Skip to content

GTGalaxi/proxy-metadata

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
metadata
metadata
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Proxy Browser

Go Build go-report-card GitHub go.mod Go version GitHub release (latest by date including pre-releases)

A cloud metadata enumeration and scraping tool used in conjunction with an exploited SSRF through a web proxy. It currently supports AWS, with GCP and Azure to be implemented.

Written as a personal tooling project to get more familiar with Go

proxyaws

Installation

Installing from Source

go get -u github.com/GTGalaxi/proxy-metadata

You can then build the package with go build, or just run it with go run main.go [platform] -[args] (See below).

Pre-built

You can download a Windows Binary from the releases page.

Usage

Command Line Tool

Example Usage:

    go run main.go <platform> -proxy <proxy-url> -out <output-path> -all -v

    proxy-browser.exe <platform> -proxy <proxy-url> -out <output-path> -all -v

Sub Commands:

    aws, gcp, azure

Flags:

    -all                Enumerate all versions of the instance metadata. 
                        If not specified, only 'latest/' will be enumerated

    -out string         Path of the output .json file (default "./out/{platform}.json")

    -proxy string       URL of the proxy that will be used for SSRF and enumeration.
                        {0} will be replaced with the proxied URL (default "http://example.com/proxy?{0}")

    -v                  Verbose output

Library

proxy-browser can be used as a library and provides easy to use functions and custom encoding functionality

package main

import (
    "proxy-browser/metadata"
)

func main() {
    // Enumerate all versions in AWS through 'https://example.com/proxy?{0}' and save to file './out/aws.json
    metadata.AWS.Enumerate("https://example.com/proxy?{0}", true, metadata.PassthroughEncoder, "./out/aws.json")
}

Simply pass through your chosen proxy, a bool to enumerate all versions or just 'latest/', use the built in 'metadata.PassthroughEncoder' or create your own and provide an output path.

Enumerate() is a temporary stand in that extends on Platform types like AWS, GCP and Azure and calls their internal Enumeration functions like EnumerateAWS().ToFile().

The Encoder type can be applied to your own functions to pass them through to the Enumerate() function and be used to encode the proxied URL in whatever way you need.

Example Encoder function

func simpleBase64Encoder(endpoint string) string {
    // Base64 Encoded String
    encodedString := base64.StdEncoding.EncodeToString([]byte(endpoint))
    return encodedString
}

func main() {
    // Implement Custom Encoder
    metadata.AWS.Enumerate("https://example.com/proxy?{0}", true, simpleBase64Encoder, "./out/aws.json")
}

License

This tool is licensed under the MIT License. Feel free to use, modify, and distribute the code as you see fit. If you make any improvements or bugfixes, please consider contributing back to the project by opening a pull request.

About

Cloud enumeration through proxy using SSRF

Topics

go aws metadata-extraction ssrf-proxy

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages