Enumerate AWS Public Resources

# python3 ./cloud_enum.py -k tylerexposedbucket234 --disable-gcp --disable-azure

[+] Checking for S3 buckets
  OPEN S3 BUCKET: http://tylerexposedbucket234.s3.amazonaws.com/
      FILES:
      ->http://tylerexposedbucket234.s3.amazonaws.com/tylerexposedbucket234
      ->http://tylerexposedbucket234.s3.amazonaws.com/dogs.txt
      ->http://tylerexposedbucket234.s3.amazonaws.com/secrets.txt
  Protected S3 Bucket: http://tyler.s3.amazonaws.com/
  Protected S3 Bucket: http://tyler1.s3.amazonaws.com/
  Protected S3 Bucket: http://tyler-1.s3.amazonaws.com/
  Protected S3 Bucket: http://tyler2.s3.amazonaws.com/

aws ec2 describe-snapshots --restorable-by-user-ids all

aws ec2 describe-snapshots --owner-ids 222222222222 --restorable-by-user-ids all

#!/bin/bash

# Description: Finds all public ebs snapshots in all regions for a given aws account

# account to check
account='111111111111'

# needed to correctly parse regions
IFS=$'\n'

echo "Checking all regions in AWS account $account"

# get all available aws regions
regions=$(aws ec2 describe-regions --region us-east-1 | jq -r '.Regions[].RegionName')

# iterate through regions
for region in $regions; do
    # check for public snapshots
    echo "Checking for Public EBS snapshots in region: $region"
    
    # check for snapshots in region
    aws ec2 describe-snapshots --owner-ids $account --restorable-by-user-ids all --region "$region" | jq -r '.Snapshots[]'
done

# reset IFS
unset IFS

aws rds describe-db-snapshots --include-public

export account='111111111111'

aws rds describe-db-snapshots --include-public | jq -r --arg aws_account "$account" '.DBSnapshots[] | select(.DBSnapshotIdentifier | contains($aws_account))'

aws rds describe-db-snapshots --snapshot-type Public

#!/bin/bash

# Description: Finds all public rds snapshots in all regions for a given aws account

# account to check
account='111111111111'

# needed to correctly parse regions
IFS=$'\n'

echo "Checking all regions in AWS account $account"

# get all available aws regions
regions=$(aws ec2 describe-regions --region us-east-1 | jq -r '.Regions[].RegionName')

# iterate through regions
for region in $regions; do
    # check for public snapshots
    echo "Checking for Public RDS snapshots in region: $region"
    
    # check for snapshots in region
    aws rds describe-db-snapshots --include-public --region $region | jq -r --arg aws_account "$account" '.DBSnapshots[] | select(.DBSnapshotIdentifier | contains($aws_account))'
done

# reset IFS
unset IFS

#/bin/bash

# Variables
RED="\033[31m"
RESET="\033[0m"

my_ssm_docs=$(aws ssm list-documents | jq -r '.DocumentIdentifiers[] | select(.Owner | contains("111111111111")) | (.Name)')

for doc in $(echo $my_ssm_docs); do
    status=$(aws ssm describe-document-permission --name $doc --permission-type Share | jq -r '.AccountIds[]')

    if [ "$status" != "all" ]; then
        echo "The $doc is not public."
    else
        echo "${RED}The $doc is PUBLIC.${RESET}"
    fi
done

 aws ssm get-document --name <documentName> | jq -r '.Content'