Cloudlist - a tool for listing assets from multiple Cloud Providers by ProjectDiscovery

Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.

Features

cloudlist

  • Easily list Cloud assets with multiple configurations.
  • Multiple cloud providers support.
  • Highly extensible making adding new providers a breeze.
  • STDOUT support to work with other tools in pipelines.

Usage

▶ cloudlist -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
config Config file for providers cloudlist -config test.yaml
provider List assets of given providers cloudlist -provider aws
host List hosts only cloudlist -host
ip List Ips only cloudlist -ip
json List output in the JSON format cloudlist -json
output Store the output in file cloudlist -output
silent Display results only cloudlist -silent
version Display current version cloudlist -version
verbose Display verbose mode cloudlist -verbose

Installation Instructions

Download the ready to use binary from release page or install/build using Go

GO111MODULE=on go get -v github.com/projectdiscovery/cloudlist/cmd/cloudlist

Configuration file

The default config file should be located in $HOME/.config/cloudlist/config.yaml and has the following contents as an example. In order to run this tool, the keys need to updated in the config file.

# Configuration file for cloudlist enumeration agent
- # provider is the name of the provider (Digitalocean)
  provider: do
  # profile is the name of the provider profile
  profile: xxxx
  # digitalocean_token is the API key for digitalocean cloud platform
  digitalocean_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

- # provider is the name of the provider (Scaleway)
  provider: scw
  # scaleway_access_key is the access key for scaleway API
  scaleway_access_key: SCWXXXXXXXXXXXXXX
  # scaleway_access_token is the access token for scaleway API
  scaleway_access_token: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

- # provider is the name of the provider (Amazon Web Services)
  provider: aws
  # profile is the name of the provider profile
  profile: staging
  # aws_access_key is the access key for AWS account
  aws_access_key: AKIAXXXXXXXXXXXXXX
  # aws_secret_key is the secret key for AWS account
  aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

- # provider is the name of the provider (Google Cloud Platform)
  provider: gcp
  # profile is the name of the provider profile
  profile: logs
  # gcp_service_account_key is the minified json of a google cloud service account with list permissions
  gcp_service_account_key: '{xxxxxxxxxxxxx}'

Running cloudlist

▶ cloudlist

This will list all the assets from configured providers in the configuration file. Specific providers and asset type can also be specified using available flags.

▶ cloudlist -provider aws

   ________                _____      __ 
  / ____/ /___  __  ______/ / (_)____/ /_
 / /   / / __ \/ / / / __  / / / ___/ __/
/ /___/ / /_/ / /_/ / /_/ / / (__  ) /_  
\____/_/\____/\__,_/\__,_/_/_/____/\__/  v0.0.1        

    projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Listing assets from AWS (prod) provider.
abc.com
example.com
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
[INF] Found 2 hosts and 6 IPs from AWS service (prod)

Running cloudlist with Nuclei

Scanning assets from various cloud providers with nuclei for security assessments:-

▶ cloudlist -silent | httpx -silent | nuclei -t cves/

Supported providers

  • AWS (Amazon web services)
    • EC2
    • Route53
  • GCP (Google Cloud Platform)
    • Cloud DNS
  • DO (DigitalOcean)
    • Instances
  • SCW (Scaleway)
    • Instances

Contribution

Please check PROVIDERS.md and DESIGN.md to include support for new cloud providers in Cloudlist.

  • Fork this project
  • Create your feature branch (git checkout -b new-provider)
  • Commit your changes (git commit -am 'Added new cloud provider')
  • Push to the branch (git push origin new-provider)
  • Create new Pull Request

Todo

  •  Add support for Azure platform

Cloudlist as a library

It's possible to use the library directly in your go programs. The following code snippets outline how to list assets from all or given cloud provider.

package main

import (
  "context"
  "log"

  "github.com/projectdiscovery/cloudlist/pkg/inventory"
  "github.com/projectdiscovery/cloudlist/pkg/schema"
)

func main() {
  inventory, err := inventory.New(schema.Options{
    schema.OptionBlock{"provider": "digitalocean", "digitalocean_token": "ec405badb974fd3d891c9223245f9ab5871c127fce9e632c8dc421edd46d7242"},
  })
  if err != nil {
    log.Fatalf("%s\n", err)
  }

  for _, provider := range inventory.Providers {
    resources, err := provider.Resources(context.Background())
    if err != nil {
      log.Fatalf("%s\n", err)
    }
    for _, resource := range resources.Items {
      _ = resource // Do something with the resource
    }
  }
}

Acknowledgments

Thank you for inspiration

License

cloudlist is made with black_heart by the projectdiscovery team and licensed under MIT


Original repository: https://github.com/projectdiscovery/cloudlist

June 7, 2021
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013

Privacy Preference Center

Necessary

Cookies that are necessary for the site to function properly. This includes, storing the user's cookie consent state for the current domain, managing users carts to using the content network, Cloudflare, to identify trusted web traffic. See full Cookies declaration

gdpr, PYPF, woocommerce_cart_hash, woocommerce_items_in_cart, _wp_wocommerce_session, __cfduid [x2]

Marketing


tr, fr
ads/ga-audiences