Difference between revisions of "ORP APK Bot"

From Exploitee.rs
Jump to navigationJump to search
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:
* FireBase Database
* FireBase Database
* FireBase Cloud Storage
* FireBase Cloud Storage
* Rackspace Cloud Drive Buckets
* AliBaba Cloud Storage
* E2E Networks Buckets
* Google Cloud Buckets
* Google Cloud Buckets
* RSA Private Keys
* RSA Private Keys

Latest revision as of 03:48, 6 September 2022

About

The Discord bot "ORP_APK" iterates through applications in the Google Play store looking for instances of insecure cloud storage, open real time databases, and private keys. After manual verification of the finding, a user can then report the finding to the affected app developer through the use of bot commands.

Services

  • Amazon AWS S3 Buckets
  • Linode Objects Buckets
  • Digital Ocean Spaces
  • DreamHost Buckets
  • Azure Blobs
  • BackBlaze S3
  • IBM Cloud Buckets
  • Wasabi Object Buckets
  • Vultr Objects Buckets
  • FireBase Database
  • FireBase Cloud Storage
  • Rackspace Cloud Drive Buckets
  • AliBaba Cloud Storage
  • E2E Networks Buckets
  • Google Cloud Buckets
  • RSA Private Keys
  • AWS Creds

Usage

Command Description
!start Starts the bot in the specified channel.
!scan <app_id> Scans the provided app id (ex: com.google.play)
!get_findings <app_id> Gets previously found findings for a specified app id
!update_notified <finding_id_num> Used to set the finding (based on the finding id) as reported (for reports handled outside of bot).
!get_email <finding_id_num> <researcher_name> Create a report for the specified finding with the specified researchers name (submission is previewed before sending).
!add_note <Not to application developer here> Adds a note to a finding submission (used after !get_email)
!cancel_email Cancels an email after being previewed through !get_email
!send_email Sends an email after being previewed through !get_email