Skip to content

404tk/cloudtoolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits
.github
.github
 
 
cmd
cmd
 
 
pkg
pkg
 
 
runner
runner
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 

Repository files navigation

CloudToolKit

Interactive multi-cloud security assessment framework.

Features

  • Multi-Cloud Support - Alibaba, Tencent, Huawei, AWS, Azure, GCP, Volcengine, JDCloud
  • Asset Enumeration - Hosts, databases, storage buckets, domains, IAM users
  • Security Testing - Backdoor user creation, command execution, bucket dumping
  • Interactive CLI - Tab completion, session management, credential caching

Quick Start

# Download from releases or build from source
go build --ldflags "-s -w" -trimpath -o ctk cmd/main.go

# Run interactive console
./ctk

Supported Capabilities

Provider Enumeration Security Testing
Alibaba Cloud ECS, OSS, RAM, RDS, DNS, SLS, SMS backdoor-user, bucket-dump, exec-command, event-dump, database-account
Tencent Cloud CVM, Lighthouse, COS, CAM, CDB, DNSPod backdoor-user, exec-command
Huawei Cloud ECS, OBS, IAM, RDS backdoor-user
AWS EC2, S3, IAM backdoor-user, bucket-dump
Azure Virtual Machines, Blob Storage -
GCP Compute Engine, Cloud DNS, IAM -
Volcengine ECS, IAM -
JDCloud VM, IAM, OSS -

Documentation

See Wiki for detailed usage.

Acknowledgements

About

Cloud Penetration Testing Toolkit

Topics

aws cloud pentesting aliyun accesskey huaweicloud

Resources

Readme

License

MIT license
Activity

Stars

106 stars

Watchers

6 watching

Forks

13 forks
Report repository

Releases 15

v0.1.7 Latest
Jan 7, 2026
+ 14 releases

Languages