Cloudlist Cloud Assets Listing Cheat Sheet¶
Im Überblick
Cloudlist ist ein Multi-Cloud-Tool, das von Project Discovery für die Auflistung von Vermögenswerten verschiedener Cloud-Anbieter entwickelt wurde. Es ist entworfen, um Sicherheitsteams zu helfen, ihre Angriffs-Oberflächenmanagement-Bemühungen durch die Entdeckung und Überwachung von Cloud-Assistenten über mehrere Anbieter, einschließlich AWS, Azure, GCP, DigitalOcean, Linode, Alibaba Cloud und mehr.
Was ist los? Cloudlist neben anbieterspezifischen Tools ist seine einheitliche Schnittstelle zur gleichzeitigen Abfrage mehrerer Cloud-Anbieter. Dies vereinfacht den Prozess der Aufrechterhaltung eines Inventars von Cloud-Assets, insbesondere für Organisationen, die mehrere Cloud-Anbieter verwenden. Cloudlist bietet unabhängig vom Anbieter eine gleichbleibende Ausgabe, wodurch die Integration in Sicherheits-Workflows und Automatisierungspipelines erleichtert wird.
Cloudlist ist in erster Linie für blaue Teams gedacht, um die Sichtbarkeit in ihre Cloud-Infrastruktur zu erhalten, aber es ist auch wertvoll für rote Teams und Penetrationsprüfer, die die Angriffsfläche einer Organisation verstehen müssen. Cloudlist hilft Sicherheitsexperten dabei, potenzielle Sicherheitsrisiken wie exponierte Services, falsche Ressourcen oder unautorisierte Bereitstellungen zu identifizieren.
• Installation
Verwenden von Go¶
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest
# Verify installation
cloudlist -version
Verwenden von Docker¶
# Pull the latest Docker image
docker pull projectdiscovery/cloudlist:latest
# Run Cloudlist using Docker
docker run -it projectdiscovery/cloudlist:latest -h
Verwendung von Homebrew (macOS)¶
Verwenden von PDTM (Projekt Discovery Tools Manager)¶
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install Cloudlist using PDTM
pdtm -i cloudlist
# Verify installation
cloudlist -version
Auf Kali Linux
oder Basisnutzung
Listing Cloud Assets¶
# List assets from all configured providers
cloudlist
# List assets from a specific provider
cloudlist -provider aws
# List assets from multiple providers
cloudlist -provider aws,azure,gcp
Ausgabeoptionen¶
# Save results to a file
cloudlist -o results.txt
# Output in JSON format
cloudlist -json -o results.json
# Silent mode (only results)
cloudlist -silent
Konfiguration des Anbieters
AWS Konfiguration¶
# Add AWS provider with access key and secret key
cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# Add AWS provider with profile
cloudlist -add aws -aws-profile default
# Add AWS provider with session token
cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -aws-session-token AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4Olgk
Azure Configuration¶
# Add Azure provider with client ID, client secret, and tenant ID
cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000
# Add Azure provider with subscription ID
cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000 -azure-subscription-id 00000000-0000-0000-0000-000000000000
GCP Konfiguration¶
# Add GCP provider with service account key file
cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json
# Add GCP provider with credentials file
cloudlist -add gcp -gcp-credentials-file /path/to/credentials.json
# Add GCP provider with project ID
cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json -gcp-project-id example-project-id
DigitalOcean Konfiguration¶
# Add DigitalOcean provider with API token
cloudlist -add digitalocean -do-token YOUR_DIGITALOCEAN_API_TOKEN
Linode Konfiguration¶
Alibaba Cloud Konfiguration¶
# Add Alibaba Cloud provider with access key and secret key
cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY
# Add Alibaba Cloud provider with region
cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY -alibaba-region cn-hangzhou
Cloudflare Konfiguration¶
# Add Cloudflare provider with API token
cloudlist -add cloudflare -cloudflare-token YOUR_CLOUDFLARE_API_TOKEN
# Add Cloudflare provider with API key and email
cloudlist -add cloudflare -cloudflare-key YOUR_CLOUDFLARE_API_KEY -cloudflare-email your-email@example.com
/ Fortgeschrittene Nutzung
Provider Management¶
# List configured providers
cloudlist -list
# Remove a provider
cloudlist -remove aws
# Remove all providers
cloudlist -remove-all
Filteroptionen¶
# Filter by resource type
cloudlist -resource-type instance
# Filter by multiple resource types
cloudlist -resource-type instance,storage
# Filter by tag
cloudlist -tag key=value
# Filter by multiple tags
cloudlist -tag key1=value1,key2=value2
Ressourcenarten¶
# List specific resource types
cloudlist -resource-type instance # List only instances
cloudlist -resource-type storage # List only storage resources
cloudlist -resource-type network # List only network resources
cloudlist -resource-type database # List only database resources
cloudlist -resource-type container # List only container resources
cloudlist -resource-type function # List only serverless functions
Ausgabeformatierung¶
# Format output as IP:port
cloudlist -format "\\\\{\\\\{.IP\\\\}\\\\}:\\\\{\\\\{.Port\\\\}\\\\}"
# Format output as hostname and IP
cloudlist -format "\\\\{\\\\{.Hostname\\\\}\\\\} (\\\\{\\\\{.IP\\\\}\\\\})"
# Format output as JSON with specific fields
cloudlist -json -format "\\\\{\\\\{.ID\\\\}\\\\},\\\\{\\\\{.Name\\\\}\\\\},\\\\{\\\\{.IP\\\\}\\\\},\\\\{\\\\{.Provider\\\\}\\\\}"
Integration mit anderen Tools
Pipeline mit HTTPX¶
# List cloud assets and probe for HTTP services
cloudlist -silent|httpx -silent
# List cloud assets, filter by port, and probe for HTTP services
cloudlist -silent|grep ":80"|httpx -silent
Pipeline mit Nuclei¶
# List cloud assets, probe for HTTP services, and scan for vulnerabilities
cloudlist -silent|httpx -silent|nuclei -t cves/
# List cloud assets from specific provider and scan for vulnerabilities
cloudlist -provider aws -silent|httpx -silent|nuclei -t exposures/
Pipeline mit Naabu¶
# List cloud assets and scan for open ports
cloudlist -silent|naabu -silent
# List cloud assets and scan for specific ports
cloudlist -silent|naabu -p 80,443,8080 -silent
/ Output Customization
Individuelle Ausgabeformat¶
# Output only IP addresses
cloudlist -silent -format "\\\\{\\\\{.IP\\\\}\\\\}"
# Output hostname and provider
cloudlist -silent -format "\\\\{\\\\{.Hostname\\\\}\\\\} (\\\\{\\\\{.Provider\\\\}\\\\})"
# Output JSON with specific fields
cloudlist -json -format "\\\\{\\\\{.ID\\\\}\\\\},\\\\{\\\\{.Name\\\\}\\\\},\\\\{\\\\{.IP\\\\}\\\\},\\\\{\\\\{.Provider\\\\}\\\\}"
Filterausgang¶
# Filter by IP address
cloudlist -silent|grep "192.168"
# Filter by hostname
cloudlist -silent|grep "example.com"
# Filter by provider
cloudlist -silent|grep "aws"
# Filter by port
cloudlist -silent|grep ":443"
Erweiterte Filterung
Provider-Specific Filtering¶
# Filter AWS resources by region
cloudlist -provider aws -silent|grep "us-east-1"
# Filter Azure resources by resource group
cloudlist -provider azure -silent|grep "production-rg"
# Filter GCP resources by project
cloudlist -provider gcp -silent|grep "example-project"
Ressourcentyp Filtern¶
# Filter by instance type
cloudlist -silent|grep "t2.micro"
# Filter by storage type
cloudlist -silent|grep "s3"
# Filter by database type
cloudlist -silent|grep "rds"
Fehlerbehebung
Häufige Fragen¶
ANHANG **Authentifizierungsfragen*
# Verify provider configuration
cloudlist -list
# Update provider credentials
cloudlist -remove aws
cloudlist -add aws -aws-access-key NEW_ACCESS_KEY -aws-secret-key NEW_SECRET_KEY
```_
2. **Beschränkung**
```bash
# Reduce concurrency
cloudlist -concurrency 5
# Add delay between requests
cloudlist -delay 2
```_
3. **Auftragsfragen*
```bash
# Check if credentials have sufficient permissions
# For AWS, ensure the IAM user/role has the necessary read permissions
# For Azure, ensure the service principal has the Reader role
# For GCP, ensure the service account has the necessary viewer roles
```_
4. ** Keine Ergebnisse**
```bash
# Check if provider is configured correctly
cloudlist -list
# Try a different provider
cloudlist -provider azure
# Check if resources exist in the account
```_
### Debugging
```bash
# Enable verbose mode
cloudlist -v
# Show debug information
cloudlist -debug
# Check provider configuration
cloudlist -list
Konfiguration
Konfigurationsdatei¶
Cloudlist verwendet eine Konfigurationsdatei unter $HOME/.config/cloudlist/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:
# Example configuration file
providers:
- id: aws
aws:
access_key: AKIAIOSFODNN7EXAMPLE
secret_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
- id: azure
azure:
client_id: 00000000-0000-0000-0000-000000000000
client_secret: EXAMPLE-SECRET
tenant_id: 00000000-0000-0000-0000-000000000000
- id: gcp
gcp:
service_account_key: /path/to/service-account-key.json
Umgebungsvariablen¶
# Set Cloudlist configuration via environment variables
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000
export AZURE_CLIENT_SECRET=EXAMPLE-SECRET
export AZURE_TENANT_ID=00000000-0000-0000-0000-000000000000
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json
Referenz
Kommandozeilenoptionen¶
| Flag | Description |
|---|---|
| INLINE_CODE_33 | Provider(s) to list assets from |
| INLINE_CODE_34 | Resource type(s) to list |
| INLINE_CODE_35 | Tag(s) to filter resources by |
| INLINE_CODE_36 | Custom output format |
| INLINE_CODE_37 | File to write output to |
| INLINE_CODE_38 | Write output in JSON format |
| INLINE_CODE_39 | Show only results in output |
| INLINE_CODE_40 | Show verbose output |
| INLINE_CODE_41 | Show debug information |
| INLINE_CODE_42 | Number of concurrent requests |
| INLINE_CODE_43 | Delay between requests in seconds |
| INLINE_CODE_44 | Add a new provider |
| INLINE_CODE_45 | Remove a provider |
| INLINE_CODE_46 | Remove all providers |
| INLINE_CODE_47 | List configured providers |
| INLINE_CODE_48 | Show Cloudlist version |
| _ | |
| ### Provider-spezifische Optionen |
AWS Optionen
| Flag | Description |
|---|---|
| INLINE_CODE_49 | AWS access key |
| INLINE_CODE_50 | AWS secret key |
| INLINE_CODE_51 | AWS session token |
| INLINE_CODE_52 | AWS profile name |
| INLINE_CODE_53 | AWS region |
In den Warenkorb
| Flag | Description |
|---|---|
| INLINE_CODE_54 | Azure client ID |
| INLINE_CODE_55 | Azure client secret |
| INLINE_CODE_56 | Azure tenant ID |
| INLINE_CODE_57 | Azure subscription ID |
| _ | |
| GCP-Optionen |
| Flag | Description |
|---|---|
| INLINE_CODE_58 | GCP service account key file |
| INLINE_CODE_59 | GCP credentials file |
| INLINE_CODE_60 | GCP project ID |
DigitalOcean Optionen
| Flag | Description |
|---|---|
| INLINE_CODE_61 | DigitalOcean API token |
| _ | |
| Linode Optionen |
| Flag | Description |
|---|---|
| INLINE_CODE_62 | Linode API token |
Alibaba Cloud Optionen
| Flag | Description |
|---|---|
| INLINE_CODE_63 | Alibaba Cloud access key |
| INLINE_CODE_64 | Alibaba Cloud secret key |
| INLINE_CODE_65 | Alibaba Cloud region |
| _ | |
| Optionen für Cloudflare |
| Flag | Description |
|---|---|
| INLINE_CODE_66 | Cloudflare API token |
| INLINE_CODE_67 | Cloudflare API key |
| INLINE_CODE_68 | Cloudflare email |
Unterstützte Anbieter¶
| Provider | Description |
|---|---|
| INLINE_CODE_69 | Amazon Web Services |
| INLINE_CODE_70 | Microsoft Azure |
| INLINE_CODE_71 | Google Cloud Platform |
| INLINE_CODE_72 | DigitalOcean |
| INLINE_CODE_73 | Linode |
| INLINE_CODE_74 | Alibaba Cloud |
| INLINE_CODE_75 | Cloudflare |
Unterstützte Ressourcentypen¶
| Type | Description |
|---|---|
| INLINE_CODE_76 | Virtual machines and instances |
| INLINE_CODE_77 | Storage resources (e.g., S3 buckets, Azure Blobs) |
| INLINE_CODE_78 | Network resources (e.g., load balancers, VPCs) |
| INLINE_CODE_79 | Database resources (e.g., RDS, Azure SQL) |
| INLINE_CODE_80 | Container resources (e.g., ECS, AKS) |
| INLINE_CODE_81 | Serverless functions (e.g., Lambda, Azure Functions) |
| _ | |
| Ressourcen |
- offizielle Dokumentation
- (GitHub Repository)(https://github.com/projectdiscovery/cloudlist)_
- (https://discord.gg/projectdiscovery)
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Cloudlist, von der Grundwertliste bis hin zur erweiterten Filterung und Integration mit anderen Tools. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *