Web Information Gathering / Web Vulnerability Analysis

cloudtoolkit v0.1.3 releases: Cloud Penetration Testing Toolkit

by do son · Published May 7, 2023 · Updated December 4, 2023

Cloud Penetration Testing

cloudtoolkit

Cloud Penetration Testing Toolkit

Capability overview

Providers	Payload	Supported
Alibaba Cloud	backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts.	ECS (Elastic Compute Service) OSS (Object Storage Service) RAM (Resource Access Management) RDS (Relational Database Service)
Tencent Cloud	cloudlist Getting: Assets from Cloud Providers to augment Attack Surface Management efforts. backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot.	CVM (Cloud Virtual Machine) Lighthouse COS (Cloud Object Storage) CAM (Cloud Access Management)
Huawei Cloud	backdoor-user” Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump” Quickly enumerate buckets to look for loot. cloudlist” Getting Assets from Cloud Providers to augment Attack Surface Management efforts.	ECS (Elastic Cloud Server) OBS (Object Storage Service) IAM (Identity and Access Management) RDS (Relational Database Service)
Microsoft Azure	backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts.	Virtual Machines Blob Storage
AWS (Amazon web services)	cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts. backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot.	EC2 (Elastic Compute Cloud) S3 (Simple Storage Service) IAM (Identity and Access Management)
GCP (Google Cloud Platform)	cloudlist	Compute Engine Cloud DNS

Changelog v0.1.2

2eaecc2 feat(sls):support ListProject for Aliyun SLS
f5d189b fix(aliyun):DescribeInvocationResults need to wait for the results
0da41d1 fix(rds):support list all regions
e6123f2 fix(tencent):DescribeInstances support paging, fixes #1
9e83a91 perf(sdk):Upgrade go.mod

Download

Copyright (c) 2022 404tk

Tags: Cloud Penetration Testing Toolkit