Cloudlist – A Tool For Listing Assets From Multiple Cloud Providers

cloudlist 8 cloudlist run

Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.

Features

  • Easily list Cloud assets with multiple configurations.
  • Multiple cloud providers support.
  • Highly extensible making adding new providers a breeze.
  • STDOUT support to work with other tools in pipelines.

Usage

▶ cloudlist -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
config Config file for providers cloudlist -config test.yaml
provider List assets of given providers cloudlist -provider aws
host List hosts only cloudlist -host
ip List Ips only cloudlist -ip
json List output in the JOSN format cloudlist -json
output Store the output in file cloudlist -output
silent Display results only cloudlist -silent
version Display current version cloudlist -version
verbose Display verbose mode cloudlist -verbose

Installation Instructions

From Source

The installation is easy. You can download the pre-built binaries for your platform from the Releases page. Extract them using tar, move it to your $PATHand you’re ready to go.

Download latest binary from https://github.com/projectdiscovery/cloudlist/releases

▶ tar -xvf cloudlist-linux-amd64.tar
▶ mv cloudlist-linux-amd64 /usr/local/bin/cloudlist
▶ cloudlist -h

From Source

cloudlist requires go1.14+ to install successfully. Run the following command to get the repo –

▶ GO111MODULE=on go get -v github.com/projectdiscovery/cloudlist/cmd/cloudlist

From Github

▶ git clone https://github.com/projectdiscovery/cloudlist.git; cd cloudlist/cmd/cloudlist; go build; cp cloudlist /usr/local/bin/; cloudlist -version

Configuration file

The default config file should be located in $HOME/.config/cloudlist/config.yaml and has the following contents as an example. In order to run this tool, the keys need to updated in the config file.

# Configuration file for cloudlist enumeration agent
- # provider is the name of the provider (Digitalocean)
provider: do
# profile is the name of the provider profile
profile: xxxx
# digitalocean_token is the API key for digitalocean cloud platform
digitalocean_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

- # provider is the name of the provider (Scaleway)
provider: scw
# scaleway_access_key is the access key for scaleway API
scaleway_access_key: SCWXXXXXXXXXXXXXX
# scaleway_access_token is the access token for scaleway API
scaleway_access_token: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

- # provider is the name of the provider (Amazon Web Services)
provider: aws
# pro file is the name of the provider profile
profile: staging
# aws_access_key is the access key for AWS account
aws_access_key: AKIAXXXXXXXXXXXXXX
# aws_secret_key is the secret key for AWS account
aws_secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

- # provider is the name of the provider (Google Cloud Platform)
provider: gcp
# profile is the name of the provider profile
profile: logs
# gcp_service_account_key is the minified json of a google cloud service account with list permissions
gcp_service_account_key: '{xxxxxxxxxxxxx}'

Running cloudlist

▶ cloudlist

This will list all the assets from configured providers in the configuration file. Specific providers and asset type can also be specified using available flags.

▶ cloudlist -provider aws

________ _____ __
/ ____/ /___ __ ______/ / (_)____/ /_
/ / / / __ / / / / __ / / / ___/ __/
/ /___/ / /_/ / /_/ / /_/ / / (__ ) /_
____/_/____/__,_/__,_/_/_/____/__/ v0.0.1

projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Listing assets from AWS (prod) provider.
abc.com
example.com
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
[INF] Found 2 hosts and 6 IPs from AWS service (prod)

Running cloudlist with Nuclei

Scanning assets from various cloud providers with nuclei for security assessments:-

▶ cloudlist -silent | httpx -silent | nuclei -t cves/

Supported providers

  • AWS (Amazon web services)
    • EC2
    • Route53
  • GCP (Google Cloud Platform)
    • Cloud DNS
  • DO (DigitalOcean)
    • Instances
  • SCW (Scaleway)
    • Instances

To see how to configure providers, check PROVIDERS.md.

Todo

  • Add support for Azure platform

Cloudlist as a library

It’s possible to use the library directly in your go programs. The following code snippets outline how to list assets from all or given cloud provider.

package main

import (
"context"
"log"

"github.com/projectdiscovery/cloudlist/pkg/inventory"
"github.com/projectdiscovery/cloudlist/pkg/schema"
)

func main() {
inventory, err := inventory.New(schema.Options{
schema.OptionBlock{"provider": "digitalocean", "digitalocean_token": "ec405badb974fd3d891c9223245f9ab5871c127fce9e632c8dc421edd46d7242"},
})
if err != nil {
log.Fatalf("%sn", err)
}

for _, provider := range inventory.Providers {
resources, err := provider.Resources(context.Background())
if err != nil {
log.Fatalf("%sn", err)
}
for _, resource := range resources.Items {
_ = resource // Do something with the resource
}
}
}

Acknowledgments

Thank you for inspiration

  • Smogcloud
  • Cloudmapper

License

cloudlist is made with love by the projectdiscovery team and licensed under MIT

Download Cloudlist

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source