cloudsword

 <h3 align="center">CloudSword, making your public cloud environment more secure</h3> <p align="center"> <img src="https://img.shields.io/github/go-mod/go-version/wgpsec/cloudsword"> <a href="https://github.com/wgpsec/cloudsword/blob/master/LICENSE"><img src="https://img.shields.io/badge/license-apache-blue.svg"></a> <a href="https://github.com/wgpsec/cloudsword/releases"><img src="https://img.shields.io/github/downloads/wgpsec/cloudsword/total"></a> <a href="https://github.com/wgpsec/cloudsword/releases/"><img src="https://img.shields.io/github/release/wgpsec/cloudsword"></a> <a href="https://github.com/wgpsec/cloudsword"><img src="https://img.shields.io/github/stars/wgpsec/cloudsword"></a> <a href="https://twitter.com/wgpsec"><img src="https://img.shields.io/twitter/follow/wgpsec.svg?logo=twitter"></a> <a href="https://twitter.com/teamssix"><img src="https://img.shields.io/twitter/follow/teamssix.svg?logo=twitter"></a> </p> --- CloudSword is a comprehensive open-source tool that helps public cloud tenants quickly discover risks in the cloud, test those risks, and enhance their cloud protection capabilities. As a tool aimed at security personnel, CloudSword can assist tenants in quickly understanding the resource information in their current public cloud environment, rapidly identifying potential vulnerabilities, and facilitating remediation by security personnel. CloudSword also presets several defense methods for easy deployment, thereby enhancing the defensive capabilities in the cloud. * Global Chinese output, no usage pressure. * Command completion prompts for ease of use. * MSF usage logic, very low learning cost. * Credentials do not need to be stored, avoiding secondary leakage. ## Getting Started ### HomeBrew Installation Installation ```bash brew tap wgpsec/tap brew install wgpsec/tap/cloudsword ``` Update ```bash brew update brew upgrade cloudsword ``` ### Download Binary Package Cloud Sword download link: [github.com/wgpsec/cloudsword/releases](https://github.com/wgpsec/cloudsword/releases) Download the compressed file corresponding to your system, unzip it, and run it in the command line. ## User Manual For complete usage and introduction, please refer to the [Cloud Sword User Manual](https://wiki.teamssix.com/cloudsword) ## MCP Protocol Support cloudsword has supported the MCP (Message Communication Protocol) since version v0.0.2, supporting both SSE (Server-Sent Events) and STDIO (Standard Input/Output) modes. Use the command `./cloudsword sse http://localhost:8080` to listen on port 8080 locally. **SSE Mode** Taking Cherry stdio as an example, enter http://localhost:8080/sse to obtain tool information.  **STDIO**  **Usage Example**  ## Integration Modules The following are the modules currently supported by Cloud Insight: ### Alibaba Cloud #### Summary | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :----------------: | :----------------- | :------------------------------------ | | 1 | 1101 | Alibaba Cloud | ★★★★ | list_cloud_assets | List OSS, ECS, RAM, Domain service assets | #### Buckets | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :-----------: | :----------------: | :---------------------------- | :------------------------------------ | | 1 | 1201 | Alibaba Cloud | ★★ | oss_list_buckets | List Alibaba Cloud OSS object buckets | | 2 | 1202 | Alibaba Cloud | ★★★★ | oss_search_objects | Search Alibaba Cloud OSS objects | | 3 | 1203 | Alibaba Cloud | ★★★ | oss_bucket_only_upload_images | Use cloud functions to restrict the bucket to only allow image uploads | #### Elastic Computing | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :-----------: | :----------------: | :------------------ | :------------------------------ | | 1 | 1301 | Alibaba Cloud | ★★ | ecs_list_instances | List Alibaba Cloud ECS elastic computing instances | #### Unified Identity Authentication | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :------------------------ | :-------------------------------- | | 1 | 1401 | Alibaba Cloud | ★★ | ram_list_users | List Alibaba Cloud RAM users | | 2 | 1402 | Alibaba Cloud | ★ | ram_list_roles | List Alibaba Cloud RAM roles | | 3 | 1403 | Alibaba Cloud | ★ | ram_create_user | Create Alibaba Cloud RAM user | | 4 | 1404 | Alibaba Cloud | ★ | ram_attach_policy_to_user | Attach policy to Alibaba Cloud RAM user | | 5 | 1405 | Alibaba Cloud | ★★★ | ram_create_login_profile | Create Alibaba Cloud RAM user web login configuration | | 6 | 1406 | Alibaba Cloud | ★ | ram_create_access_key | Create Alibaba Cloud RAM user access credentials | #### Domain Names | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :----------------: | :------------------- | :------------------------------ | | 1 | 1501 | Alibaba Cloud | ★ | domain_list_domains | List Alibaba Cloud Domains assets | ### Tencent Cloud #### Summary | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :----------------: | :------------------ | :---------------------------------- | | 1 | 2101 | Tencent Cloud | ★★★★ | list_cloud_assets | List COS, EVM, LH, RAM service assets | | 2 | 2102 | Tencent Cloud | ★★★★★ | create_honey_token | Create Tencent Cloud access credential honey token | #### Buckets | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :-----------: | :----------------: | :---------------- | :------------------------------ | | 1 | 2201 | Tencent Cloud | ★★ | cos_list_buckets | List Tencent Cloud COS buckets | #### Elastic Computing | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :-----------: | :----------------: | :------------------ | :-------------------------------- | | 1 | 2301 | Tencent Cloud | ★★ | cvm_list_instances | List Tencent Cloud CVM elastic computing instances | | 2 | 2302 | Tencent Cloud | ★ | lh_list_instances | List Tencent Cloud LH lightweight application servers | #### Unified Identity Authentication | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------: | :------- | :------------------------ | :------------------------------- | | 1 | 2401 | Tencent Cloud | ★★ | cam_list_users | List Tencent Cloud CAM users | | 2 | 2402 | Tencent Cloud | ★ | cam_list_roles | List Tencent Cloud CAM roles | | 3 | 2403 | Tencent Cloud | ★ | cam_create_user | Create Tencent Cloud CAM user | | 4 | 2404 | Tencent Cloud | ★ | cam_attach_policy_to_user | Attach policy to Tencent Cloud CAM user | | 5 | 2405 | Tencent Cloud | ★★★ | cam_create_login_profile | Create Tencent Cloud CAM user Web login configuration | | 6 | 2406 | Tencent Cloud | ★ | cam_create_access_key | Create Tencent Cloud CAM user access credentials | ### Huawei Cloud | No. | ID | Cloud Provider | Recommendation Rating | Module Name | Description | | :--: | :--: | :------------: | :------------------: | :---------------- | :---------------------------- | | 1 | 3201 | Huawei Cloud | ★★ | obs_list_buckets | List Huawei Cloud OBS buckets | ### Baidu Cloud | No. | ID | Cloud Provider | Recommendation Rating | Module Name | Description | | :--: | :--: | :-----------: | :------------------: | :---------------- | :------------------------------ | | 1 | 4201 | Baidu Cloud | ★★ | bos_list_buckets | List Baidu Cloud BOS object storage buckets | ### Qiniu Cloud | No. | ID | Cloud Provider | Recommendation Rating | Module Name | Description | | :--: | :--: | :------------: | :------------------: | :---------------- | :------------------------------- | | 1 | 5201 | Qiniu Cloud | ★★ | kodo_list_buckets | List Qiniu Cloud KODO object storage buckets | > The highest recommendation rating is 5 stars, and the recommendation rating is determined based on factors such as the complexity, popularity, and value of the module. ## Quick Start View Help Information ```bash CloudSword > help Global Commands =============== Global Command Description -------------- ------- help View help information list List modules quit Exit the program search Search for modules use Use a module Secondary Commands ================== Secondary Command Description ------------------- ------- info View module usage run Run the module set Set runtime parameters unset Unset runtime parameters Environment Variables ===================== Environment Variable Description ------------------------------- ------- CLOUD_SWORD_ACCESS_KEY_ID Access Key ID CLOUD_SWORD_ACCESS_KEY_SECRET Access Key Secret CLOUD_SWORD_SECURITY_TOKEN Optional, temporary token part of the access credentials CLOUD_SWORD_DETAIL Detailed output (set to no or yes) ``` List Aliyun OSS Buckets ```bash CloudSword > use 1201_aliyun_oss_list_buckets CloudSword Aliyun (1201_oss_list_buckets) > set ak_id XXXXXXXXXXXX ak_id ==> XXXXXXXXXXXX CloudSword Aliyun (1201_oss_list_buckets) > set ak_secret XXXXXXXXXXXX ak_secret ==> XXXXXXXXXXXX CloudSword Aliyun (1201_oss_list_buckets) > run [INFO] 2024-12-20 23:23:23 Running module 1201_aliyun_oss_list_buckets. [INFO] 2024-12-20 23:23:23 Found the following buckets: XXXXXXXX XXXXXXXX ```  ## Join the Cloud Inspection Discussion Group In the menu bar of the "WgpSec Wolf Team Security" WeChat official account, click on "Join Group" to add "WgpSecBot" on WeChat. <div align=center><img width="700" src="static/WgpSecBot.png"></div><br> After adding "WgpSecBot" on WeChat, send the keyword "云鉴" (Cloud Inspection) to the bot, and it will automatically send you the group link. <div align=center><img width="700" src="static/add_group.png"></div><br> ## Contributors A big thank you to all the contributors to YunJian~ If you would like to contribute code or ideas to YunJian, please refer to the contribution guidelines: [CONTRIBUTING](https://github.com/wgpsec/cloudsword/blob/master/CONTRIBUTING.md) <div align=center> <table> <tr> <td align="center"> <a href="https://github.com/teamssix"><img alt="TeamsSix" src="https://avatars.githubusercontent.com/u/49087564" style="width: 100px;" /><br />TeamsSix</a> </td> <td align="center"> <a href="https://github.com/keac"><img alt="Keac" src="https://avatars.githubusercontent.com/u/16091665" style="width: 100px;" /><br />Keac</a> </td> <td align="center"> <a href="https://github.com/shadowabi"><img alt="shadowabi" src="https://avatars.githubusercontent.com/u/50265741" style="width: 100px;" /><br />shadowabi</a> </td> </tr> </table> </div> ## Usage Q&A In the Cloud Sword User Manual, I introduced why Cloud Sword was created, the future plans for Cloud Sword, and questions that everyone might be concerned about. Interested users can visit the [Cloud Sword Usage Q&A](https://wiki.teamssix.com/cloudsword/more) for more information. ## Protocol Cloud Sword is licensed under the [Apache-2.0](https://github.com/wgpsec/cloudsword?tab=Apache-2.0-1-ov-file#Apache-2.0-1-ov-file) protocol. ## More Below is the public account of our Wolf Group Security Team. We welcome you to follow us. If you have ideas and would like to join the Wolf Group, you can also send your resume to admin#wgpsec.org to join us. > When sending an email, please replace # with @ <div align=center><img width="700" src="static/wgpsec.png"></div><br> If you are interested in cloud security, you can check out my other project [Awesome Cloud Security](https://github.com/teamssix/awesome-cloud-security), which collects many cloud security resources from both domestic and international sources. Additionally, in my [Cloud Security Library](https://wiki.teamssix.com/), there are a large number of notes and articles on cloud security topics, which should be some of the better learning materials for cloud security in the country. Below is my personal WeChat public account. You can contact me through the TeamsSix account, and I will also post updates about Cloud Insight on my public account. <div align=center><img width="700" src="static/teamssix.png"></div><br> If you feel that this project is good, you are also welcome to scan the donation code below to show your appreciation. <div align=center><img width="600" src="static/buy-coffee.png"></div><br> > Donations are purely voluntary and aim to express support and gratitude to the authors or contributors of open-source software. They do not constitute a transaction for goods or services. Donors should understand that the donation does not guarantee any goods or services and does not create any form of contractual relationship. <div align=center><b>Thank you for using my tools</b></div>