One Tool to Rule the Clouds: Auditing AWS, Azure, and Alibaba with Cloudtoolkit
cloudtoolkit
Interactive multi-cloud security assessment framework.
Capability overview
| Providers | Payload | Supported |
|---|---|---|
| Alibaba Cloud | backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts. |
ECS (Elastic Compute Service) OSS (Object Storage Service) RAM (Resource Access Management) RDS (Relational Database Service) |
| Tencent Cloud | cloudlist Getting: Assets from Cloud Providers to augment Attack Surface Management efforts. backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. |
CVM (Cloud Virtual Machine) Lighthouse COS (Cloud Object Storage) CAM (Cloud Access Management) |
| Huawei Cloud | backdoor-user” Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump” Quickly enumerate buckets to look for loot. cloudlist” Getting Assets from Cloud Providers to augment Attack Surface Management efforts. |
ECS (Elastic Cloud Server) OBS (Object Storage Service) IAM (Identity and Access Management) RDS (Relational Database Service) |
| Microsoft Azure | backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts. |
Virtual Machines Blob Storage |
| AWS (Amazon web services) | cloudlist: Getting Assets from Cloud Providers to augment Attack Surface Management efforts. backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to look for loot. |
EC2 (Elastic Compute Cloud) S3 (Simple Storage Service) IAM (Identity and Access Management) |
| GCP (Google Cloud Platform) | cloudlist | Compute Engine Cloud DNS |
Download
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce
