Merge pull request #1218 from projectdiscovery/detect-aws-services

Templates to detect cloud storage services

exposures/configs/amazon-docker-config-disclosure.yaml

@@ -4,7 +4,7 @@ info:
   name: Dockerrun AWS Configuration Exposure
   author: pdteam
   severity: medium
-  tags: config,exposure
+  tags: config,exposure,aws
 
 requests:
   - method: GET

technologies/aws-bucket-service.yaml

@@ -0,0 +1,29 @@
+id: aws-bucket-service
+
+info:
+  name: Detect websites using AWS bucket storage
+  author: pdteam
+  severity: info
+  tags: aws,tech
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - contains(tolower(all_headers), 'x-amz-bucket')
+          - contains(tolower(all_headers), 'x-amz-request')
+          - contains(tolower(all_headers), 'x-amz-id')
+          - contains(tolower(all_headers), 'AmazonS3')
+        part: header
+        condition: or
+
+      - type: dsl
+        dsl:
+          - contains(tolower(all_headers), 'x-guploader-uploadid')
+        part: header
+        negative: true

technologies/google-bucket-service.yaml

@@ -0,0 +1,25 @@
+id: google-bucket-service
+
+info:
+  name: Detect websites using Google bucket storage
+  author: pdteam
+  severity: info
+  tags: google,tech
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - contains(tolower(all_headers), 'x-goog-component-count')
+          - contains(tolower(all_headers), 'x-goog-expiration')
+          - contains(tolower(all_headers), 'x-goog-generation')
+          - contains(tolower(all_headers), 'x-goog-metageneration')
+          - contains(tolower(all_headers), 'x-goog-stored-content-encoding')
+          - contains(tolower(all_headers), 'x-goog-stored-content-length')
+          - contains(tolower(all_headers), 'x-guploader-uploadid')
+        part: header
+        condition: or