# Digital Ocean Pentesting

{{#include ../../banners/hacktricks-training.md}}

## Basic Information

**Before start pentesting** a Digital Ocean environment there are a few **basics things you need to know** about how DO works to help you understand what you need to do, how to find misconfigurations and how to exploit them.

Concepts such as hierarchy, access and other basic concepts are explained in:

{{#ref}}
do-basic-information.md
{{#endref}}

## Basic Enumeration

### SSRF

{{#ref}}
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}

### Projects

To get a list of the projects and resources running on each of them from the CLI check:

{{#ref}}
do-services/do-projects.md
{{#endref}}

### Whoami

```bash
doctl account get
```

## Services Enumeration

{{#ref}}
do-services/
{{#endref}}

{{#include ../../banners/hacktricks-training.md}}