Bleed.Cloud: Reverse the Bleed

Simple tools for checking your exposure to cloud bleed.

Option 1: Check several domains quickly


One Sec!

Results
Domain
{{key}}

Option 2: Scan your gmail account

For security reasons, we recommend you use a temporary gmail password
  • Go to your App Passwords
  • At the bottom click Select App in the bottom left and other
  • Enter bleed.cloud (or well anything)
  • Copy the pasword in yellow
  • Enter your username and the password below
  • Click submit
  • When complete, delete the temp password
  • Injoy
Note we only grab the domain names of the from addresses in your inbox and store none of the information. The source for the lambda in Option 3. The only difference is the aws lambda invoke code and logger (for the domains).

This could take a minute


Results
Domain
{{key}}

Option 3: Run a python script locally

Check accounts Via Gmail

Another option is to find all of the domains with which you have accounts via scanning your gmail. To do so just run the python script below. It will ask you for your username and password.
As you can see it only contacts gmail and does not send the info anywhere else.
  • Take the contents below (download) and paste into a file like bleed.py
  • Go to your gmail and click your avatar in the top right
  • Click My Account
  • Click Sign In & Security
  • Click Signing in to Google
  • Click App Passwords
  • At the bottom click Select App in the bottom left and other
  • Enter bleed.cloud (or well anything)
  • Copy the pasword in yellow
  • Execute the file with python, eg python bleed.py
  • Enter your username and the password
  • It will scan the "from" addresses of your last 4 years of inbox email.
  • Copy all of the domain names from there and paste into the box in Option 1
  • Once it runs you can delete the google app password.
Take the contents from the console and paste them into text box below. We'll display the results below.
import imaplib, re

def group(lst, n):
  for i in range(0, len(lst), n):
    val = lst[i:i+n]
    if len(val) == n:
      yield tuple(val)

print("Gmail Address:")
username = sys.stdin.readline()
print("Temp Password:")
password = sys.stdin.readline()
m = imaplib.IMAP4_SSL("imap.gmail.com", 993)
rc, resp = m.login(username, password)
print(rc)
print(resp)
status, count = m.select("INBOX")
count = count[0]
typ, data = m.search(None, 'ALL')

domains = set()

r = re.compile("<.+@(.+)>")

ids = data[0].split()

for idg in group(ids, 1000):
    print("{}/{}".format(idg[-1], count))
    result, data = m.fetch(",".join(idg), '(BODY[HEADER.FIELDS (FROM)])')

    for i in data:
        if len(i) == 0:
            continue
        if type(i) == str:
            continue

        frm = i[1]

        match = r.search(frm)

        if not match:
            continue

        domain = match.group(1)
        domain = domain.lower()

        domain = ".".join(domain.split(".")[-2:])

        if domain in domains:
            continue

        domains.add(domain)

domains = sorted(domains)

print("Found {} Domains".format(len(domains)))

for domain in domains:
    print(domain)

Privacy Notice
We log the contents of the domain field, but that's it. No identifying information except what you put in the box.