Skip to content
List of metadata service endpoints for different cloud providers for your pentesting needs.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md

README.md

cloud-metadata-services

List of metadata service endpoints for different cloud providers for your pentesting needs.

Provider Metadata Endpoint Example Protection Documentation
Amazon Web Services (AWS) http://169.254.169.254/latest/meta-data/ami-id none (custom logic[1] possible) https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
Google Cloud http://metadata.google.internal/computeMetadata/v1/instance/machine-type Metadata-Flavor: Google header, rejects X-Forwarded-For (bypass using /v1beta1/) https://cloud.google.com/compute/docs/storing-retrieving-metadata
Microsoft Azure http://169.254.169.254/metadata/instance?api-version=2017-12-01 Metadata:true header, rejects X-Forwarded-For https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
DigitalOcean http://169.254.169.254/metadata/v1/ none https://www.digitalocean.com/docs/droplets/resources/metadata/
OpenStack http://169.254.169.254/openstack/latest none https://blogs.vmware.com/openstack/introducing-the-metadata-service/
Rancher (Kubernetes) http://rancher-metadata/2015-07-25/ none https://rancher.com/introducing-rancher-metadata-service-for-docker/

[1] https://medium.com/netflix-techblog/netflix-information-security-preventing-credential-compromise-in-aws-41b112c15179

Feel free to add more services and details. The Markdown is formatted using prettier, I'd appreciate if PRs do that as well.

You can’t perform that action at this time.