中文 | English
CF is a cloud exploitation framework, It can facilitate the work of the red team after obtaining access key.
Comprehensive Guide to CF Commands
Current Supported Clouds:
- Alibaba Cloud
- Tencent Cloud
- AWS
- Huawei Cloud
For detailed manuals, please visit: wiki.teamssix.com/cf
The manual currently supports Chinese only
brew tap teamssix/tap
brew install teamssix/tap/cfDownload the compressed files corresponding to the system in the CF download url: github.com/teamssix/cf/releases, decompressing it and run it in the command line.
The following systems are currently supported
| File name | System | Architecture | Bit |
|---|---|---|---|
| cf_x.x.x_darwin_amd64.tar.gz | MacOS | AMD (Mac for Intel chips) | 64 |
| cf_x.x.x_darwin_arm64.tar.gz | MacOS | ARM (Mac for Apple M Series Chips) | 64 |
| cf_x.x.x_linux_386.tar.gz | Linux | AMD | 32 |
| cf_x.x.x_linux_amd64.tar.gz | Linux | AMD | 64 |
| cf_x.x.x_linux_arm64.tar.gz | Linux | ARM | 64 |
| cf_x.x.x_windows_386.zip | Windows | AMD | 32 |
| cf_x.x.x_windows_amd64.zip | Windows | AMD | 64 |
| cf_x.x.x_windows_arm64.zip | Windows | ARM | 64 |
| Title | Version | Article URL | Author | Release Time |
|---|---|---|---|---|
| 《CF 云环境利用框架最佳实践》 | v0.4.5 | wiki.teamssix.com/cf/cases/cf_best_practices | TeamsSix | 2023.6.4 |
| 《记一次打穿云上内网的攻防实战》 | v0.4.5 | zone.huoxian.cn/d/2766 | Walker 沃克 | 2023.5.21 |
| 《一次简单的"云"上野战记录》 | v0.4.2 | mp.weixin.qq.com/s/wi8CoNwdpfJa6eMP4t1PCQ | carrypan | 2022.10.19 |
| 《记录一次平平无奇的云上攻防过程》 | v0.4.0 | zone.huoxian.cn/d/2557 | TeamsSix | 2022.9.14 |
| 《我用 CF 打穿了他的云上内网》 | v0.2.4 | zone.huoxian.cn/d/1341-cf | TeamsSix | 2022.7.13 |
I have created a Q&A thread in the Discussions section of the CF project on GitHub. If you have any questions or issues related to CF, feel free to ask there, and I will provide the corresponding answers. Additionally, you can find a compilation of previously asked questions in that thread.
CF Q&A thread: github.com/teamssix/cf/discussions/250
Here is the example of Alibaba Cloud, other more operations can be viewed in the user manual.
Configuration
cf config
One-click access to current access credentials
cf alibaba perm
One-click to take over the console
cf alibaba console
One-click listing of cloud service resources with current access credentials
cf alibaba ls
View the help information for the operation of the command executed by CF for the instance
cf alibaba ecs exec -h
One-click command to execute proof of privilege for all instances
cf alibaba ecs exec -b
One-click access to temporary access credential data in instances
cf alibaba ecs exec -m
One-click download of OSS object storage data
cf alibaba oss obj get
One-click creation of RDS account
cf alibaba rds account
One-Click Upgrade CF Version
cf upgrade
If it feels good, maybe you can give me a Star ~
Thank you for your contributions to CF, A note on contributions: CONTRIBUTING
CF has joined 404Starlink
If you are interested in cloud security, you can see my other project Awesome Cloud Security , many cloud security resources are included here.
If these cloud security resources are still not enough for you, check out my cloud security knowledge base), where I have a lot of notes and articles in the direction of cloud security.
Finally, the following is my personal wechat official accounts, welcome to follow ~
If you would like to work with me on this, you can join the team by sending your resume to admin@wgpsec.org.
- This tool can only be used in legal scenarios and is strictly forbidden to be used in illegal scenarios.
- The risks involved in this tool are the responsibility of the tenant and not the cloud providers.
