Information Gatheringcloudenumerationreconnaissancebugbountyredteampentestamazongooglemicrosoft

CloudBrute

CloudBrute is an awesome cloud enumerator that finds company infrastructure, files, and apps on major cloud providers like Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, and Linode. It is useful for bug bounty hunters, red teamers, and penetration testers.

Description

CloudBrute is a tool designed to enumerate cloud infrastructure associated with a target company across top cloud providers. It discovers storage, apps, and other resources without authentication, making it ideal for reconnaissance phases of bug bounty hunting, red teaming, and penetration testing.

The tool supports black-box enumeration, operates quickly with concurrency, and is modular for easy customization. It works cross-platform on Windows, Linux, and macOS, with features like user-agent randomization and proxy support to evade detection.

Key supported providers include Microsoft (Storage, Apps), Amazon (Storage, Apps), Google (Storage, Apps), DigitalOcean (Storage), Vultr (Storage), Linode (Storage), and Alibaba (Storage). A complete writeup is available at https://0xsha.io/posts/introducing-cloudbrute-wild-hunt-on-the-clouds.

How It Works

CloudBrute performs cloud detection using IPINFO API and source code analysis. It generates URLs based on a domain, keyword, and wordlist, then concurrently probes them against specified cloud providers using randomized user-agents and proxies (HTTP, Socks5). It supports forced cloud searches, threading for speed, timeouts, and outputs results for manual review.

Installation

bash
sudo apt install cloudbrute

Flags

-h, --helpPrint help information
-d, --domaindomain
-k, --keywordkeyword used to generator urls
-w, --wordlistpath to wordlist
-c, --cloudforce a search, check config.yaml providers list
-t, --threadsnumber of threads. Default: 80
-T, --timeouttimeout per request in seconds. Default: 10
-p, --proxyuse proxy list
-a, --randomagentrandom agent value
-D, --debugenable debug mode
-q, --quitequiet mode
-m, --modemode value
-o, --outputoutput file
-C, --configFolderconfig folder path

Examples

Print help information and usage details
cloudbrute -h
Enumerate cloud storage using domain, keyword, and wordlist with auto cloud detection
cloudbrute -d example.com -k storage -w /path/to/wordlist.txt
Force search on Amazon cloud provider for apps using domain, keyword, and wordlist
cloudbrute -d example.com -k apps -w /path/to/wordlist.txt -c amazon
Run with 100 threads and 15-second timeout for faster enumeration
cloudbrute -d example.com -k storage -w /path/to/wordlist.txt -t 100 -T 15
Use proxy list and random user-agents for stealthy enumeration
cloudbrute -d example.com -k files -w /path/to/wordlist.txt -p /path/to/proxies.txt -a true
Output results to file with debug mode enabled
cloudbrute -d example.com -k storage -w /path/to/wordlist.txt -o results.txt -D
Quiet mode enumeration forced on Microsoft cloud provider
cloudbrute -d example.com -k apps -w /path/to/wordlist.txt -c microsoft -q
Updated 2026-04-16kali.org ↗