cloudsword

 <h3 align="center">CloudSword, Making Your Public Cloud Environment Safer</h3> <p align="center"> <img src="https://img.shields.io/github/go-mod/go-version/wgpsec/cloudsword"> <a href="https://github.com/wgpsec/cloudsword/blob/master/LICENSE"><img src="https://img.shields.io/badge/license-apache-blue.svg"></a> <a href="https://github.com/wgpsec/cloudsword/releases"><img src="https://img.shields.io/github/downloads/wgpsec/cloudsword/total"></a> <a href="https://github.com/wgpsec/cloudsword/releases/"><img src="https://img.shields.io/github/release/wgpsec/cloudsword"></a> <a href="https://github.com/wgpsec/cloudsword"><img src="https://img.shields.io/github/stars/wgpsec/cloudsword"></a> <a href="https://twitter.com/wgpsec"><img src="https://img.shields.io/twitter/follow/wgpsec.svg?logo=twitter"></a> <a href="https://twitter.com/teamssix"><img src="https://img.shields.io/twitter/follow/teamssix.svg?logo=twitter"></a> </p> --- CloudSword is a comprehensive open-source tool that helps public cloud tenants quickly discover risks in the cloud, test those risks, and enhance their cloud protection capabilities. As a tool aimed at security personnel, CloudSword assists tenants in quickly understanding the resource information in their current public cloud environment, rapidly identifying potential vulnerabilities, and facilitating remediation efforts. CloudSword also presets several defense methods for security personnel to quickly deploy, thereby enhancing cloud defense capabilities. * Global Chinese output, no usage pressure. * Command completion prompts for ease of use. * MSF usage logic, very low learning cost. * Credentials do not need to be stored, avoiding secondary leakage. ## Getting Started ### HomeBrew Installation Installation ```bash brew tap wgpsec/tap brew install wgpsec/tap/cloudsword ``` Update ```bash brew update brew upgrade cloudsword ``` ### Download Binary Package CloudSword download link: [github.com/wgpsec/cloudsword/releases](https://github.com/wgpsec/cloudsword/releases) Download the compressed file corresponding to your system, extract it, and run it in the command line. ## User Manual For complete usage and introduction, please refer to the [CloudSword User Manual](https://wiki.teamssix.com/cloudsword). ## MCP Protocol Support CloudSword supports the MCP protocol starting from version v0.0.2, supporting both SSE and STDIO modes. Use the command `./cloudsword sse http://localhost:8080` to listen on port 8080 locally. **SSE Mode** For example, using Cherry stdio, enter http://localhost:8080/sse to obtain tool information.  **STDIO**  **Usage Example**  ## Integrated Modules The following are the modules currently supported by CloudSword: ### Alibaba Cloud #### Comprehensive | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :---------------- | :----------------------------------- | | 1 | 1101 | Alibaba Cloud | ★★★★ | list_cloud_assets | List OSS, ECS, RAM, Domain service assets | #### Buckets | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :---------------------------- | :--------------------------------- | | 1 | 1201 | Alibaba Cloud | ★★ | oss_list_buckets | List Alibaba Cloud OSS object buckets | | 2 | 1202 | Alibaba Cloud | ★★★★ | oss_search_objects | Search Alibaba Cloud OSS objects | | 3 | 1203 | Alibaba Cloud | ★★★ | oss_bucket_only_upload_images | Use cloud functions to restrict the bucket to only allow image uploads | #### Elastic Computing | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :----------------- | :--------------------------- | | 1 | 1301 | Alibaba Cloud | ★★ | ecs_list_instances | List Alibaba Cloud ECS elastic computing instances | #### Unified Identity Authentication | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :------------------------ | :-------------------------------- | | 1 | 1401 | Alibaba Cloud | ★★ | ram_list_users | List Alibaba Cloud RAM users | | 2 | 1402 | Alibaba Cloud | ★ | ram_list_roles | List Alibaba Cloud RAM roles | | 3 | 1403 | Alibaba Cloud | ★ | ram_create_user | Create Alibaba Cloud RAM users | | 4 | 1404 | Alibaba Cloud | ★ | ram_attach_policy_to_user | Attach policy to Alibaba Cloud RAM users | | 5 | 1405 | Alibaba Cloud | ★★★ | ram_create_login_profile | Create Alibaba Cloud RAM user web login configuration | | 6 | 1406 | Alibaba Cloud | ★ | ram_create_access_key | Create Alibaba Cloud RAM user access credentials | #### Domain Names | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :------------------ | :--------------------------- | | 1 | 1501 | Alibaba Cloud | ★ | domain_list_domains | List Alibaba Cloud Domains domain assets | ### Tencent Cloud #### Comprehensive | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :----------------- | :------------------------------- | | 1 | 2101 | Tencent Cloud | ★★★★ | list_cloud_assets | List COS, EVM, LH, RAM service assets | | 2 | 2102 | Tencent Cloud | ★★★★★ | create_honey_token | Create Tencent Cloud access credential honey tokens | #### Buckets | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :--------------- | :------------------------ | | 1 | 2201 | Tencent Cloud | ★★ | cos_list_buckets | List Tencent Cloud COS object buckets | #### Elastic Computing | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :----------------- | :--------------------------- | | 1 | 2301 | Tencent Cloud | ★★ | cvm_list_instances | List Tencent Cloud CVM elastic computing instances | | 2 | 2302 | Tencent Cloud | ★ | lh_list_instances | List Tencent Cloud LH lightweight application servers | #### Unified Identity Authentication | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :------------------------ | :------------------------------- | | 1 | 2401 | Tencent Cloud | ★★ | cam_list_users | List Tencent Cloud CAM users | | 2 | 2402 | Tencent