cloudfox
by BishopFox
CloudFox is an open source CLI tool that automates situational awareness and identifies exploitable attack paths in cloud environments for penetration testers.
Automating situational awareness for cloud penetration tests.
Primary Use Case
CloudFox is primarily used by penetration testers and offensive security professionals to enumerate and analyze cloud infrastructure configurations, permissions, and potential vulnerabilities across AWS, Azure, and GCP environments. It helps users discover attack paths, exposed secrets, and overly permissive roles to simulate compromise scenarios and improve cloud security posture.
- Automated enumeration of cloud resources and regions in AWS, Azure, and GCP
- Detection of secrets in EC2 userdata and environment variables
- Identification of workloads with administrative permissions
- Analysis of principal permissions and overly permissive role trusts
- Discovery of externally and internally accessible endpoints and attack surfaces
- Modular command structure with an all-checks command for comprehensive scans
- Support for limited read-only permissions and found credentials (black box testing)
- Open source with multi-cloud support and planned Kubernetes integration
Installation
- Download the latest binary release from the GitHub releases page
- Install via Homebrew using `brew install cloudfox`
- Install Go and run `go install github.com/BishopFox/cloudfox@latest` to install from source
- Clone the repository with `git clone https://github.com/BishopFox/cloudfox.git`
- Build the tool using `go build .` inside the cloned directory
- Run the compiled binary `./cloudfox`
- For testing bug fixes, clone with SSH, checkout the branch, build, and run
Usage
>_ cloudfox aws --profile [profile-name] all-checksRuns all AWS enumeration commands with sane defaults for comprehensive cloud assessment.
>_ cloudfox aws --profile [profile-name] [specific-command]Run individual AWS enumeration commands modularly to target specific checks.
- Integrate CloudFox scans into automated penetration testing workflows to streamline cloud attack path discovery.
- Use CloudFox findings to inform blue team defensive controls and hardening efforts, improving cloud security posture.
- Leverage modular commands for targeted enumeration during purple team exercises to simulate realistic attack scenarios.
- Combine CloudFox with cloud-native monitoring tools to enhance continuous detection of misconfigurations and exposures.
- Extend CloudFox usage to Kubernetes environments once support is available for comprehensive multi-cloud security assessments.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about cloudfox. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
ProxmoxVE
community-scripts/ProxmoxVE
Proxmox VE Helper-Scripts (Community Edition)
prowler
prowler-cloud/prowler
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
aws-cdk
aws/aws-cdk
The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
my-arsenal-of-aws-security-tools
toniblyx/my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
keda
kedacore/keda
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
DevOps-Guide
Tikam02/DevOps-Guide
DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.