Liste des actifs Cloud Liste Cheat Sheet

Aperçu général

Cloudlist est un outil multi-cloud développé par Project Discovery pour la liste des actifs de différents fournisseurs de cloud. Il est conçu pour aider les équipes de sécurité à accroître leurs efforts de gestion de surface d'attaque en découvrant et en surveillant les actifs cloud de plusieurs fournisseurs, notamment AWS, Azure, GCP, DigitalOcean, Linode, Alibaba Cloud, et plus encore.

Quels ensembles Cloudlist, en dehors des outils spécifiques aux fournisseurs, est son interface unifiée pour interroger simultanément plusieurs fournisseurs de cloud. Cela simplifie considérablement le processus de tenue d'un inventaire des actifs cloud, en particulier pour les organisations qui utilisent plusieurs fournisseurs de cloud. Cloudlist fournit une sortie cohérente quel que soit le fournisseur, ce qui facilite l'intégration dans les flux de travail de sécurité et les pipelines d'automatisation.

Cloudlist est principalement destiné aux équipes bleues pour maintenir la visibilité dans leur infrastructure cloud, mais il est également précieux pour les équipes rouges et les testeurs de pénétration qui doivent comprendre la surface d'attaque d'une organisation. En offrant une vue d'ensemble des actifs cloud, Cloudlist aide les professionnels de la sécurité à identifier les risques potentiels de sécurité, tels que les services exposés, les ressources mal configurées ou les déploiements non autorisés.

Installation

Utilisation de Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest

# Verify installation
cloudlist -version

Utilisation de Docker

# Pull the latest Docker image
docker pull projectdiscovery/cloudlist:latest

# Run Cloudlist using Docker
docker run -it projectdiscovery/cloudlist:latest -h
```_

### Utilisation de Homebrew (macOS)

```bash
# Install using Homebrew
brew install cloudlist

# Verify installation
cloudlist -version
```_

### Utilisation de PDTM (Project Discovery Tools Manager)

```bash
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install Cloudlist using PDTM
pdtm -i cloudlist

# Verify installation
cloudlist -version

Sur Kali Linux

# Install using apt
sudo apt install cloudlist

# Verify installation
cloudlist -version

Utilisation de base

Liste des actifs Cloud

# List assets from all configured providers
cloudlist

# List assets from a specific provider
cloudlist -provider aws

# List assets from multiple providers
cloudlist -provider aws,azure,gcp

Options de sortie

# Save results to a file
cloudlist -o results.txt

# Output in JSON format
cloudlist -json -o results.json

# Silent mode (only results)
cloudlist -silent

Configuration du fournisseur

Configuration AWS

# Add AWS provider with access key and secret key
cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

# Add AWS provider with profile
cloudlist -add aws -aws-profile default

# Add AWS provider with session token
cloudlist -add aws -aws-access-key AKIAIOSFODNN7EXAMPLE -aws-secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -aws-session-token AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4Olgk

Configuration d'azur

# Add Azure provider with client ID, client secret, and tenant ID
cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000

# Add Azure provider with subscription ID
cloudlist -add azure -azure-client-id 00000000-0000-0000-0000-000000000000 -azure-client-secret EXAMPLE-SECRET -azure-tenant-id 00000000-0000-0000-0000-000000000000 -azure-subscription-id 00000000-0000-0000-0000-000000000000

GCP Configuration

# Add GCP provider with service account key file
cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json

# Add GCP provider with credentials file
cloudlist -add gcp -gcp-credentials-file /path/to/credentials.json

# Add GCP provider with project ID
cloudlist -add gcp -gcp-service-account-key /path/to/service-account-key.json -gcp-project-id example-project-id

Configuration de DigitalOcean

# Add DigitalOcean provider with API token
cloudlist -add digitalocean -do-token YOUR_DIGITALOCEAN_API_TOKEN

Configuration du linode

# Add Linode provider with API token
cloudlist -add linode -linode-token YOUR_LINODE_API_TOKEN

Configuration du nuage Alibaba

# Add Alibaba Cloud provider with access key and secret key
cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY

# Add Alibaba Cloud provider with region
cloudlist -add alibaba -alibaba-access-key YOUR_ALIBABA_ACCESS_KEY -alibaba-secret-key YOUR_ALIBABA_SECRET_KEY -alibaba-region cn-hangzhou

Configuration Cloudflare

# Add Cloudflare provider with API token
cloudlist -add cloudflare -cloudflare-token YOUR_CLOUDFLARE_API_TOKEN

# Add Cloudflare provider with API key and email
cloudlist -add cloudflare -cloudflare-key YOUR_CLOUDFLARE_API_KEY -cloudflare-email your-email@example.com

Utilisation avancée

Gestion des fournisseurs

# List configured providers
cloudlist -list

# Remove a provider
cloudlist -remove aws

# Remove all providers
cloudlist -remove-all

Options de filtrage

# Filter by resource type
cloudlist -resource-type instance

# Filter by multiple resource types
cloudlist -resource-type instance,storage

# Filter by tag
cloudlist -tag key=value

# Filter by multiple tags
cloudlist -tag key1=value1,key2=value2

Types de ressources

# List specific resource types
cloudlist -resource-type instance  # List only instances
cloudlist -resource-type storage   # List only storage resources
cloudlist -resource-type network   # List only network resources
cloudlist -resource-type database  # List only database resources
cloudlist -resource-type container # List only container resources
cloudlist -resource-type function  # List only serverless functions

Formatage des produits

# Format output as IP:port
cloudlist -format "\\\\{\\\\{.IP\\\\}\\\\}:\\\\{\\\\{.Port\\\\}\\\\}"

# Format output as hostname and IP
cloudlist -format "\\\\{\\\\{.Hostname\\\\}\\\\} (\\\\{\\\\{.IP\\\\}\\\\})"

# Format output as JSON with specific fields
cloudlist -json -format "\\\\{\\\\{.ID\\\\}\\\\},\\\\{\\\\{.Name\\\\}\\\\},\\\\{\\\\{.IP\\\\}\\\\},\\\\{\\\\{.Provider\\\\}\\\\}"

Intégration avec d'autres outils

Pipeline avec HTTPX

# List cloud assets and probe for HTTP services
cloudlist -silent|httpx -silent

# List cloud assets, filter by port, and probe for HTTP services
cloudlist -silent|grep ":80"|httpx -silent

Pipeline avec Nuclei

# List cloud assets, probe for HTTP services, and scan for vulnerabilities
cloudlist -silent|httpx -silent|nuclei -t cves/

# List cloud assets from specific provider and scan for vulnerabilities
cloudlist -provider aws -silent|httpx -silent|nuclei -t exposures/

Pipeline avec Naabu

# List cloud assets and scan for open ports
cloudlist -silent|naabu -silent

# List cloud assets and scan for specific ports
cloudlist -silent|naabu -p 80,443,8080 -silent

Personnalisation des sorties

Format de sortie personnalisé

# Output only IP addresses
cloudlist -silent -format "\\\\{\\\\{.IP\\\\}\\\\}"

# Output hostname and provider
cloudlist -silent -format "\\\\{\\\\{.Hostname\\\\}\\\\} (\\\\{\\\\{.Provider\\\\}\\\\})"

# Output JSON with specific fields
cloudlist -json -format "\\\\{\\\\{.ID\\\\}\\\\},\\\\{\\\\{.Name\\\\}\\\\},\\\\{\\\\{.IP\\\\}\\\\},\\\\{\\\\{.Provider\\\\}\\\\}"

Filtrage Sortie

# Filter by IP address
cloudlist -silent|grep "192.168"

# Filter by hostname
cloudlist -silent|grep "example.com"

# Filter by provider
cloudlist -silent|grep "aws"

# Filter by port
cloudlist -silent|grep ":443"

Filtre avancé

Filtrage spécifique au fournisseur

# Filter AWS resources by region
cloudlist -provider aws -silent|grep "us-east-1"

# Filter Azure resources by resource group
cloudlist -provider azure -silent|grep "production-rg"

# Filter GCP resources by project
cloudlist -provider gcp -silent|grep "example-project"

Filtre de type de ressource

# Filter by instance type
cloudlist -silent|grep "t2.micro"

# Filter by storage type
cloudlist -silent|grep "s3"

# Filter by database type
cloudlist -silent|grep "rds"

Dépannage

Questions communes

1. Questions relatives à l'authentification

      # Verify provider configuration
      cloudlist -list
   
      # Update provider credentials
      cloudlist -remove aws
      cloudlist -add aws -aws-access-key NEW_ACCESS_KEY -aws-secret-key NEW_SECRET_KEY
      ```
   
