Skip to content
/ sneak Public

A container/VM malware that finds and exploits SSRF opportunities in a compromised cloud environment

codemuch.tech/2022/04/23/supply-chain-counterattack/
8 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ex0dus-0x/sneak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github/workflows
.github/workflows
 
 
cmd/sneak
cmd/sneak
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
cloud.go
cloud.go
 
 
enum.go
enum.go
 
 
go.mod
go.mod
 
 
net.go
net.go
 
 
utils.go
utils.go
 
 

Repository files navigation

sneak

NOTE: as a mini-research + bug bounty project, I uploaded this to be picked up by supply chain defense pipelines through some malicious packages. If you have come across this, please reach out to me for next steps!

A container/VM "malware" that finds and exploits SSRF opportunities in a compromised cloud environment.

Introduction

This is a proof-of-concept of a binary that can be dropped in a cloud environment to leak and exfiltrate sensitive data from the instance metadata service, and also enumerate for other server-side request forgery (SSRF) opportunities.

Supported heuristics:

  • Cloud Metadata
    • AWS IMDSv1
    • Google Cloud
    • DigitalOcean
    • Microsoft Azure
  • Environmental Variables
  • Other network services (TODO)

About

A container/VM malware that finds and exploits SSRF opportunities in a compromised cloud environment

codemuch.tech/2022/04/23/supply-chain-counterattack/

Resources

Readme
Activity

Stars

8 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 1

Very initial release Latest
Mar 9, 2022

Languages