This is a curated list of resources for collecting information about cloud providers.
A presentation that covers the concept of Cloud OSINT and its application in third party cloud provider review https://docs.google.com/presentation/d/113N-x1ocz7xDS5rXcmhmTqDyv2to028yAzedJlKq1J8/edit?usp=sharing
Asset discovery
| Free | Commercial |
|---|---|
| Shodan | BitDiscovery |
| Bluto | assetnote |
| SpiderFoot | |
| https://spyse.com/ |
SSL and HTTP Security Headers analysis
| Free | Commercial |
|---|---|
| SSLScan | |
| htbridge | |
| HttpObservatory | |
| Testssl.sh |
Mobile
| Free | Commercial |
|---|---|
| htbridge mobile | NowSecure Intel |
| vulners | Data Theorem |
| https://android.fallible.co/ | |
| https://androidobservatory.org/ |
Threat Hunting
| Free | Commercial |
|---|---|
| GreyNoise.io | Recorded Future |
Audit Reports
| Free | Commercial |
|---|---|
| CSA Star Registry | sharedassessments |
Vulnerability data
| Free | Commercial |
|---|---|
| OpenBugBounty | |
| PunkSPIDER | |
| Vulners | |
| https://scans.io/ |
Company details
| Free | Commercial |
|---|---|
| Crunchbase |
Code Search
| Free | Commercial |
|---|---|
| nerdydata | |
| https://publicwww.com/ |
IP Reputation
| Free | Commercial |
|---|---|
| Cisco Talos |
DNS Search
| Free | Commercial |
|---|---|
| DNSDumpster, Domaintools etc. | Cisco Umbrella |
Breach Information
| Free | Commercial |
|---|---|
| Google Search etc. | Recorded Future |
Cloud Access Security Broker
| Free | Commercial |
|---|---|
| ----- | Cisco CloudLock, Skyhigh, Bitglass |
Third party risk measurement
| Free | Commercial |
|---|---|
| ----- | Bitsight, securityscorecard |
Financial Viability
| Free | Commercial |
|---|---|
| ----- | Dun & Bradstreet |
Content Security Policy Analysis
| Free | Commercial |
|---|---|
| https://csp-evaluator.withgoogle.com/ |
Tech Stack Evaluation
| Free | Commercial |
|---|---|
| Wapplyzer | https://www.purplemet.com/ |
| urlscan.io |
TLS certificate and associated subdomain analysis
| Free | Commercial |
|---|---|
| censys.io | |
| https://transparencyreport.google.com/https/certificates |
Test for IPv6, DNSSEC, DMARC etc. Modern Standards
| Free | Commercial |
|---|---|
| https://en.internet.nl |
Open Buckets analysis
| Free | Commercial |
|---|---|
| https://buckets.grayhatwarfare.com |
SSH Analysis
| Free | Commercial |
|---|---|
| https://sshcheck.com |