   2. **Limitation des taux**
   ```bash
      # Reduce concurrency
      cloudlist -concurrency 5
   
      # Add delay between requests
      cloudlist -delay 2
      ```
   
   3. **Émissions de permis**
   ```bash
      # Check if credentials have sufficient permissions
      # For AWS, ensure the IAM user/role has the necessary read permissions
      # For Azure, ensure the service principal has the Reader role
      # For GCP, ensure the service account has the necessary viewer roles
      ```
   
   4. **Aucun résultat**
   ```bash
      # Check if provider is configured correctly
      cloudlist -list
   
      # Try a different provider
      cloudlist -provider azure
   
      # Check if resources exist in the account
      ```
   
   ### Déboguement
   
   ```bash
   # Enable verbose mode
   cloudlist -v
   
   # Show debug information
   cloudlist -debug
   
   # Check provider configuration
   cloudlist -list
   

Configuration

Fichier de configuration

Cloudlist utilise un fichier de configuration situé à $HOME/.config/cloudlist/config.yaml. Vous pouvez personnaliser différents paramètres dans ce fichier :

# Example configuration file
providers:
  - id: aws
    aws:
      access_key: AKIAIOSFODNN7EXAMPLE
      secret_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  - id: azure
    azure:
      client_id: 00000000-0000-0000-0000-000000000000
      client_secret: EXAMPLE-SECRET
      tenant_id: 00000000-0000-0000-0000-000000000000
  - id: gcp
    gcp:
      service_account_key: /path/to/service-account-key.json

Variables d'environnement

# Set Cloudlist configuration via environment variables
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000
export AZURE_CLIENT_SECRET=EXAMPLE-SECRET
export AZURE_TENANT_ID=00000000-0000-0000-0000-000000000000
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json

Référence

Options de ligne de commande

Flag	Description
-provider	Provider(s) to list assets from
-resource-type	Resource type(s) to list
-tag	Tag(s) to filter resources by
-format	Custom output format
-o, -output	File to write output to
-json	Write output in JSON format
-silent	Show only results in output
-v, -verbose	Show verbose output
-debug	Show debug information
-concurrency	Number of concurrent requests
-delay	Delay between requests in seconds
-add	Add a new provider
-remove	Remove a provider
-remove-all	Remove all providers
-list	List configured providers
-version	Show Cloudlist version

Options spécifiques au fournisseur

Options AWS

Flag	Description
-aws-access-key	AWS access key
-aws-secret-key	AWS secret key
-aws-session-token	AWS session token
-aws-profile	AWS profile name
-aws-region	AWS region

Options d'azur

Flag	Description
-azure-client-id	Azure client ID
-azure-client-secret	Azure client secret
-azure-tenant-id	Azure tenant ID
-azure-subscription-id	Azure subscription ID

GCP Options

Flag	Description
-gcp-service-account-key	GCP service account key file
-gcp-credentials-file	GCP credentials file
-gcp-project-id	GCP project ID

Options numériques en océan

Flag	Description
-do-token	DigitalOcean API token

Options de linode

Flag	Description
-linode-token	Linode API token

Options Cloud Alibaba

Flag	Description
-alibaba-access-key	Alibaba Cloud access key
-alibaba-secret-key	Alibaba Cloud secret key
-alibaba-region	Alibaba Cloud region

Options Cloudflare

Flag	Description
-cloudflare-token	Cloudflare API token
-cloudflare-key	Cloudflare API key
-cloudflare-email	Cloudflare email

Fournisseurs soutenus

Provider	Description
aws	Amazon Web Services
azure	Microsoft Azure
gcp	Google Cloud Platform
digitalocean	DigitalOcean
linode	Linode
alibaba	Alibaba Cloud
cloudflare	Cloudflare

Types de ressources pris en charge

Type	Description
instance	Virtual machines and instances
storage	Storage resources (e.g., S3 buckets, Azure Blobs)
network	Network resources (e.g., load balancers, VPCs)
database	Database resources (e.g., RDS, Azure SQL)
container	Container resources (e.g., ECS, AKS)
function	Serverless functions (e.g., Lambda, Azure Functions)

Ressources

• [Documents officiels] (LINK_3)
• [Répertoire GitHub] (LINK_3)
• Discorde de découverte du projet

---

*Cette feuille de triche fournit une référence complète pour l'utilisation de Cloudlist, de la liste des actifs de base au filtrage avancé et l'intégration avec d'autres outils. Pour les informations les plus récentes, veuillez toujours consulter la documentation officielle. *