Cloudlist – a tool for listing assets from multiple Cloud Providers by ProjectDiscovery

Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.

Features

  • Easily list Cloud assets with multiple configurations.
  • Multiple cloud providers support.
  • Highly extensible making adding new providers a breeze.
  • STDOUT support to work with other tools in pipelines.

Usage

▶ cloudlist -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
config Config file for providers cloudlist -config test.yaml
provider List assets of given providers cloudlist -provider aws
host List hosts only cloudlist -host
ip List Ips only cloudlist -ip
json List output in the JSON format cloudlist -json
output Store the output in file cloudlist -output
silent Display results only cloudlist -silent
version Display current version cloudlist -version
verbose Display verbose mode cloudlist -verbose

Installation Instructions

Download the ready to use binary from release page or install/build using Go

GO111MODULE=on go get -v github.com/projectdiscovery/cloudlist/cmd/cloudlist

Configuration file

The default config file should be located in $HOME/.config/cloudlist/config.yaml and has the following contents as an example. In order to run this tool, the keys need to updated in the config file.

# Configuration file for cloudlist enumeration agent
- # provider is the name of the provider (Digitalocean)
  provider: do
  # profile is the name of the provider profile
  profile: xxxx
  # digitalocean_token is the API key for digitalocean cloud platform
  digitalocean_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

- # provider is the name of the provider (Scaleway)
  provider: scw
  # scaleway_access_key is the access key for scaleway API
  scaleway_access_key: SCWXXXXXXXXXXXXXX
  # scaleway_access_token is the access token for scaleway API
  scaleway_access_token: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

- # provider is the name of the provider (Amazon Web Services)
  provider: aws
  # profile is the name of the provider profile
  profile: staging
  # aws_access_key is the access key for AWS account
  aws_access_key: AKIAXXXXXXXXXXXXXX
  # aws_secret_key is the secret key for AWS account
  aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

- # provider is the name of the provider (Google Cloud Platform)
  provider: gcp
  # profile is the name of the provider profile
  profile: logs
  # gcp_service_account_key is the minified json of a google cloud service account with list permissions
  gcp_service_account_key: '{xxxxxxxxxxxxx}'

Running cloudlist

▶ cloudlist

This will list all the assets from configured providers in the configuration file. Specific providers and asset type can also be specified using available flags.

▶ cloudlist -provider aws

   ________                _____      __ 
  / ____/ /___  __  ______/ / (_)____/ /_
 / /   / / __ / / / / __  / / / ___/ __/
/ /___/ / /_/ / /_/ / /_/ / / (__  ) /_  
____/_/____/__,_/__,_/_/_/____/__/  v0.0.1        

    projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Listing assets from AWS (prod) provider.
abc.com
example.com
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
[INF] Found 2 hosts and 6 IPs from AWS service (prod)

Running cloudlist with Nuclei

Scanning assets from various cloud providers with nuclei for security assessments:-

▶ cloudlist -silent | httpx -silent | nuclei -t cves/

Supported providers

  • AWS (Amazon web services)
    • EC2
    • Route53
  • GCP (Google Cloud Platform)
    • Cloud DNS
  • DO (DigitalOcean)
    • Instances
  • SCW (Scaleway)
    • Instances

Contribution

Please check PROVIDERS.md and DESIGN.md to include support for new cloud providers in Cloudlist.

  • Fork this project
  • Create your feature branch (git checkout -b new-provider)
  • Commit your changes (git commit -am 'Added new cloud provider')
  • Push to the branch (git push origin new-provider)
  • Create new Pull Request

Todo

  •  Add support for Azure platform

Cloudlist as a library

It’s possible to use the library directly in your go programs. The following code snippets outline how to list assets from all or given cloud provider.

package main

import (
  "context"
  "log"

  "github.com/projectdiscovery/cloudlist/pkg/inventory"
  "github.com/projectdiscovery/cloudlist/pkg/schema"
)

func main() {
  inventory, err := inventory.New(schema.Options{
    schema.OptionBlock{"provider": "digitalocean", "digitalocean_token": "ec405badb974fd3d891c9223245f9ab5871c127fce9e632c8dc421edd46d7242"},
  })
  if err != nil {
    log.Fatalf("%sn", err)
  }

  for _, provider := range inventory.Providers {
    resources, err := provider.Resources(context.Background())
    if err != nil {
      log.Fatalf("%sn", err)
    }
    for _, resource := range resources.Items {
      _ = resource // Do something with the resource
    }
  }
}

Acknowledgments

Thank you for inspiration

License

cloudlist is made with black_heart by the projectdiscovery team and licensed under MIT


Original repository: https://github.com/projectdiscovery/cloudlist

The post Cloudlist – a tool for listing assets from multiple Cloud Providers by ProjectDiscovery appeared first on Hakin9 – IT Security Magazine.

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: