onaws
onaws is a simple tool to check if an IP/hostname belongs to the AWS IP space or not. It uses the AWS IP address ranges data published by AWS to perform the search.
The tool could be used for:
- Continuous recon of assets
- Gathering assets using a specific service (e.g. EC2)
- Finding region information for S3 buckets
- ... etc.
Install
pip install onaws
Usage
Given an IP:
onaws 52.219.47.34
Given a hostname:
A domain or subdomain can be passed as input:
onaws example.com
You may also supply an S3 bucket hostname as input:
onaws dropbox.s3.amazonaws.com
List of hostnames
onaws accepts line-delimited hosts on STDIN. This is helpful if you want to pipe the output of other tools to onaws:
$ cat hosts.txt
uber.s3.amazonaws.com
aws.com
google.com
$ cat hosts.txt | onaws
{
"uber.s3.amazonaws.com": {
"is_aws_ip": true,
"ip_address": "52.218.46.121",
"service": "S3",
"region": "eu-west-1",
"matched_subnet": "52.218.0.0/17",
"hostname": "uber.s3.amazonaws.com"
},
"aws.com": {
"is_aws_ip": true,
"ip_address": "52.84.13.117",
"service": "CLOUDFRONT",
"region": "GLOBAL",
"matched_subnet": "52.84.0.0/15",
"hostname": "aws.com"
},
"google.com": {
"is_aws_ip": false
}
}
Output
If the IP/hostname falls in the AWS IP range, onaws will return the service, region and other details in the output:
{
"is_aws_ip": true,
"ip_address": "52.218.196.155",
"service": "S3",
"region": "us-west-2",
"matched_subnet": "52.218.128.0/17",
"hostname": "flaws.cloud"
}
Contribution
I welcome contributions from the public. If you find something that could be improved, please file an Issue or send a PR :)
Credits
- Thanks to @TomNomNom for suggesting the name.
21 Nov 17, 2022
1 Dec 11, 2021
1 Nov 16, 2021
204 Dec 28, 2022
5 Aug 01, 2022
3 May 19, 2022
1 Oct 29, 2021
1 Jan 15, 2022
1 Oct 13, 2021
6 May 06, 2022
6 Oct 21, 2022
4 Jun 24, 2021
4 Nov 04, 2022
977 Jan 05, 2023
202 Oct 04, 2022
105 Dec 31, 2022
3 Sep 30, 2022
9 Jul 19, 2022
1 Feb 03, 2022
44 Dec 27, 2022