CloudFox is an open source CLI tool that automates situational awareness and identifies exploitable attack paths in cloud environments for penetration testers.
Automating situational awareness for cloud penetration tests.
CloudFox is primarily used by penetration testers and offensive security professionals to enumerate and analyze cloud infrastructure configurations, permissions, and potential vulnerabilities across AWS, Azure, and GCP environments. It helps users discover attack paths, exposed secrets, and overly permissive roles to simulate compromise scenarios and improve cloud security posture.
CloudFox requires AWS CLI installed and supports AWS profiles, environment variables, or EC2 instance metadata for authentication. It is designed to work with limited read-only permissions but can also be used with found credentials for black box testing. Failed checks fail silently to avoid revealing access levels. Users should refer to the official wiki for full documentation and best practices.
Download the latest binary release from the GitHub releases page
Install via Homebrew using `brew install cloudfox`
Install Go and run `go install github.com/BishopFox/cloudfox@latest` to install from source
Clone the repository with `git clone https://github.com/BishopFox/cloudfox.git`
Build the tool using `go build .` inside the cloned directory
Run the compiled binary `./cloudfox`
For testing bug fixes, clone with SSH, checkout the branch, build, and runcloudfox aws --profile [profile-name] all-checks
Runs all AWS enumeration commands with sane defaults for comprehensive cloud assessment.
cloudfox aws --profile [profile-name] [specific-command]
Run individual AWS enumeration commands modularly to target specific checks.