Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  • Cloud Bucket Checker
  • Metadata Finder
  1. OFFENSIVE SECURITY
  2. External Infrastructure
  3. Discovery

Data Discovery

How to find sensitive data.

PreviousSubdomain DiscoveryNextPort & Service Discovery

Last updated 11 months ago

Cloud Bucket Checker

Using this cloud Bucket checker from Grayhat Warfare, you can search millions of cloud buckets that may be associated with the entity you are testing. This may allow you to find sensitive data.

For example, if your client is ACME, it is likely that their buckets may be named zyx-application-acme.

So search Grayhat Warfare for "ACME":

Metadata Finder

Search for documents (and metadata) in a domain using Search Engines (Google, Bing and Baidu).

metafinder -d -l 20 -o lol

https://buckets.grayhatwarfare.com/
https://github.com/Josue87/MetaFinder