chrismaddalena
commented
6 years ago I'll look into it! Thanks for the feedback. I need to modify that bit of code soon anyway to update it to support the new Digital Ocean Spaces in Singapore.
Closed 0xhexmex closed 6 years ago
chrismaddalena
commented
6 years ago I'll look into it! Thanks for the feedback. I need to modify that bit of code soon anyway to update it to support the new Digital Ocean Spaces in Singapore.
chrismaddalena
commented
6 years ago This has been addressed in the latest push. There is a new option for --aws-fixes which allows you to provide a second wordlist for AWS searches. This is envisioned as a wordlist you maintain and use every time you run ODIN rather than the keyword list you use for bucket names that might be good for one target. Like the --aws keyword wordlist, it is optional.
Create your list of prefixes and suffixes and provide them to ODIN. ODIN will then take each of those, add it to the default list (seen below), remove any duplicates, and then proceed with the searches.
For reference, this is the current list that ODIN uses (also expanded in the latest release):
fixes = ["apps", "downloads", "software", "deployment", "qa", "dev", "test", "vpn", "secret", "user", "confidential", "invoice", "config", "backup", "bak", "xls", "csv", "ssn", "resources", "web", "testing"]
If there's anything missing that you feel would be a good addition, please let me know (or, better yet, put in a pull request with your additions).
I noticed if you pass ODIN a list of AWS prefixes to search for, it will look for just those prefixes and not append or prepend the client name when it looks for a S3 bucket.
If /tmp/prefixes contains: chat sitemap
And you pass it with the -w parameter like # odin.py osint -c 'CLIENT' -d 'client.com' -w /tmp/prefixes
ODIN will return:
http://chat.s3.amazonaws.com http://sitemap.s3.amazonaws.com
Possible solution:
Search for bucket names like...
chat-client client-chat chat.client client.chat chat_client client_chat
etc.