

  • beautifulSoup

Installation

$ git clone https://github.com/west-wind/OBS-Recon.git
$ cd OBS-Recon
$ python obs-recon.py

Intended Use

The intention of this script is to find & download interesting files from open OBS buckets on HUAWEI Cloud. The idea is to ensure tenants configure OBS bucket security correctly. This can be used by HUAWEI Cloud Service Providers/Auditors to monitor open OBS bucketsby alerting SOC when an open bucket is found.

It is the end user's responsibility to obey all applicable local, state and federal laws; and it is the end-users responsibility to obtain relevant authorisation from the OBS bucket tenant/owner prior to scan/download. Developer assume no liability and are not responsible for any misuse or damage caused by this program.

Getting Started

This script requires the user to input the extension of files this code needs to download in line 32 in - exten tuple. Finally, a list of OBS bucket URL's need to be saved as a TXT file -url_list.txt to the same directory the code is in. The code will read OBS bucket URL's from this file and scan the same and download files from these buckets.

To begin

  • Create TXT file with title -- url_list.txt with OBS bucket URL's and save to the OBS-Recon directory.

    $ cd OBS-Recon $ python obs-recon.py

All the results will then be output to a csv file - results.csv.

Output

As detailed above, if open buckets are found, files will be downloaded to the same directory this code resides. Additionally, the output CSV can be sent to a SIEM for parsing and correlation rule regarding open buckets can be created to alert SOC personnel.

Reporting Errors

If you encounter an error, create an issue here.

Built With

  • Python

Authors

Alex John, B. (@Praetorian_GRD)

License

Copyright (C) 2022 Alex John, B. This project is licensed under the MIT License - see the LICENSE.md file for details.

obs-recon's People

Contributors

west-wind avatar

Stargazers

avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.