Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers


Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.


Features
  • Easily list Cloud assets with multiple configurations.
  • Multiple cloud providers support.
  • Highly extensible making adding new providers a breeze.
  • STDOUT support to work with other tools in pipelines.

Usage
▶ cloudlist -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
config Config file for providers cloudlist -config test.yaml
provider List assets of given providers cloudlist -provider aws
host List hosts only cloudlist -host
ip List Ips only cloudlist -ip
json List output in the JOSN format cloudlist -json
output Store the output in file cloudlist -output
silent Display results only cloudlist -silent
version Display current version cloudlist -version
verbose Display verbose mode cloudlist -verbose

Installation Instructions

From Source

The installation is easy. You can download the pre-built binaries for your platform from the Releases page. Extract them using tar, move it to your $PATHand you're ready to go.

Download latest binary from https://github.com/projectdiscovery/cloudlist/releases▶ tar -xvf cloudlist-linux-amd64.tar▶ mv cloudlist-linux-amd64 /usr/local/bin/cloudlist▶ cloudlist -h

From Source

cloudlist requires go1.14+ to install successfully. Run the following command to get the repo -

▶ GO111MODULE=on go get -v github.com/projectdiscovery/cloudlist/cmd/cloudlist

From Github
▶ git clone https://github.com/projectdiscovery/cloudlist.git; cd cloudlist/cmd/cloudlist; go build; cp cloudlist /usr/local/bin/; cloudlist -version

Configuration file

The default config file should be located in $HOME/.config/cloudlist/config.yaml and has the following contents as an example. In order to run this tool, the keys need to updated in the config file.

# Configuration file for cloudlist enumeration agent- # provider is the name of the provider (Digitalocean)  provider: do  # profile is the name of the provider profile  profile: xxxx  # digitalocean_token is the API key for digitalocean cloud platform  digitalocean_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx- # provider is the name of the provider (Scaleway)  provider: scw  # scaleway_access_key is the access key for scaleway API  scaleway_access_key: SCWXXXXXXXXXXXXXX  # scaleway_access_token is the access token for scaleway API  scaleway_access_token: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx- # provider is the name of the provider (Amazon Web Services)  provider: aws  # pro   file is the name of the provider profile  profile: staging  # aws_access_key is the access key for AWS account  aws_access_key: AKIAXXXXXXXXXXXXXX  # aws_secret_key is the secret key for AWS account  aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx- # provider is the name of the provider (Google Cloud Platform)  provider: gcp  # profile is the name of the provider profile  profile: logs  # gcp_service_account_key is the minified json of a google cloud service account with list permissions  gcp_service_account_key: '{xxxxxxxxxxxxx}'

Running cloudlist
▶ cloudlist

This will list all the assets from configured providers in the configuration file. Specific providers and asset type can also be specified using available flags.

▶ cloudlist -provider aws   ________                _____      __   / ____/ /___  __  ______/ / (_)____/ /_ / /   / / __ \/ / / / __  / / / ___/ __// /___/ / /_/ / /_/ / /_/ / / (__  ) /_  \____/_/\____/\__,_/\__,_/_/_/____/\__/  v0.0.1            projectdiscovery.io[WRN] Use with caution. You are responsible for your actions[WRN] Developers assume no liability and are not responsible for any misuse or damage.[INF] Listing assets from AWS (prod) provider.abc.comexample.com1.1.1.12.2.2.23.3.3.34.4.4.45.5.5.56.6.6.6[INF] Found 2 hosts and 6 IPs from AWS service (prod)

Running cloudlist with Nuclei

Scanning assets from various cloud providers with nuclei for security assessments:-

▶ cloudlist -silent | httpx -silent | nuclei -t cves/

Supported providers
  • AWS (Amazon web services)
    • EC2
    • Route53
  • GCP (Google Cloud Platform)
    • Cloud DNS
  • DO (DigitalOcean)
    • Instances
  • SCW (Scaleway)
    • Instances

To see how to configure providers, check PROVIDERS.md.


Todo
  • Add support for Azure platform

Cloudlist as a library

It's possible to use the library directly in your go programs. The following code snippets outline how to list assets from all or given cloud provider.

package mainimport (	"context"	"log"	"github.com/projectdiscovery/cloudlist/pkg/inventory"	"github.com/projectdiscovery/cloudlist/pkg/schema")func main() {	inventory, err := inventory.New(schema.Options{		schema.OptionBlock{"provider": "digitalocean", "digitalocean_token": "ec405badb974fd3d891c9223245f9ab5871c127fce9e632c8dc421edd46d7242"},	})	if err != nil {		log.Fatalf("%s\n", err)	}	for _, provider := range inventory.Providers {		resources, err := provider.Resources(context.Background())		if err != nil {			log.Fatalf("%s\n", err)		}		for _, resource := range resources.Items {			_ = resource // Do something with the resource		}	}}

Acknowledgments

Thank you for inspiration


License

cloudlist is made with love by the projectdiscovery team and licensed under MIT



Via: feedproxy.google.com
Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers Reviewed by Anónimo on 17:36 Rating: 5

Post Comments