> ## Documentation Index
> Fetch the complete documentation index at: https://docs.projectdiscovery.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Running Cloudlist
> Learn about running Cloudlist with examples and support details
For all of the flags and options available for `cloudlist` be sure to check out the [Usage](/opensource/cloudlist/usage) page. On this page you can find some examples with output, details of what 'cloudlist' supports, and details on configuration.
If you have questions, reach out to us through [Help](/help).
## Basic Examples
```
cloudlist
```
This will list all the assets from configured providers in the configuration file. Specific providers and asset type can also be specified using `provider` and `id` filter.
```console theme={null}
cloudlist -provider aws,gcp
________ _____ __
/ ____/ /___ __ ______/ / (_)____/ /_
/ / / / __ \/ / / / __ / / / ___/ __/
/ /___/ / /_/ / /_/ / /_/ / / (__ ) /_
\____/_/\____/\__,_/\__,_/_/_/____/\__/ v0.0.1
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Listing assets from AWS (prod) provider.
example.com
example2.com
example3.com
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
[INF] Found 2 hosts and 6 IPs from AWS service (prod)
```
## GCP Asset API Examples
List all assets from a specific GCP organization using the Asset API:
```bash theme={null}
cloudlist -provider gcp -id organization
```
List assets from specific GCP projects only:
```bash theme={null}
cloudlist -provider gcp -id organization -json | jq '.[] | select(.provider == "gcp")'
```
## Running cloudlist with Nuclei
Scanning assets from various cloud providers with nuclei for security assessments:-
```bash theme={null}
cloudlist -silent | httpx -silent | nuclei -t cves/
```
# Supported providers
For a full list of supported cloud providers, see [Cloud Providers](/opensource/cloudlist/providers).
# Configuration file
The default provider config file should be located at `$HOME/.config/cloudlist/provider-config.yaml` and has the following contents as an example. In order to run this tool, the keys need to updated in the config file for the desired providers.
## Example Provider Config
```yaml theme={null}
- provider: do # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: xxxx
# digitalocean_token is the API key for digitalocean cloud platform
digitalocean_token: $DIGITALOCEAN_TOKEN
- provider: scw # provider is the name of the provider
# scaleway_access_key is the access key for scaleway API
scaleway_access_key: $SCALEWAY_ACCESS_KEY
# scaleway_access_token is the access token for scaleway API
scaleway_access_token: $SCALEWAY_ACCESS_TOKEN
- provider: aws # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# aws_access_key is the access key for AWS account
aws_access_key: $AWS_ACCESS_KEY
# aws_secret_key is the secret key for AWS account
aws_secret_key: $AWS_SECRET_KEY
# aws_session_token session token for temporary security credentials retrieved via STS (optional)
aws_session_token: $AWS_SESSION_TOKEN
- provider: gcp # provider is the name of the provider
# profile is the name of the provider profile
id: logs
# gcp_service_account_key is the minified json of a google cloud service account with list permissions
gcp_service_account_key: '{xxxxxxxxxxxxx}'
# GCP with Asset API (organization-level discovery)
- provider: gcp # provider is the name of the provider
id: organization
# gcp_service_account_key is the minified json of a google cloud service account with asset inventory permissions
gcp_service_account_key: '{xxxxxxxxxxxxx}'
# use_asset_inventory enables the Cloud Asset Inventory API
use_asset_inventory: true
# organization_id is the organization ID (e.g., "123456789012")
organization_id: $GCP_ORGANIZATION_ID
# project_ids is a list of project IDs to scan (optional)
project_ids:
- $GCP_PROJECT_ID_1
- $GCP_PROJECT_ID_2
- provider: azure # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# subscription_id is the azure subscription id (required)
subscription_id: $AZURE_SUBSCRIPTION_ID
# client_id is the client ID of registered application (optional - for service principal auth)
client_id: $AZURE_CLIENT_ID
# client_secret is the secret of registered application (optional - for service principal auth)
client_secret: $AZURE_CLIENT_SECRET
# tenant_id is the tenant ID (optional - for service principal auth)
tenant_id: $AZURE_TENANT_ID
# use_cli_auth: true enables Azure CLI authentication (optional)
use_cli_auth: true
