翻译

原文：https://github.com/projectdiscovery/cloudlist/blob/main/README.md

- name: 翻译
  desc: 原文：https://github.com/projectdiscovery/cloudlist/blob/main/README.md
  bgColor: '#F0DFB1'
  textColor: 'green'

这是官方文档的翻译版本，写得较为详细，可以作为参考。

（多说几句：这工具貌似是给蓝方用的，算是一个云资产梳理工具）

Cloudlist

https://github.com/projectdiscovery/cloudlist

Cloudlist 是一个多云工具，用于从云提供商处获取资产。旨在让蓝队使用，通过维护一个集中的跨云资产列表，以进行攻击面管理工作，从而减少配置的工作量。

工具特点

• 列出具有多种配置的云资产
• 支持多个云服务商
• 支持多种输出格式
• 支持多个过滤器
• 高度可扩展性，可以轻而易举得添加新的云服务商
• 支持标准输出（Stdin），可以与管道 | 中的其他工具一起使用

使用示例

cloudlist -h

这将显示该工具的帮助信息。以下是它支持的所有参数。

Usage:
  ./cloudlist [flags]

Flags:
CONFIGURATION:
   -config string                手动指定 cloudlist 参数配置文件 (默认为 "$HOME/.config/cloudlist/config.yaml")
   -pc, -provider-config string  手动指定云服务商配置文件 (默认为 "$HOME/.config/cloudlist/provider-config.yaml")

FILTERS:
   -p, -provider string[]  显示指定云服务商的结果 (逗号分隔)
   -id string[]            显示指定 ids 的结果 (逗号分隔)
   -host                   在结果中只显示主机名
   -ip                     在结果中只显示 ips
   -ep, -exclude-private   在命令行输出中 排除私有IP

OUTPUT:
   -o, -output string  输出文件并写入结果
   -json               以 json 格式写入输出
   -version            显示 cloudlist 的版本号
   -v                  显示详细输出内容
   -silent             在输出中只显示结果

安装说明

从 cloudlist 的发布页面 (opens new window)下载现成的二进制文件。

或使用 Go install/build：

go install -v github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest

运行cloudlist

cloudlist

该命令将会列出配置文件中 已配置的云服务商及其所有资产。你还可以使用provider和id过滤器，来列出指定的服务商和资产类型。

例如，列出 亚马逊云 和 谷歌云 的所有资产：

cloudlist -provider aws,gcp

   ________                _____      __ 
  / ____/ /___  __  ______/ / (_)____/ /_
 / /   / / __ \/ / / / __  / / / ___/ __/
/ /___/ / /_/ / /_/ / /_/ / / (__  ) /_  
\____/_/\____/\__,_/\__,_/_/_/____/\__/  v0.0.1        

    projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Listing assets from AWS (prod) provider.
example.com
example2.com
example3.com
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
[INF] Found 3 hosts and 6 IPs from AWS service (prod)

Cloudlist 与 Nuclei 交互

使用 nuclei 对 cloudlist 列出的各种云服务商资产进行安全扫描：

cloudlist (opens new window) + httpx (opens new window) + nuclei (opens new window)

cloudlist -silent | httpx -silent | nuclei -t cves/

支持的云服务商

• （支持的平台）
  • （支持的相应资产）

----------我是分隔线----------

• AWS（亚马逊云，Amazon web services）
  • EC2
  • Route53
  • S3
• GCP（谷歌云平台，Google Cloud Platform）
  • Cloud DNS
  • GKE
• DO（数字海洋，DigitalOcean）
  • Instances
• SCW（Scaleway）
  • Instances
• Fastly
  • Services
• Heroku
  • Applications
• Linode
  • Instances
• Azure（微软云）
  • Virtual Machines
• Namecheap
  • Domain List
• Alibaba Cloud（阿里云）
  • ECS Instances
• Cloudflare
  • DNS
• Hashistack
  • Nomad
  • Consul
  • Terraform
• Hetzner Cloud
  • Instances
• Openstack
  • Instances
• Kubernetes（K8s）
  • Services
  • Ingresses

配置文件

默认的云服务商配置文件应该位于$HOME/.config/cloudlist/provider-config.yaml，并包含以下示例内容。想要运行此工具，则需要在配置文件中 对所需云服务商的密钥进行更新。

配置示例：

点击查看

- provider: do # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: xxxx
  # digitalocean_token is the API key for digitalocean cloud platform
  digitalocean_token: $DIGITALOCEAN_TOKEN

- provider: scw # provider is the name of the provider
  # scaleway_access_key is the access key for scaleway API
  scaleway_access_key: $SCALEWAY_ACCESS_KEY
  # scaleway_access_token is the access token for scaleway API
  scaleway_access_token: $SCALEWAY_ACCESS_TOKEN

- provider: aws # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # aws_access_key is the access key for AWS account
  aws_access_key: $AWS_ACCESS_KEY
  # aws_secret_key is the secret key for AWS account
  aws_secret_key: $AWS_SECRET_KEY
  # aws_session_token session token for temporary security credentials retrieved via STS (optional)
  aws_session_token: $AWS_SESSION_TOKEN

- provider: gcp # provider is the name of the provider
  # profile is the name of the provider profile
  id: logs
  # gcp_service_account_key is the minified json of a google cloud service account with list permissions
  gcp_service_account_key: '{xxxxxxxxxxxxx}'

- provider: azure # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # client_id is the client ID of registered application of the azure account (not requuired if using cli auth)
  client_id: $AZURE_CLIENT_ID
  # client_secret is the secret ID of registered application of the zure account (not requuired if using cli uth)
  client_secret: $AZURE_CLIENT_SECRET
  # tenant_id is the tenant ID of registered application of the azure account (not requuired if using cli auth)
  tenant_id: $AZURE_TENANT_ID
  #subscription_id is the azure subscription id
  subscription_id: $AZURE_SUBSCRIPTION_ID
  #use_cli_auth if set to true cloudlist will use azure cli auth
  use_cli_auth: true

- provider: cloudflare # provider is the name of the provider
  # email is the email for cloudflare
  email: $CF_EMAIL
  # api_key is the api_key for cloudflare
  api_key: $CF_API_KEY
  # api_token is the scoped_api_token for cloudflare (optional)
  api_token: $CF_API_TOKEN

- provider: heroku # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # heroku_api_token is the api key for Heroku account
  heroku_api_token: $HEROKU_API_TOKEN

- provider: linode # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # linode_personal_access_token is the personal access token for linode account
  linode_personal_access_token: $LINODE_PERSONAL_ACCESS_TOKEN

- provider: fastly # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # fastly_api_key is the personal API token for fastly account
  fastly_api_key: $FASTLY_API_KEY

- provider: alibaba # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # alibaba_region_id is the region id of the resources
  alibaba_region_id: $ALIBABA_REGION_ID
  # alibaba_access_key is the access key ID for alibaba cloud account
  alibaba_access_key: $ALIBABA_ACCESS_KEY
  # alibaba_access_key_secret is the secret access key for alibaba cloud account
  alibaba_access_key_secret: $ALIBABA_ACCESS_KEY_SECRET

- provider: namecheap # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # namecheap_api_key is the api key for namecheap account
  namecheap_api_key: $NAMECHEAP_API_KEY
  # namecheap_user_name is the username of the namecheap account
  namecheap_user_name: $NAMECHEAP_USER_NAME

- provider: terraform # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  #tf_state_file is the location of terraform state file (terraform.tfsate) 
  tf_state_file: path/to/terraform.tfstate

- provider: hetzner # provider is the name of the provider
  # id is the name defined by user for filtering (optional)
  id: staging
  # auth_token is the is the hetzner authentication token
  auth_token: $HETZNER_AUTH_TOKEN

- provider: nomad # provider is the name of the provider
  # nomad_url is the url for nomad server
  nomad_url: http:/127.0.0.1:4646/
  # nomad_ca_file is the path to nomad CA file
  # nomad_ca_file: <path-to-ca-file>.pem
  # nomad_cert_file is the path to nomad Certificate file
  # nomad_cert_file: <path-to-cert-file>.pem
  # nomad_key_file is the path to nomad Certificate Key file
  # nomad_key_file: <path-to-key-file>.pem
  # nomad_token is the nomad authentication token
  # nomad_token: <nomad-token>
  # nomad_http_auth is the nomad http auth value
  # nomad_http_auth: <nomad-http-auth-value>

- provider: consul # provider is the name of the provider
  # consul_url is the url for consul server
  consul_url: http://localhost:8500/
  # consul_ca_file is the path to consul CA file
  # consul_ca_file: <path-to-ca-file>.pem
  # consul_cert_file is the path to consul Certificate file
  # consul_cert_file: <path-to-cert-file>.pem
  # consul_key_file is the path to consul Certificate Key file
  # consul_key_file: <path-to-key-file>.pem
  # consul_http_token is the consul authentication token
  # consul_http_token: <consul-token>
  # consul_http_auth is the consul http auth value
  # consul_http_auth: <consul-http-auth-value>

- provider: openstack # provider is the name of the provider
 # id is the name of the provider id
 id: staging
 # identity_endpoint is Openstack identity endpoint used to authenticate
 identity_endpoint: $OS_IDENTITY_ENDPOINT
 # domain_name is Openstack domain name used to authenticate
 domain_name: $OS_DOMAIN_NAME
 # tenant_name is Openstack project name
 tenant_name: $OS_TENANT_NAME
 # username is Openstack username used to authenticate
 username: $OS_USERNAME
 # password is Openstack password used to authenticate
 password: $OS_PASSWORD

- provider: kubernetes # provider is the name of the provider
  # id is the name of the provider id
  id: staging
  # kubeconfig_file is the path of kubeconfig file
  kubeconfig: path/to/kubeconfig
  # context is the context to be used from kubeconfig file
  context: <context-name>

贡献

请检查PROVIDERS.md (opens new window)和DESIGN.md (opens new window)，以在 Cloudlist 中包含 对新的云服务商的支持。

• Fork 此项目
• 创建你的功能分支（git checkout -b new-provider）
• 提交你的更改（git commit -am 'Added new cloud provider'）
• 推送分支（git push origin new-provider）
• 创建新的 Pull Request

将 Cloudlist 作为开发库

可以在你的 go程序 中直接使用这个库。下面的代码片段概述了：如何列出所有 或 指定云服务商的资产。

package main

import (
  "context"
  "log"

  "github.com/projectdiscovery/cloudlist/pkg/inventory"
  "github.com/projectdiscovery/cloudlist/pkg/schema"
)

func main() {
  inventory, err := inventory.New(schema.Options{
    schema.OptionBlock{"provider": "digitalocean", "digitalocean_token": "ec405badb974fd3d891c9223245f9ab5871c127fce9e632c8dc421edd46d7242"}
  })
  if err != nil {
    log.Fatalf("%s\n", err)
  }

  for _, provider := range inventory.Providers {
    resources, err := provider.Resources(context.Background())
    if err != nil {
      log.Fatalf("%s\n", err)
    }

    for _, resource := range resources.Items {
      _ = resource // 对 resource 做点什么
    }
  }
}

致谢

感谢你的灵感

• Smogcloud (opens new window)
• Cloudmapper (opens new window)

License

cloudlist 由projectdiscovery (opens new window)团队制作，并在 MIT 下获得许可。