26 Dec, 2022
Cloud is a most populer and most efficient way to shift IT infrastructure from local to a non-self managed platform but this kind of offering comes with the responsibility and which cloud provider upfront clear before you or your organization host any kind of application to their infrastructure.
Since our team started talking about cloud security (mostly Cloud Configuration Audit, Cloud Pentesting, etc.) every IT Persen we met in enterprises as well as SMEs everyone is shifting from local infrasturute to cloud (mostly AWS, Google, Azure) they were asnwered that they're secure because now cloud providers has to take care of the security part.
So let me break it to parts where AWS says that the infrastructure we provide is definitely secure but the application is not our responsibility (for further self study refer this https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/shared-security-responsibility-model.html)
So we were clear that the hosted web application, mobile application, APIs, etc. might be vulnerable to something and that is where we started to take it to the next level to find entry point.
Now we was wondering how should we gather all the Public IPs of aws to get started and we find out that aws itself provides CIDR of all public hosted server IP(s) such as LightSail, EC2, etc.
Please refer to this to get those CIDR https://ip-ranges.amazonaws.com/ip-ranges.json
The first thing I needed to do was CIDR to IP mapping and here comes ProjectDiscovery in our mind and a tool called mapcidr powered by ProjectDiscovery.
We started mapping with the simple command mapcidr -cidr 220.127.116.11/26 -silent
We'll cover the next part of this journey, till then stay tuned and ping us if there is anything that comes to mind.