# Other supported auth methods:
# use_managed_identity: true # For Azure VMs, App Services, AKS
# use_workload_identity: true # For Kubernetes, GitHub Actions OIDC
# certificate_path: /path/cert # For certificate-based authentication
- provider: cloudflare # provider is the name of the provider
# email is the email for cloudflare
email: $CF_EMAIL
# api_key is the api_key for cloudflare
api_key: $CF_API_KEY
# api_token is the scoped_api_token for cloudflare (optional)
api_token: $CF_API_TOKEN
- provider: heroku # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# heroku_api_token is the api key for Heroku account
heroku_api_token: $HEROKU_API_TOKEN
- provider: linode # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# linode_personal_access_token is the personal access token for linode account
linode_personal_access_token: $LINODE_PERSONAL_ACCESS_TOKEN
- provider: fastly # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# fastly_api_key is the personal API token for fastly account
fastly_api_key: $FASTLY_API_KEY
- provider: alibaba # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# alibaba_region_id is the region id of the resources
alibaba_region_id: $ALIBABA_REGION_ID
# alibaba_access_key is the access key ID for alibaba cloud account
alibaba_access_key: $ALIBABA_ACCESS_KEY
# alibaba_access_key_secret is the secret access key for alibaba cloud account
alibaba_access_key_secret: $ALIBABA_ACCESS_KEY_SECRET
- provider: namecheap # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# namecheap_api_key is the api key for namecheap account
namecheap_api_key: $NAMECHEAP_API_KEY
# namecheap_user_name is the username of the namecheap account
namecheap_user_name: $NAMECHEAP_USER_NAME
- provider: terraform # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
#tf_state_file is the location of terraform state file (terraform.tfsate)
tf_state_file: path/to/terraform.tfstate
- provider: hetzner # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# auth_token is the is the hetzner authentication token
auth_token: $HETZNER_AUTH_TOKEN
- provider: nomad # provider is the name of the provider
# nomad_url is the url for nomad server
nomad_url: http:/127.0.0.1:4646/
# nomad_ca_file is the path to nomad CA file
# nomad_ca_file: .pem
# nomad_cert_file is the path to nomad Certificate file
# nomad_cert_file: .pem
# nomad_key_file is the path to nomad Certificate Key file
# nomad_key_file: .pem
# nomad_token is the nomad authentication token
# nomad_token:
# nomad_http_auth is the nomad http auth value
# nomad_http_auth:
- provider: consul # provider is the name of the provider
# consul_url is the url for consul server
consul_url: http://localhost:8500/
# consul_ca_file is the path to consul CA file
# consul_ca_file: .pem
# consul_cert_file is the path to consul Certificate file
# consul_cert_file: .pem
# consul_key_file is the path to consul Certificate Key file
# consul_key_file: .pem
# consul_http_token is the consul authentication token
# consul_http_token:
# consul_http_auth is the consul http auth value
# consul_http_auth:
- provider: openstack # provider is the name of the provider
# id is the name of the provider id
id: staging
# identity_endpoint is OpenStack identity endpoint used to authenticate
identity_endpoint: $OS_IDENTITY_ENDPOINT
# domain_name is OpenStack domain name used to authenticate
domain_name: $OS_DOMAIN_NAME
# tenant_name is OpenStack project name
tenant_name: $OS_TENANT_NAME
# username is OpenStack username used to authenticate
username: $OS_USERNAME
# password is OpenStack password used to authenticate
password: $OS_PASSWORD
- provider: kubernetes # provider is the name of the provider
# id is the name of the provider id
id: staging
# kubeconfig_file is the path of kubeconfig file
kubeconfig: path/to/kubeconfig
# context is the context to be used from kubeconfig file
context:
```
# Cloudlist as a library
It's possible to use the library directly in your go programs. The following code snippets outline how to list assets from all or given cloud provider.
```go theme={null}
package main
import (
"context"
"log"
"github.com/projectdiscovery/cloudlist/pkg/inventory"
"github.com/projectdiscovery/cloudlist/pkg/schema"
)
func main() {
inventory, err := inventory.New(schema.Options{
schema.OptionBlock{"provider": "digitalocean", "digitalocean_token": "ec405badb974fd3d891c9223245f9ab5871c127fce9e632c8dc421edd46d7242"},
})
if err != nil {
log.Fatalf("%s\n", err)
}
for _, provider := range inventory.Providers {
resources, err := provider.Resources(context.Background())
if err != nil {
log.Fatalf("%s\n", err)
}
for _, resource := range resources.Items {
_ = resource // Do something with the resource
}
}
}
```