TerraformGoat: “Vulnerable by Design” multi cloud deployment tool
TerraformGoat
TerraformGoat is HuoCorp research lab’s “Vulnerable by Design” multi-cloud deployment tool.
Currently, supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Scenarios
| ID | Cloud Service Company | Types Of Cloud Services | Vulnerable Environment |
|---|---|---|---|
| 1 | Alibaba Cloud | Networking | VPC Security Group Open All Ports |
| 2 | Alibaba Cloud | Networking | VPC Security Group Open Common Ports |
| 3 | Alibaba Cloud | Object Storage | Bucket HTTP Enable |
| 4 | Alibaba Cloud | Object Storage | Object ACL Writable |
| 5 | Alibaba Cloud | Object Storage | Object ACL Readable |
| 6 | Alibaba Cloud | Object Storage | Special Bucket Policy |
| 7 | Alibaba Cloud | Object Storage | Bucket Public Access |
| 8 | Alibaba Cloud | Object Storage | Object Public Access |
| 9 | Alibaba Cloud | Object Storage | Bucket Logging Disable |
| 10 | Alibaba Cloud | Object Storage | Bucket Policy Readable |
| 11 | Alibaba Cloud | Object Storage | Bucket Object Traversal |
| 12 | Alibaba Cloud | Object Storage | Unrestricted File Upload |
| 13 | Alibaba Cloud | Object Storage | Server Side Encryption No KMS Set |
| 14 | Alibaba Cloud | Object Storage | Server Side Encryption Not Using BYOK |
| 15 | Alibaba Cloud | Elastic Computing Service | ECS SSRF |
| 16 | Alibaba Cloud | Elastic Computing Service | ECS Unattached Disks Are Unencrypted |
| 17 | Alibaba Cloud | Elastic Computing Service | ECS Virtual Machine Disks Are Unencrypted |
| 18 | Tencent Cloud | Networking | VPC Security Group Open All Ports |
| 19 | Tencent Cloud | Networking | VPC Security Group Open Common Ports |
| 20 | Tencent Cloud | Object Storage | Bucket ACL Writable |
| 21 | Tencent Cloud | Object Storage | Bucket ACL Readable |
| 22 | Tencent Cloud | Object Storage | Bucket Public Access |
| 23 | Tencent Cloud | Object Storage | Object Public Access |
| 24 | Tencent Cloud | Object Storage | Unrestricted File Upload |
| 25 | Tencent Cloud | Object Storage | Bucket Object Traversal |
| 26 | Tencent Cloud | Object Storage | Bucket Logging Disable |
| 27 | Tencent Cloud | Object Storage | Server Side Encryption Disable |
| 28 | Tencent Cloud | Elastic Computing Service | CVM SSRF |
| 29 | Tencent Cloud | Elastic Computing Service | CBS Storage Are Not Used |
| 30 | Tencent Cloud | Elastic Computing Service | CVM Virtual Machine Disks Are Unencrypted |
| 31 | Huawei Cloud | Networking | ECS Unsafe Security Group |
| 32 | Huawei Cloud | Object Storage | Object ACL Writable |
| 33 | Huawei Cloud | Object Storage | Special Bucket Policy |
| 34 | Huawei Cloud | Object Storage | Unrestricted File Upload |
| 35 | Huawei Cloud | Object Storage | Bucket Object Traversal |
| 36 | Huawei Cloud | Object Storage | Wrong Policy Causes Arbitrary File Uploads |
| 37 | Huawei Cloud | Elastic Computing Service | ECS SSRF |
| 38 | Huawei Cloud | Relational Database Service | RDS Mysql Baseline Checking Environment |
| 39 | Amazon Web Services | Networking | VPC Security Group Open All Ports |
| 40 | Amazon Web Services | Networking | VPC Security Group Open Common Ports |
| 41 | Amazon Web Services | Object Storage | Object ACL Writable |
| 42 | Amazon Web Services | Object Storage | Bucket ACL Writable |
| 43 | Amazon Web Services | Object Storage | Bucket ACL Readable |
| 44 | Amazon Web Services | Object Storage | MFA Delete Is Disable |
| 45 | Amazon Web Services | Object Storage | Special Bucket Policy |
| 46 | Amazon Web Services | Object Storage | Bucket Object Traversal |
| 47 | Amazon Web Services | Object Storage | Unrestricted File Upload |
| 48 | Amazon Web Services | Object Storage | Bucket Logging Disable |
| 49 | Amazon Web Services | Object Storage | Bucket Allow HTTP Access |
| 50 | Amazon Web Services | Object Storage | Bucket Default Encryption Disable |
| 51 | Amazon Web Services | Elastic Computing Service | EC2 SSRF |
| 52 | Amazon Web Services | Elastic Computing Service | Console Takeover |
| 53 | Amazon Web Services | Elastic Computing Service | EBS Volumes Are Not Used |
| 54 | Amazon Web Services | Elastic Computing Service | EBS Volumes Encryption Is Disabled |
| 55 | Amazon Web Services | Elastic Computing Service | Snapshots Of EBS Volumes Are Unencrypted |
| 56 | Amazon Web Services | Identity and Access Management | IAM Privilege Escalation |
| 57 | Google Cloud Platform | Object Storage | Object ACL Writable |
| 58 | Google Cloud Platform | Object Storage | Bucket ACL Writable |
| 59 | Google Cloud Platform | Object Storage | Bucket Object Traversal |
| 60 | Google Cloud Platform | Object Storage | Unrestricted File Upload |
| 61 | Google Cloud Platform | Elastic Computing Service | VM Command Execution |
| 62 | Microsoft Azure | Object Storage | Blob Public Access |
| 63 | Microsoft Azure | Object Storage | Container Blob Traversal |
| 64 | Microsoft Azure | Elastic Computing Service | VM Command Execution |
Install
Copyright 2022 HuoCorp
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce
