Scanning

ScoutSuite

ScoutSuite is a tool from NCC-Group that is available on GitHub. ScoutSuite can be installed as a Python library, but it is probably ideal to download the repository and run it with a Python Virtual Environment (or VirtualEnv). It uses a rules engine to take the "best practices" from the individual cloud providers and check the configuration that you have against it. It is recommended that you run ScoutSuite with the appropriate permission set for each of the cloud environments, but it can be run with any user account; however you will not be able to check all the services you don’t have permission to. This is quite commonly how the author will run the tool, trying each different permission set as needed. What clouds does the tool support? You might be surprised to see AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud (Alliyun), and lately it even supports Kubernetes. The tool features a great reporting engine, but don't be surprised if you find plenty of false positives in built-in services. 6 hid

CloudFox

CloudFox is, according to their website, a "Situational Awareness Tool for Cloud Penetration Tests." CloudFox is written by BishopFox as a Go-based binary. It is very portable and can be installed by pulling down a release or using the very simple go-install feature: $ go install –v github.com/BishopFox/cloudfox@latest Installing the tool as a built-in go binary will leave the output directories in your $HOME/.cloudfox folder; using the binary release from the website will leave the output folder wherever the binary runs. This makes bringing over to a restricted environment like a container is very simple. CloudFox has multiple subcommands, one for every service provider, although currently, mainly AWS is supported. It is designed to help enumerate services and augment your testing capabilities.

Located within the "cloudfox-output" folder, there is a loot folder. The loot folder is very interesting in that the CloudFox tool takes the enumerated items and builds out command sets to help further exploitation.