Zum Inhalt

Cloudlist Cloud Assets Listing Cheat Sheet

Überblick

Cloudlist ist ein Multi-Cloud-Tool, das von Project Discovery für die Auflistung von Vermögenswerten verschiedener Cloud-Anbieter entwickelt wurde. Es ist entworfen, um Sicherheitsteams zu helfen, ihre Angriffs-Oberflächenmanagement-Bemühungen durch die Entdeckung und Überwachung von Cloud-Assistenten über mehrere Anbieter, einschließlich AWS, Azure, GCP, DigitalOcean, Linode, Alibaba Cloud und mehr.

Was ist los? Cloudlist neben anbieterspezifischen Tools ist seine einheitliche Schnittstelle zur gleichzeitigen Abfrage mehrerer Cloud-Anbieter. Dies vereinfacht den Prozess der Aufrechterhaltung eines Inventars von Cloud-Assets, insbesondere für Organisationen, die mehrere Cloud-Anbieter verwenden. Cloudlist bietet unabhängig vom Anbieter eine gleichbleibende Ausgabe, wodurch die Integration in Sicherheits-Workflows und Automatisierungspipelines erleichtert wird.

Cloudlist ist in erster Linie für blaue Teams gedacht, um die Sichtbarkeit in ihre Cloud-Infrastruktur zu erhalten, aber es ist auch wertvoll für rote Teams und Penetrationsprüfer, die die Angriffsfläche einer Organisation verstehen müssen. Cloudlist hilft Sicherheitsexperten dabei, potenzielle Sicherheitsrisiken wie exponierte Services, falsche Ressourcen oder unautorisierte Bereitstellungen zu identifizieren.

Installation

Verwenden Sie Go

```bash

Install using Go (requires Go 1.20 or later)

go install -v github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest

Verify installation

cloudlist -version ```_

Verwendung von Docker

```bash

Pull the latest Docker image

docker pull projectdiscovery/cloudlist:latest

Run Cloudlist using Docker

docker run -it projectdiscovery/cloudlist:latest -h ```_

Verwendung von Homebrew (macOS)

```bash

Install using Homebrew

brew install cloudlist

Verify installation

cloudlist -version ```_

Verwendung von PDTM (Projekt Discovery Tools Manager)

```bash

Install PDTM first if not already installed

go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

Install Cloudlist using PDTM

pdtm -i cloudlist

Verify installation

cloudlist -version ```_

Auf Kali Linux

```bash

Install using apt

sudo apt install cloudlist

Verify installation

cloudlist -version ```_

Basisnutzung

Auflistung von Cloud-Assets

```bash

List assets from all configured providers

cloudlist

List assets from a specific provider

cloudlist -provider aws

List assets from multiple providers

cloudlist -provider aws,azure,gcp ```_

Ausgabeoptionen

```bash

Save results to a file

cloudlist -o results.txt

Output in JSON format

cloudlist -json -o results.json

Silent mode (only results)

cloudlist -silent ```_

Konfiguration des Anbieters

AWS Konfiguration

```bash

Add AWS provider with access key and secret key

cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Add AWS provider with profile

cloudlist -add aws -aws-profile default

Add AWS provider with session token

cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -aws-session-token AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4Olgk ```_

Azure Konfiguration

```bash

Add Azure provider with client ID, client secret, and tenant ID

cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000

Add Azure provider with subscription ID

cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000 -azure-subscription-id 00000000-0000-0000-0000-000000000000 ```_

GCP Konfiguration

```bash

Add GCP provider with service account key file

cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json

Add GCP provider with credentials file

cloudlist -add gcp -gcp-credentials-file /path/to/credentials.json

Add GCP provider with project ID

cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json -gcp-project-id example-project-id ```_

DigitalOcean Konfiguration

```bash

Add DigitalOcean provider with API token

cloudlist -add digitalocean -do-token YOUR_DIGITALOCEAN_API_TOKEN ```_

Linode Konfiguration

```bash

Add Linode provider with API token

cloudlist -add linode -linode-token YOUR_LINODE_API_TOKEN ```_

Alibaba Cloud Konfiguration

```bash

Add Alibaba Cloud provider with access key and secret key

cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY

Add Alibaba Cloud provider with region

cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY -alibaba-region cn-hangzhou ```_

Cloudflare Konfiguration

```bash

Add Cloudflare provider with API token

cloudlist -add cloudflare -cloudflare-token YOUR_CLOUDFLARE_API_TOKEN

Add Cloudflare provider with API key and email

cloudlist -add cloudflare -cloudflare-key YOUR_CLOUDFLARE_API_KEY -cloudflare-email your-email@example.com ```_

Erweiterte Nutzung

Unternehmen Management

```bash

List configured providers

cloudlist -list

Remove a provider

cloudlist -remove aws

Remove all providers

cloudlist -remove-all ```_

Filteroptionen

```bash

Filter by resource type

cloudlist -resource-type instance

Filter by multiple resource types

cloudlist -resource-type instance,storage

Filter by tag

cloudlist -tag key=value

Filter by multiple tags

cloudlist -tag key1=value1,key2=value2 ```_

Ressourcenarten

```bash

List specific resource types

cloudlist -resource-type instance # List only instances cloudlist -resource-type storage # List only storage resources cloudlist -resource-type network # List only network resources cloudlist -resource-type database # List only database resources cloudlist -resource-type container # List only container resources cloudlist -resource-type function # List only serverless functions ```_

Ausgabeformatierung

```bash

Format output as IP:port

cloudlist -format "\\{\\{.IP\\}\\}:\\{\\{.Port\\}\\}"

Format output as hostname and IP

cloudlist -format "\\{\\{.Hostname\\}\\} (\\{\\{.IP\\}\\})"

Format output as JSON with specific fields

cloudlist -json -format "\\{\\{.ID\\}\\},\\{\\{.Name\\}\\},\\{\\{.IP\\}\\},\\{\\{.Provider\\}\\}" ```_

Integration mit anderen Tools

Pipeline mit HTTPX

```bash

List cloud assets and probe for HTTP services

cloudlist -silent|httpx -silent

List cloud assets, filter by port, and probe for HTTP services

| cloudlist -silent | grep ":80" | httpx -silent | ```_

Pipeline mit Nuclei

```bash

List cloud assets, probe for HTTP services, and scan for vulnerabilities

| cloudlist -silent | httpx -silent | nuclei -t cves/ |

List cloud assets from specific provider and scan for vulnerabilities

| cloudlist -provider aws -silent | httpx -silent | nuclei -t exposures/ | ```_

Pipeline mit Naabu

```bash

List cloud assets and scan for open ports

cloudlist -silent|naabu -silent

List cloud assets and scan for specific ports

cloudlist -silent|naabu -p 80,443,8080 -silent ```_

Produktionsanpassung

Zollausgabe Format

```bash

Output only IP addresses

cloudlist -silent -format "\\{\\{.IP\\}\\}"

Output hostname and provider

cloudlist -silent -format "\\{\\{.Hostname\\}\\} (\\{\\{.Provider\\}\\})"

Output JSON with specific fields

cloudlist -json -format "\\{\\{.ID\\}\\},\\{\\{.Name\\}\\},\\{\\{.IP\\}\\},\\{\\{.Provider\\}\\}" ```_

Filterausgang

```bash

Filter by IP address

cloudlist -silent|grep "192.168"

Filter by hostname

cloudlist -silent|grep "example.com"

Filter by provider

cloudlist -silent|grep "aws"

Filter by port

cloudlist -silent|grep ":443" ```_

Erweiterte Filterung

Provider-spezifische Filterung

```bash

Filter AWS resources by region

cloudlist -provider aws -silent|grep "us-east-1"

Filter Azure resources by resource group

cloudlist -provider azure -silent|grep "production-rg"

Filter GCP resources by project

cloudlist -provider gcp -silent|grep "example-project" ```_

Ressourcentyp Filtern

```bash

Filter by instance type

cloudlist -silent|grep "t2.micro"

Filter by storage type

cloudlist -silent|grep "s3"

Filter by database type

cloudlist -silent|grep "rds" ```_

Fehlerbehebung

Gemeinsame Themen

  1. *Authentifizierungsfragen ```bash # Verify provider configuration cloudlist -list

# Update provider credentials cloudlist -remove aws cloudlist -add aws -aws-access-key NEW_ACCESS_KEY -aws-secret-key NEW_SECRET_KEY

```_

  1. Beschränkung ```bash # Reduce concurrency cloudlist -concurrency 5

# Add delay between requests cloudlist -delay 2

```_

  1. *Auftragsfragen ```bash # Check if credentials have sufficient permissions # For AWS, ensure the IAM user/role has the necessary read permissions # For Azure, ensure the service principal has the Reader role # For GCP, ensure the service account has the necessary viewer roles

