Enumeration

A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.

An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.

CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.

A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.

A Chrome extension that automatically detects and lists Amazon S3 buckets while browsing websites.

A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.

ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

A subdomain enumeration tool for penetration testers and security researchers.

A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.

Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.

A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.

A Python tool that uses AWS Cloud Control API to enumerate and catalog AWS resources across specified accounts and regions, outputting results in JSON format.

CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.

A script to enumerate Google Storage buckets and determine access and privilege escalation

A command-line tool that extracts manifest and configuration data from Docker registry images for security analysis and reconnaissance purposes.

A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.

An information gathering tool for DNS, subdomains, ports, and directories enumeration.