RedCloud OS is a Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Username --> cwl
Password --> redcloud
Platform --> VMware Workstation [VMware player can also work, although we have not tested yet]
RAM --> 8GB+ recommended; 4GB Minimum
No. of cores --> 4+ Cores recommended; 2 Minimum
Getting Started with Cloud Red Team PDF --> Getting Started with Cloud Red Team PDF
- AWSCLI
- AWS Consoler
- AWS Escalate
- CloudCopy
- CloudJack
- CloudMapper
- CredKing
- Endgame
- Pacu
- Redboto
- weirdAAL
- AADCookieSpoof
- AADInternals
- AZ CLI
- AzureAD
- AzureHound
- BloodHound
- DCToolbox
- MFASweep
- MicroBurst
- Microsoft365 devicePhish
- MS Graph
- PowerUpSQL
- ROADtools
- TeamFiltration
- TokenTactics
- Gcloud CLI
- GCPBucketBrute
- GCP Delegation
- GCP Enum
- GCP Firewall Enum
- GCP IAM Collector
- GCP IAM Privilege Escalation
- GCPTokenReuse
- GoogleWorkspaceDirectoryDump
- Hayat
- Cartography
- CCAT
- CloudBrute
- CloudEnum
- Cloud Service Enum
- Evilginx2
- Gitleaks
- Impacket
- Leonidas
- Modlishka
- Mose
- PurplePanda
- Responder
- ScoutSuite
- SkyArk
- Zphisher
- Step 1 --> Download the zip archive from here
- Step 2 --> Unzip the archive
- Step 3 --> Open VMware Workstation > File > Open (Ctrl + O) > Browse to extracted folder and select RedCloud OS.ovf
- Step 4 --> Click Import
The OS setup is simple and tools are divided by the CSPs. Inside each CSP, there are three sub-categories i.e, Enumeration, Exploitation, and Post Exploitation. For multitasking and ease-of-use, Terminator is set as the default terminal.
Each tool can be launched in 4 different ways as follows:-
- By clicking their menu launchers
- Directly executing
startup.sh
script in respective/opt/
folder - Executing startup script in
/usr/local/bin
- TAB autocomplete to search binary using tool name
Note: PowerShell tools start with capital letters and all others start with small letters. In case of any confusion, feel free to checkout /usr/local/bin
.
That being said, there are some launchers like Impacket and Redboto which due to lots of scripts are only listing the scripts and folder path. In the next release, we'll be including proper launchers for these as well as as for any similar tool.
We have provided some examples of environmental variables required for certain tools to work. These variables however are not exhaustive and more can be needed on case-to-case basis.
export AWS_ACCESS_KEY_ID=<access_key_id>
export AWS_SECRET_ACCESS_KEY=<access_key>
export AWS_DEFAULT_REGION=<region>
export AZURE_CLIENT_ID = <app-id>
export AZURE_TENANT_ID = <tenant-id>
export AZURE_CLIENT_SECRET = <app-secret>
export GOOGLE_APPLICATION_CREDENTIALS = <Service Account Json File Path>
During the development procedure, few aliases were used for the sake of convenience. These aliases are still in the user account and can be used.
alias c='clear'
alias a='nano ~/.bash_aliases'
alias s='source ~/.bash_aliases'
alias v='python3 -m venv venv && source venv/bin/activate'
alias d='deactivate'
alias p='pip3 install -r requirements.txt'
alias ll='ls -la'
- Download base OS i.e, Parrot OS Architect Edition 5.3 and proceed with installation in VMware/VirtualBox.
- During VM installation, when prompted to choose components, select only Mate Desktop Environment and proceed.
- Once installation is finished, launch VM and clone this repo using
git clone https://github.com/RedTeamOperations/RedCloud-OS.git
- Browse to
build-scripts
folder and make scripts executable. - First execute uninstall.sh and wait for script to finish.
- Then execute hold.sh and wait for script to finish.
- Finally execute install.sh and wait for script to finish.
- Install required tools from APT repo/Github/Gitlab.
- Use
Menu Editor
to create applications launchers. - Use
Dconf-Editor
to customize icons. - Use
Grub Customizer
to modify Grub settings.
Below are the links of couple cheatsheets related to TTPs of cloud security assessments. Please note that these links are given for reference purposes only and might not cover everything. If you feel like you have something to contribute in regards of TTPs, please refer to their respective contributing pages.
RedCloud OS is an ongoing piece of development and your feedbacks/suggestions will help us enhance it furthermore. Feel free to either create an Issue or email us at [email protected] with the subject "RedCloud OS".
- Parrot Security for providing the Base OS
- Creators/Developers/Contributors/Maintainers of all Open Source Components used within RedCloud OS