{"id":13649451,"url":"https://github.com/BishopFox/cloudfoxable","last_synced_at":"2025-04-22T14:31:58.667Z","repository":{"id":173967912,"uuid":"590072290","full_name":"BishopFox/cloudfoxable","owner":"BishopFox","description":"Create your own vulnerable by design AWS penetration testing playground","archived":false,"fork":false,"pushed_at":"2025-01-22T16:24:23.000Z","size":17040,"stargazers_count":366,"open_issues_count":3,"forks_count":41,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-19T04:25:32.383Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://cloudfoxable.bishopfox.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BishopFox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-17T15:45:16.000Z","updated_at":"2025-04-14T08:28:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"88c70cc1-2bea-46ba-b0c0-caaba8789616","html_url":"https://github.com/BishopFox/cloudfoxable","commit_stats":null,"previous_names":["bishopfox/cloudfoxable"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fcloudfoxable","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fcloudfoxable/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fcloudfoxable/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fcloudfoxable/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BishopFox","download_url":"https://codeload.github.com/BishopFox/cloudfoxable/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250259078,"owners_count":21401037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T02:00:16.541Z","updated_at":"2025-04-22T14:31:53.658Z","avatar_url":"https://github.com/BishopFox.png","language":"Python","readme":"![cloudfoxable-single-flag](https://github.com/BishopFox/cloudfoxable/assets/46326948/d0c20a83-0851-4b93-8e57-d6c43edbd506)\n\nStart Hacking: [CloudFoxable](https://cloudfoxable.bishopfox.com)\n\nRead the blog for more details: [Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox](https://bishopfox.com/blog/cloudfoxable-gamified-cloud-hacking-sandbox)\n\n# Background\n\nCloudFox helps penetration testers and security professionals find exploitable attack paths in cloud infrastructure. However, what if you want to find and exploit services not yet present in your current environment? What if you lack access to an enterprise AWS environment? \n\nEnter CloudFoxable, an intentionally vulnerable AWS environment created specifically to showcase CloudFox’s capabilities and help you find latent attack paths more effectively. Drawing inspiration from [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat), [flaws.cloud](https://flaws.cloud/), [flaws2.cloud](https://flaws2.cloud/) and [Metasploitable 1-3](https://github.com/rapid7/metasploitable3), CloudFoxable provides a wide array of flags and attack paths in a CTF format. \n\nSimilar to [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) and [IAM-Vulnerable](https://github.com/BishopFox/iam-vulnerable), CloudFoxable deploys intentionally vulnerable AWS resources in a user-managed playground account, for users to learn about identifying and exploiting cloud vulnerabilities. However, more like [flaws.cloud](https://flaws.cloud/), your experience is more web based and guided. \n\n\n* Total number of challenges:    18\n\n# A Modular Approach\n\nSimilar to IAM-Vulnerable, some challenges are enabled by default (the ones that have little or no cost implications), and others are disabled by default (the ones that incur cost if deployed). This way, you can enable specific modules as needed. The mechanism for enabling/disabling challenges is a little different than IAM-Vulnerable though. \n\nWithin cloudfoxable.bishopfox.com, each challenge will tell you if you need to make any terraform changes (aka deploy something) to complete the challenge. The way you do this is to edit terraform.tfvars and update the enabled flag from false to true as needed. \n\nHere's an example: \n\n```\n############################\n# Enabled/Disabled Challenges\n############################\n\n# Always on (Low or No cost)\nchallenge_foo_enabled = true\nchallenge_bar_enabled = true\nchallenge_alice_enabled = true\n\n# Enable as needed (These challenges incur cost)\nchallenge_bob_enabled = false\nchallenge_mallory_enabled = false\n```\n\nTo enable the mallory challenge, you would simply update the following line:\n```\nchallenge_mallory_enabled = true\n```\n\nAfter you enable a challenge, you will need to re-run terraform apply:\n```\nterraform apply\n```\n\nYou have now deployed the mallory challenge.\n\n\n**Cleanup**\n\nWhenever you want to remove all of the CloudFoxable-created resources, you can run these commands:\n1. `cd cloudfoxable/aws`\n1. `terraform destroy`\n\n# Hungry for more? \n\nhttps://github.com/iknowjason/Awesome-CloudSec-Labs\n\n\n# Contributing\n\nIf you'd like to add a new challenge, here's the steps within CloudFoxable once you fork the repo: \n\n* `cp aws/challenges/1_challenge_template aws/challenges/challenge_name`\n* Rename the challenge template folder and `challenge_name.tf` file to the name of your challenge.\n* Add your terraform code\n* Make a new variable in aws/variables.tf\n  ```\n  variable \"challenge_name_enabled\" {\n  description = \"Enable or disable challenge_name challenge (true = enabled, false = disabled)\"\n  type        = bool\n  default     = false\n  }\n  ```\n* Add it to the \"Enabled/Disabled Challenge section in `terraform.tfvars.example`. Specify if it should be enabled by default (low/no cost), or disabled by default (costs $$)\n  ```\n  challenge_name_enabled = false\n  ```\n* Add the module to aws/main.tf\n  ```\n  module \"challenge_challenge_name\" {\n    source = \"./challenges/challenge-name\"\n    count = var.challenge_name_enabled ? 1 : 0\n    aws_assume_role_arn = (var.aws_assume_role_arn != \"\" ? var.aws_assume_role_arn : data.aws_caller_identity.current.arn) \n    account_id = data.aws_caller_identity.current.account_id\n    aws_local_profile = var.aws_local_profile\n    user_ip = local.user_ip\n    }\n   ```\n* Add the challenge name to the `enabled_challenges` local variable:\n  ```\n    var.challenge_name_enabled ?                   \"name                      | $12/month    |\" : \"\"\n  ```\n\n\n\n\n\n\n\n","funding_links":[],"categories":["Intentionally Vulnerable Challenges","Sorted by Technology and Category","Capture The Flag","Cloud and Backend Security","Python"],"sub_categories":["Cloud-Focused","AWS IoT Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBishopFox%2Fcloudfoxable","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBishopFox%2Fcloudfoxable","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBishopFox%2Fcloudfoxable/lists"}