ORP APK Bot: Difference between revisions
From Exploitee.rs
| Line 18: | Line 18: | ||
* Rackspace Cloud Drive Buckets | * Rackspace Cloud Drive Buckets | ||
* AliBaba Cloud Storage | * AliBaba Cloud Storage | ||
* E2E Networks Buckets | |||
* Google Cloud Buckets | * Google Cloud Buckets | ||
* RSA Private Keys | * RSA Private Keys | ||
Latest revision as of 03:48, 6 September 2022
About
The Discord bot "ORP_APK" iterates through applications in the Google Play store looking for instances of insecure cloud storage, open real time databases, and private keys. After manual verification of the finding, a user can then report the finding to the affected app developer through the use of bot commands.
Services
- Amazon AWS S3 Buckets
- Linode Objects Buckets
- Digital Ocean Spaces
- DreamHost Buckets
- Azure Blobs
- BackBlaze S3
- IBM Cloud Buckets
- Wasabi Object Buckets
- Vultr Objects Buckets
- FireBase Database
- FireBase Cloud Storage
- Rackspace Cloud Drive Buckets
- AliBaba Cloud Storage
- E2E Networks Buckets
- Google Cloud Buckets
- RSA Private Keys
- AWS Creds
Usage
| Command | Description |
|---|---|
| !start | Starts the bot in the specified channel. |
| !scan <app_id> | Scans the provided app id (ex: com.google.play) |
| !get_findings <app_id> | Gets previously found findings for a specified app id |
| !update_notified <finding_id_num> | Used to set the finding (based on the finding id) as reported (for reports handled outside of bot). |
| !get_email <finding_id_num> <researcher_name> | Create a report for the specified finding with the specified researchers name (submission is previewed before sending). |
| !add_note <Not to application developer here> | Adds a note to a finding submission (used after !get_email) |
| !cancel_email | Cancels an email after being previewed through !get_email |
| !send_email | Sends an email after being previewed through !get_email |