```_

  1. ** Keine Ergebnisse** ```bash # Check if provider is configured correctly cloudlist -list

# Try a different provider cloudlist -provider azure

# Check if resources exist in the account

```_

Debugging

```bash

Enable verbose mode

cloudlist -v

Show debug information

cloudlist -debug

Check provider configuration

cloudlist -list ```_

Konfiguration

Datei konfigurieren

Cloudlist verwendet eine Konfigurationsdatei unter $HOME/.config/cloudlist/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:

```yaml

Example configuration file

providers: - id: aws aws: access_key: AKIAIOSFODNN7EXAMPLE secret_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - id: azure azure: client_id: 00000000-0000-0000-0000-000000000000 client_secret: EXAMPLE-SECRET tenant_id: 00000000-0000-0000-0000-000000000000 - id: gcp gcp: service_account_key: /path/to/service-account-key.json ```_

Umweltvariablen

```bash

Set Cloudlist configuration via environment variables

export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000 export AZURE_CLIENT_SECRET=EXAMPLE-SECRET export AZURE_TENANT_ID=00000000-0000-0000-0000-000000000000 export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json ```_

Sachgebiet

Kommandozeilenoptionen

| | Flag | Description | | | --- | --- | | | -provider | Provider(s) to list assets from | | | | -resource-type | Resource type(s) to list | | | | -tag | Tag(s) to filter resources by | | | | -format | Custom output format | | | | -o, -output | File to write output to | | | | -json | Write output in JSON format | | | | -silent | Show only results in output | | | | -v, -verbose | Show verbose output | | | | -debug | Show debug information | | | | -concurrency | Number of concurrent requests | | | | -delay | Delay between requests in seconds | | | | -add | Add a new provider | | | | -remove | Remove a provider | | | | -remove-all | Remove all providers | | | | -list | List configured providers | | | | -version | Show Cloudlist version | |

Provider-spezifische Optionen

AWS Optionen

| | Flag | Description | | | --- | --- | | | -aws-access-key | AWS access key | | | | -aws-secret-key | AWS secret key | | | | -aws-session-token | AWS session token | | | | -aws-profile | AWS profile name | | | | -aws-region | AWS region | |

Azure Optionen

| | Flag | Description | | | --- | --- | | | -azure-client-id | Azure client ID | | | | -azure-client-secret | Azure client secret | | | | -azure-tenant-id | Azure tenant ID | | | | -azure-subscription-id | Azure subscription ID | |

GCP Optionen

| | Flag | Description | | | --- | --- | | | -gcp-service-account-key | GCP service account key file | | | | -gcp-credentials-file | GCP credentials file | | | | -gcp-project-id | GCP project ID | |

DigitalOcean Optionen

| | Flag | Description | | | --- | --- | | | -do-token | DigitalOcean API token | |

Linode Optionen

| | Flag | Description | | | --- | --- | | | -linode-token | Linode API token | |

Alibaba Cloud Optionen

| | Flag | Description | | | --- | --- | | | -alibaba-access-key | Alibaba Cloud access key | | | | -alibaba-secret-key | Alibaba Cloud secret key | | | | -alibaba-region | Alibaba Cloud region | |

Cloudflare Optionen

| | Flag | Description | | | --- | --- | | | -cloudflare-token | Cloudflare API token | | | | -cloudflare-key | Cloudflare API key | | | | -cloudflare-email | Cloudflare email | |

Unterstützte Provider

| | Provider | Description | | | --- | --- | | | aws | Amazon Web Services | | | | azure | Microsoft Azure | | | | gcp | Google Cloud Platform | | | | digitalocean | DigitalOcean | | | | linode | Linode | | | | alibaba | Alibaba Cloud | | | | cloudflare | Cloudflare | |

Unterstützte Ressourcentypen

| | Type | Description | | | --- | --- | | | instance | Virtual machines and instances | | | | storage | Storage resources (e.g., S3 buckets, Azure Blobs) | | | | network | Network resources (e.g., load balancers, VPCs) | | | | database | Database resources (e.g., RDS, Azure SQL) | | | | container | Container resources (e.g., ECS, AKS) | | | | function | Serverless functions (e.g., Lambda, Azure Functions) | |

Ressourcen

  • [offizielle Dokumentation](__LINK_3___
  • [GitHub Repository](_LINK_3__
  • [Project Discovery Discord](__LINK_3___

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Cloudlist, von der Grundwertliste bis hin zur erweiterten Filterung und Integration mit anderen Tools. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *