Cloudlist Cloud Assets Listing Cheat Sheet

Sinopsis

Cloudlist es una herramienta multi-cloud desarrollada por Project Discovery para la inclusión de activos de varios proveedores de cloud. Está diseñado para ayudar a los equipos de seguridad a aumentar sus esfuerzos de Gestión de Superficies de Ataque descubriendo y monitoreando activos en la nube a través de múltiples proveedores, incluyendo AWS, Azure, GCP, DigitalOcean, Linode, Alibaba Cloud, y más.

Qué conjunto Cloudlist aparte de las herramientas específicas del proveedor es su interfaz unificada para buscar múltiples proveedores de nube simultáneamente. Esto simplifica significativamente el proceso de mantener un inventario de activos en la nube, especialmente para organizaciones que utilizan múltiples proveedores de nube. Cloudlist proporciona una salida consistente independientemente del proveedor, lo que facilita la integración en los flujos de trabajo de seguridad y las tuberías de automatización.

Cloudlist está destinado principalmente a los equipos azules para mantener la visibilidad en su infraestructura cloud, pero también es valioso para los equipos rojos y los testadores de penetración que necesitan entender la superficie de ataque de una organización. Al proporcionar una visión completa de los activos en la nube, Cloudlist ayuda a los profesionales de la seguridad a identificar posibles riesgos de seguridad, tales como servicios expuestos, recursos malconfigurados o despliegues no autorizados.

Instalación

Usando Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest

# Verify installation
cloudlist -version

Usando Docker

# Pull the latest Docker image
docker pull projectdiscovery/cloudlist:latest

# Run Cloudlist using Docker
docker run -it projectdiscovery/cloudlist:latest -h

Utilizando Homebrew (macOS)

# Install using Homebrew
brew install cloudlist

# Verify installation
cloudlist -version

Utilizando PDTM (Project Discovery Tools Manager)

# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install Cloudlist using PDTM
pdtm -i cloudlist

# Verify installation
cloudlist -version

En Kali Linux

# Install using apt
sudo apt install cloudlist

# Verify installation
cloudlist -version

Uso básico

Lista de activos en la nube

# List assets from all configured providers
cloudlist

# List assets from a specific provider
cloudlist -provider aws

# List assets from multiple providers
cloudlist -provider aws,azure,gcp

Opciones de salida

# Save results to a file
cloudlist -o results.txt

# Output in JSON format
cloudlist -json -o results.json

# Silent mode (only results)
cloudlist -silent

Configuración del proveedor

Configuración AWS

# Add AWS provider with access key and secret key
cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

# Add AWS provider with profile
cloudlist -add aws -aws-profile default

# Add AWS provider with session token
cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -aws-session-token AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4Olgk

Configuración de Azure

# Add Azure provider with client ID, client secret, and tenant ID
cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000

# Add Azure provider with subscription ID
cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000 -azure-subscription-id 00000000-0000-0000-0000-000000000000

GCP Configuración

# Add GCP provider with service account key file
cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json

# Add GCP provider with credentials file
cloudlist -add gcp -gcp-credentials-file /path/to/credentials.json

# Add GCP provider with project ID
cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json -gcp-project-id example-project-id

Configuración DigitalOcean

# Add DigitalOcean provider with API token
cloudlist -add digitalocean -do-token YOUR_DIGITALOCEAN_API_TOKEN

Configuración de Linode

# Add Linode provider with API token
cloudlist -add linode -linode-token YOUR_LINODE_API_TOKEN

Configuración Nube de Alibaba

# Add Alibaba Cloud provider with access key and secret key
cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY

# Add Alibaba Cloud provider with region
cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY -alibaba-region cn-hangzhou

Configuración de Cloudflare

# Add Cloudflare provider with API token
cloudlist -add cloudflare -cloudflare-token YOUR_CLOUDFLARE_API_TOKEN

# Add Cloudflare provider with API key and email
cloudlist -add cloudflare -cloudflare-key YOUR_CLOUDFLARE_API_KEY -cloudflare-email your-email@example.com

Uso avanzado

Gestión de proveedores

# List configured providers
cloudlist -list

# Remove a provider
cloudlist -remove aws

# Remove all providers
cloudlist -remove-all

Opciones de filtración

# Filter by resource type
cloudlist -resource-type instance

# Filter by multiple resource types
cloudlist -resource-type instance,storage

# Filter by tag
cloudlist -tag key=value

# Filter by multiple tags
cloudlist -tag key1=value1,key2=value2

Tipos de recursos

# List specific resource types
cloudlist -resource-type instance  # List only instances
cloudlist -resource-type storage   # List only storage resources
cloudlist -resource-type network   # List only network resources
cloudlist -resource-type database  # List only database resources
cloudlist -resource-type container # List only container resources
cloudlist -resource-type function  # List only serverless functions

Formato de salida

# Format output as IP:port
cloudlist -format "\\\\{\\\\{.IP\\\\}\\\\}:\\\\{\\\\{.Port\\\\}\\\\}"

# Format output as hostname and IP
cloudlist -format "\\\\{\\\\{.Hostname\\\\}\\\\} (\\\\{\\\\{.IP\\\\}\\\\})"

# Format output as JSON with specific fields
cloudlist -json -format "\\\\{\\\\{.ID\\\\}\\\\},\\\\{\\\\{.Name\\\\}\\\\},\\\\{\\\\{.IP\\\\}\\\\},\\\\{\\\\{.Provider\\\\}\\\\}"

Integración con otras herramientas

Pipeline con HTTPX

# List cloud assets and probe for HTTP services
cloudlist -silent|httpx -silent

# List cloud assets, filter by port, and probe for HTTP services
cloudlist -silent|grep ":80"|httpx -silent

Pipeline con Nuclei

# List cloud assets, probe for HTTP services, and scan for vulnerabilities
cloudlist -silent|httpx -silent|nuclei -t cves/

# List cloud assets from specific provider and scan for vulnerabilities
cloudlist -provider aws -silent|httpx -silent|nuclei -t exposures/

Pipeline con Naabu

# List cloud assets and scan for open ports
cloudlist -silent|naabu -silent

# List cloud assets and scan for specific ports
cloudlist -silent|naabu -p 80,443,8080 -silent

Personalización de productos

Formato de salida personalizado

# Output only IP addresses
cloudlist -silent -format "\\\\{\\\\{.IP\\\\}\\\\}"

# Output hostname and provider
cloudlist -silent -format "\\\\{\\\\{.Hostname\\\\}\\\\} (\\\\{\\\\{.Provider\\\\}\\\\})"

# Output JSON with specific fields
cloudlist -json -format "\\\\{\\\\{.ID\\\\}\\\\},\\\\{\\\\{.Name\\\\}\\\\},\\\\{\\\\{.IP\\\\}\\\\},\\\\{\\\\{.Provider\\\\}\\\\}"

Filtro de salida

# Filter by IP address
cloudlist -silent|grep "192.168"

# Filter by hostname
cloudlist -silent|grep "example.com"

# Filter by provider
cloudlist -silent|grep "aws"

# Filter by port
cloudlist -silent|grep ":443"

Filtro avanzado

Filtros para proveedores

# Filter AWS resources by region
cloudlist -provider aws -silent|grep "us-east-1"

# Filter Azure resources by resource group
cloudlist -provider azure -silent|grep "production-rg"

# Filter GCP resources by project
cloudlist -provider gcp -silent|grep "example-project"

Tipo de recursos Filtro

# Filter by instance type
cloudlist -silent|grep "t2.micro"

# Filter by storage type
cloudlist -silent|grep "s3"

# Filter by database type
cloudlist -silent|grep "rds"

Solución de problemas

Cuestiones comunes

** Cuestiones relativas a la delincuencia**

   # Verify provider configuration
   cloudlist -list

   # Update provider credentials
   cloudlist -remove aws
   cloudlist -add aws -aws-access-key NEW_ACCESS_KEY -aws-secret-key NEW_SECRET_KEY
   ```

2. ** Limitación de destino**
```bash
   # Reduce concurrency
   cloudlist -concurrency 5

   # Add delay between requests
   cloudlist -delay 2
   ```

3. ** Cuestiones de misión**
```bash
   # Check if credentials have sufficient permissions
   # For AWS, ensure the IAM user/role has the necessary read permissions
   # For Azure, ensure the service principal has the Reader role
   # For GCP, ensure the service account has the necessary viewer roles
   ```

4. **Sin resultados**
```bash
   # Check if provider is configured correctly
   cloudlist -list

   # Try a different provider
   cloudlist -provider azure

   # Check if resources exist in the account
   ```

### Debugging

```bash
# Enable verbose mode
cloudlist -v

# Show debug information
cloudlist -debug

# Check provider configuration
cloudlist -list

Configuración

Archivo de configuración

Cloudlist utiliza un archivo de configuración ubicado en $HOME/.config/cloudlist/config.yaml. Puede personalizar varios ajustes en este archivo:

# Example configuration file
providers:
  - id: aws
    aws:
      access_key: AKIAIOSFODNN7EXAMPLE
      secret_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  - id: azure
    azure:
      client_id: 00000000-0000-0000-0000-000000000000
      client_secret: EXAMPLE-SECRET
      tenant_id: 00000000-0000-0000-0000-000000000000
  - id: gcp
    gcp:
      service_account_key: /path/to/service-account-key.json

Medio ambiente

# Set Cloudlist configuration via environment variables
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000
export AZURE_CLIENT_SECRET=EXAMPLE-SECRET
export AZURE_TENANT_ID=00000000-0000-0000-0000-000000000000
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json

Referencia

Opciones de línea de mando

Flag	Description
`-provider`	Provider(s) to list assets from
`-resource-type`	Resource type(s) to list
`-tag`	Tag(s) to filter resources by
`-format`	Custom output format
`-o, -output`	File to write output to
`-json`	Write output in JSON format
`-silent`	Show only results in output
`-v, -verbose`	Show verbose output
`-debug`	Show debug information
`-concurrency`	Number of concurrent requests
`-delay`	Delay between requests in seconds
`-add`	Add a new provider
`-remove`	Remove a provider
`-remove-all`	Remove all providers
`-list`	List configured providers
`-version`	Show Cloudlist version

Opciones de proveedor-específico

Opciones de AWS

Flag	Description
`-aws-access-key`	AWS access key
`-aws-secret-key`	AWS secret key
`-aws-session-token`	AWS session token
`-aws-profile`	AWS profile name
`-aws-region`	AWS region

Opciones de Azure

Flag	Description
`-azure-client-id`	Azure client ID
`-azure-client-secret`	Azure client secret
`-azure-tenant-id`	Azure tenant ID
`-azure-subscription-id`	Azure subscription ID

GCP Opciones

Flag	Description
`-gcp-service-account-key`	GCP service account key file
`-gcp-credentials-file`	GCP credentials file
`-gcp-project-id`	GCP project ID

Opciones de DigitalOcean

Flag	Description
`-do-token`	DigitalOcean API token

Opciones de Linode

Flag	Description
`-linode-token`	Linode API token

Opciones de Nube de Alibaba

Flag	Description
`-alibaba-access-key`	Alibaba Cloud access key
`-alibaba-secret-key`	Alibaba Cloud secret key
`-alibaba-region`	Alibaba Cloud region

Opciones de Cloudflare

Flag	Description
`-cloudflare-token`	Cloudflare API token
`-cloudflare-key`	Cloudflare API key
`-cloudflare-email`	Cloudflare email

Proveedores de apoyo

Provider	Description
`aws`	Amazon Web Services
`azure`	Microsoft Azure
`gcp`	Google Cloud Platform
`digitalocean`	DigitalOcean
`linode`	Linode
`alibaba`	Alibaba Cloud
`cloudflare`	Cloudflare

Tipos de recursos respaldados

Type	Description
`instance`	Virtual machines and instances
`storage`	Storage resources (e.g., S3 buckets, Azure Blobs)
`network`	Network resources (e.g., load balancers, VPCs)
`database`	Database resources (e.g., RDS, Azure SQL)
`container`	Container resources (e.g., ECS, AKS)
`function`	Serverless functions (e.g., Lambda, Azure Functions)

Recursos

-...

*Esta hoja de trampolín proporciona una referencia completa para el uso de Cloudlist, desde el listado básico de activos hasta el filtrado avanzado e integración con otras herramientas. Para la información más actualizada, consulte siempre la documentación oficial. *