LogoHackDB
icon of CloudFox

CloudFox

CloudFox helps penetration testers find exploitable attack paths in cloud infrastructure, currently supporting AWS with more on the way.

Introduction

CloudFox is a command-line tool designed to aid penetration testers and offensive security professionals in identifying exploitable attack paths within cloud infrastructure.

Key features:

  • Automated Enumeration: Automates the enumeration process, similar to PowerView for cloud infrastructure.
  • Read-Only Operations: All commands are read-only, ensuring no state-changing operations are performed.
  • Inventory Command: Helps identify used regions and provides a rough size of the target account.
  • Grouped Checks: Groups similar requests together for efficient enumeration of service endpoints.
  • Loot File Creation: Generates usable loot files for input into other tools or for executing commands to investigate resources.
  • IAM Simulation: Determines who can perform specific actions, such as listing Lambda functions, to identify potential misconfigurations.

Information

Tags

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates