cloudsword

 <h3 align="center">CloudSword, Make Your Public Cloud Environment More Secure</h3> <p align="center"> <img src="https://img.shields.io/github/go-mod/go-version/wgpsec/cloudsword"> <a href="https://github.com/wgpsec/cloudsword/blob/master/LICENSE"><img src="https://img.shields.io/badge/license-apache-blue.svg"></a> <a href="https://github.com/wgpsec/cloudsword/releases"><img src="https://img.shields.io/github/downloads/wgpsec/cloudsword/total"></a> <a href="https://github.com/wgpsec/cloudsword/releases/"><img src="https://img.shields.io/github/release/wgpsec/cloudsword"></a> <a href="https://github.com/wgpsec/cloudsword"><img src="https://img.shields.io/github/stars/wgpsec/cloudsword"></a> <a href="https://twitter.com/wgpsec"><img src="https://img.shields.io/twitter/follow/wgpsec.svg?logo=twitter"></a> <a href="https://twitter.com/teamssix"><img src="https://img.shields.io/twitter/follow/teamssix.svg?logo=twitter"></a> </p> --- CloudSword is a comprehensive open-source tool that helps public cloud tenants quickly discover cloud risks, test cloud risks, and enhance cloud protection capabilities. As a tool for security personnel, CloudSword can help tenants quickly understand the resource information in the current public cloud environment, quickly discover potential weaknesses in the current environment to facilitate security personnel to repair, CloudSword also presets some defense methods to facilitate security personnel to quickly deploy to enhance cloud defense capabilities. * Global Chinese output, no usage pressure. * Command completion prompts, easy to use. * MSF usage logic, extremely low learning cost. * Credentials do not need to be landed to avoid secondary leakage. ## Getting Started ### HomeBrew Installation Install ```bash brew tap wgpsec/tap brew install wgpsec/tap/cloudsword ``` Update ```bash brew update brew upgrade cloudsword ``` ### Download Binary Package CloudSword download address: [github.com/wgpsec/cloudsword/releases](https://github.com/wgpsec/cloudsword/releases) Download the compressed file corresponding to the system, unzip it and run it in the command line. ## Usage Manual For complete usage and introduction, please see [CloudSword Usage Manual](https://wiki.teamssix.com/cloudsword) ## MCP Protocol Support cloudsword supports the MCP protocol from v0.0.2, supporting SSE and STDIO methods Use the command `./cloudsword sse http://localhost:8080` to listen on port 8080 locally **SSE Mode** Taking Chrerry stdio as an example, fill in http://localhost:8080/sse to get the tool information  **STDIO**  **Usage Example**  ## Integrated Modules The following are the modules currently supported by CloudSword: ### Alibaba Cloud #### Comprehensive | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :----------------- | :------------------------------------------- | | 1 | 1101 | Alibaba Cloud | ★★★★ | list_cloud_assets | List OSS, ECS, RAM, Domain service assets | #### Storage Bucket | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :---------------------------- | :----------------------------------------- | | 1 | 1201 | Alibaba Cloud | ★★ | oss_list_buckets | List Alibaba Cloud OSS object storage buckets | | 2 | 1202 | Alibaba Cloud | ★★★★ | oss_search_objects | Search Alibaba Cloud OSS objects | | 3 | 1203 | Alibaba Cloud | ★★★ | oss_bucket_only_upload_images | Use cloud functions to restrict the bucket to only allow uploading images | #### Elastic Compute | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :----------------- | :--------------------------------- | | 1 | 1301 | Alibaba Cloud | ★★ | ecs_list_instances | List Alibaba Cloud ECS elastic compute instances | #### Unified Identity Authentication | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :------------------------ | :------------------------------------- | | 1 | 1401 | Alibaba Cloud | ★★ | ram_list_users | List Alibaba Cloud RAM users | | 2 | 1402 | Alibaba Cloud | ★ | ram_list_roles | List Alibaba Cloud RAM roles | | 3 | 1403 | Alibaba Cloud | ★ | ram_create_user | Create Alibaba Cloud RAM users | | 4 | 1404 | Alibaba Cloud | ★ | ram_attach_policy_to_user | Add policies to Alibaba Cloud RAM users | | 5 | 1405 | Alibaba Cloud | ★★★ | ram_create_login_profile | Create Alibaba Cloud RAM user Web login configuration | | 6 | 1406 | Alibaba Cloud | ★ | ram_create_access_key | Create Alibaba Cloud RAM user access credentials | #### Domain | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :------------------ | :--------------------------------- | | 1 | 1501 | Alibaba Cloud | ★ | domain_list_domains | List Alibaba Cloud Domains domain assets | ### Tencent Cloud #### Comprehensive | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :----------------- | :--------------------------------------- | | 1 | 2101 | Tencent Cloud | ★★★★ | list_cloud_assets | List COS, EVM, LH, RAM service assets | | 2 | 2102 | Tencent Cloud | ★★★★★ | create_honey_token | Create Tencent Cloud access credential honey tokens | #### Storage Bucket | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :--------------- | :------------------------------- | | 1 | 2201 | Tencent Cloud | ★★ | cos_list_buckets | List Tencent Cloud COS object storage buckets | #### Elastic Compute | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :----------------- | :--------------------------------- | | 1 | 2301 | Tencent Cloud | ★★ | cvm_list_instances | List Tencent Cloud CVM elastic compute instances | | 2 | 2302 | Tencent Cloud | ★ | lh_list_instances | List Tencent Cloud LH lightweight application servers | #### Unified Identity Authentication | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :------------------------ | :--------------------------------------- | | 1 | 2401 | Tencent Cloud | ★★ | cam_list_users | List Tencent Cloud CAM users | | 2 | 2402 | Tencent Cloud | ★ | cam_list_roles | List Tencent Cloud CAM roles | | 3 | 2403 | Tencent Cloud | ★ | cam_create_user | Create Tencent Cloud CAM users | | 4 | 2404 | Tencent Cloud | ★ | cam_attach_policy_to_user | Add policies to Tencent Cloud CAM users | | 5 | 2405 | Tencent Cloud | ★★★ | cam_create_login_profile | Create Tencent Cloud CAM user Web login configuration | | 6 | 2406 | Tencent Cloud | ★ | cam_create_access_key | Create Tencent Cloud CAM user access credentials | ### Huawei Cloud | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :--------------- | :-------------------------------- | | 1 | 3201 | Huawei Cloud | ★★ | obs_list_buckets | List Huawei Cloud OBS object storage buckets | ### Baidu Cloud | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :--------------- | :-------------------------------- | | 1 | 4201 | Baidu Cloud | ★★ | bos_list_buckets | List Baidu Cloud BOS object storage buckets | ### Qiniu Cloud | No. | ID | Cloud Provider | Recommended Rating | Module Name | Description | | :--: | :--: | :------------: | :--------------: | :---------------- | :--------------------------------- | | 1 | 5201 | Qiniu Cloud | ★★ | kodo_list_buckets | List Qiniu Cloud KODO object storage buckets | > The highest recommended rating is 5 stars, and the recommended rating is comprehensively determined based on factors such as the complexity, popularity, and value of the module. ## Quick Start View help information ```bash CloudSword > help Global Commands ======== Global Commands Description -------- ---- help View help information list List modules quit Exit the program search Search modules use Use module Secondary Commands ======== Secondary Commands Description -------- ---- info View module usage run Run module set Set running parameters unset Unset running parameters Environment Variables ======== Environment Variables Description -------- ---- CLOUD_SWORD_ACCESS_KEY_ID Access credential ID CLOUD_SWORD_ACCESS_KEY_SECRET Access credential Secret CLOUD_SWORD_SECURITY_TOKEN Optional, the temporary token part of the access credential CLOUD_SWORD_DETAIL Detailed content output (set no or yes) ``` List Alibaba Cloud OSS object storage buckets ```bash CloudSword > use 1201_aliyun_oss_list_buckets CloudSword Alibaba Cloud (1201_oss_list_buckets) > set ak_id XXXXXXXXXXXX ak_id ==> XXXXXXXXXXXX CloudSword Alibaba Cloud (1201_oss_list_buckets) > set ak_secret XXXXXXXXXXXX ak_secret ==> XXXXXXXXXXXX CloudSword Alibaba Cloud (1201_oss_list_buckets) > run [INFO] 2024-12-20 23:23:23 Running the 1201_aliyun_oss_list_buckets module. [INFO] 2024-12-20 23:23:23 Found the following buckets: XXXXXXXX XXXXXXXX ```  ## Join CloudSword Question Discussion Group Click "Join Group" in the menu bar of the "WgpSec Wolf Team" official account, and add "WgpSecBot" WeChat. <div align=center><img width="700" src="static/WgpSecBot.png"></div><br> After adding "WgpSecBot" WeChat, send the keyword "CloudSword" to the robot, and the robot will automatically send you the group joining link. <div align=center><img width="700" src="static/add_group.png"></div><br> ## Contributors Thank you very much for your contributions to CloudSword~, if you also want to contribute code or ideas to CloudSword, please refer to the contribution instructions: [CONTRIBUTING](https://github.com/wgpsec/cloudsword/blob/master/CONTRIBUTING.md) <div align=center> <table> <tr> <td align="center"> <a href="https://github.com/teamssix"><img alt="TeamsSix" src="https://avatars.githubusercontent.com/u/49087564" style="width: 100px;" /><br />TeamsSix</a> </td> <td align="center"> <a href="https://github.com/keac"><img alt="Keac" src="https://avatars.githubusercontent.com/u/16091665" style="width: 100px;" /><br />Keac</a> </td> <td align="center"> <a href="https://github.com/shadowabi"><img alt="shadowabi" src="https://avatars.githubusercontent.com/u/50265741" style="width: 100px;" /><br />shadowabi</a> </td> </tr> </table> </div> ## Usage Q&A I introduced why I wrote CloudSword, the future plans of CloudSword, and the questions that everyone may be concerned about in the CloudSword User Manual. Interested masters can move to [CloudSword Usage Q&A](https://wiki.teamssix.com/cloudsword/more) to view. ## Protocol CloudSword is licensed under the [Apache-2.0](https://github.com/wgpsec/cloudsword?tab=Apache-2.0-1-ov-file#Apache-2.0-1-ov-file) protocol. ## More The following is the official account of our Wolf Security Team. Masters are welcome to follow. Masters who have ideas and want to join the Wolf Team can also send their resumes to admin#wgpsec.org to join us. > When sending an email, be sure to change # to @ <div align=center><img width="700" src="static/wgpsec.png"></div><br> If you are interested in cloud security, you can check out my other project [Awesome Cloud Security](https://github.com/teamssix/awesome-cloud-security), which contains many domestic and foreign cloud security resources. In addition, there are a large number of cloud security notes and articles in my [Cloud Security Library](https://wiki.teamssix.com/), which should be a good cloud security learning material in China. The following is my personal WeChat official account. You can contact me in the TeamsSix official account. I will also publish subsequent updates about CloudSword in my official account. <div align=center><img width="700" src="static/teamssix.png"></div><br> If you feel that this project is good, you are also welcome to scan the reward code below to donate. <div align=center><img width="600" src="static/buy-coffee.png"></div><br> > The act of appreciation is purely voluntary and aims to express support and gratitude to the author or contributor of open source software, and is not a transaction for the purchase of goods or services. Appreciators should clearly understand that the appreciation payment does not guarantee any goods or services, nor does it constitute any form of contractual relationship. <div align=center><b>Thank you for using my tool</b></div>