Cloud | ★ | cam_list_roles | List Tencent Cloud CAM roles | | 3 | 2403 | Tencent Cloud | ★ | cam_create_user | Create Tencent Cloud CAM users | | 4 | 2404 | Tencent Cloud | ★ | cam_attach_policy_to_user | Attach policy to Tencent Cloud CAM users | | 5 | 2405 | Tencent Cloud | ★★★ | cam_create_login_profile | Create Tencent Cloud CAM user web login configuration | | 6 | 2406 | Tencent Cloud | ★ | cam_create_access_key | Create Tencent Cloud CAM user access credentials | ### Huawei Cloud | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :--------------- | :------------------------- | | 1 | 3201 | Huawei Cloud | ★★ | obs_list_buckets | List Huawei Cloud OBS object buckets | ### Baidu Cloud | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :--------------- | :------------------------- | | 1 | 4201 | Baidu Cloud | ★★ | bos_list_buckets | List Baidu Cloud BOS object buckets | ### Qiniu Cloud | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :---------------- | :-------------------------- | | 1 | 5201 | Qiniu Cloud | ★★ | kodo_list_buckets | List Qiniu Cloud KODO object buckets | > The highest recommended rating is 5 stars. The recommended rating is determined based on factors such as the complexity, popularity, and value of the module. ## Quick Start View help information ```bash CloudSword > help Global Commands ======== Global Command Description -------- ---- help View help information list List modules quit Exit the program search Search modules use Use module Secondary Commands ======== Secondary Command Description -------- ---- info View module usage methods run Run module set Set running parameters unset Cancel setting running parameters Environment Variables ======== Environment Variable Description -------- ---- CLOUD_SWORD_ACCESS_KEY_ID Access credential ID CLOUD_SWORD_ACCESS_KEY_SECRET Access credential Secret CLOUD_SWORD_SECURITY_TOKEN Optional, temporary token part of the access credential CLOUD_SWORD_DETAIL Detailed content output (set to no or yes) ``` List Alibaba Cloud OSS object buckets ```bash CloudSword > use 1201_aliyun_oss_list_buckets CloudSword Alibaba Cloud (1201_oss_list_buckets) > set ak_id XXXXXXXXXXXX ak_id ==> XXXXXXXXXXXX CloudSword Alibaba Cloud (1201_oss_list_buckets) > set ak_secret XXXXXXXXXXXX ak_secret ==> XXXXXXXXXXXX CloudSword Alibaba Cloud (1201_oss_list_buckets) > run [INFO] 2024-12-20 23:23:23 Running module 1201_aliyun_oss_list_buckets. [INFO] 2024-12-20 23:23:23 Found the following buckets: XXXXXXXX XXXXXXXX ```  ## Join the CloudSword Discussion Group Click "Join Group" in the "WgpSec Wolf Team Security" public account menu to add "WgpSecBot" on WeChat. <div align=center><img width="700" src="static/WgpSecBot.png"></div><br> After adding "WgpSecBot" on WeChat, send the keyword "CloudSword" to the bot, and it will automatically send you the group link. <div align=center><img width="700" src="static/add_group.png"></div><br> ## Contributors A big thank you to all the contributors to CloudSword~ If you also want to contribute code or ideas to CloudSword, please refer to the contribution guidelines: [CONTRIBUTING](https://github.com/wgpsec/cloudsword/blob/master/CONTRIBUTING.md) <div align=center> <table> <tr> <td align="center"> <a href="https://github.com/teamssix"><img alt="TeamsSix" src="https://avatars.githubusercontent.com/u/49087564" style="width: 100px;" /><br />TeamsSix</a> </td> <td align="center"> <a href="https://github.com/keac"><img alt="Keac" src="https://avatars.githubusercontent.com/u/16091665" style="width: 100px;" /><br />Keac</a> </td> <td align="center"> <a href="https://github.com/shadowabi"><img alt="shadowabi" src="https://avatars.githubusercontent.com/u/50265741" style="width: 100px;" /><br />shadowabi</a> </td> </tr> </table> </div> ## Usage Q&A I have introduced in the CloudSword user manual why I wrote CloudSword, the future plans for CloudSword, and questions that everyone may be concerned about. Interested users can check the [CloudSword Usage Q&A](https://wiki.teamssix.com/cloudsword/more). ## License CloudSword is licensed under the [Apache-2.0](https://github.com/wgpsec/cloudsword?tab=Apache-2.0-1-ov-file#Apache-2.0-1-ov-file) license. ## More Below is our Wolf Team Security public account. You are welcome to follow us. If you have ideas and want to join the Wolf Team, you can also send your resume to admin#wgpsec.org to join us. > When sending an email, please replace # with @. <div align=center><img width="700" src="static/wgpsec.png"></div><br> If you are interested in cloud security, you can check out my other project [Awesome Cloud Security](https://github.com/teamssix/awesome-cloud-security), which collects many cloud security resources from both domestic and international sources. Additionally, in my [Cloud Security Library](https://wiki.teamssix.com/), there are numerous notes and articles on cloud security, which should be some of the better learning materials for cloud security in the country. Below is my personal WeChat public account, where you can contact me through the TeamsSix public account. I will also post updates about CloudSword on my public account. <div align=center><img width="700" src="static/teamssix.png"></div><br> If you find this project useful, feel free to scan the donation code below to show your appreciation. <div align=center><img width="600" src="static/buy-coffee.png"></div><br> > Donations are purely voluntary and aim to express support and gratitude to the authors or contributors of open-source software. They do not constitute a transaction for goods or services. Donors should understand that the donation funds do not guarantee any goods or services and do not create any form of contractual relationship. <div align=center><b>Thank you for using my tool</b></div>