LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

cloudsploit

Open-source cloud security posture management scanner

TLDR

Run a scan with default settings
$ cloudsploit scan
copy
Scan a specific cloud provider
$ cloudsploit scan --cloud [aws]
copy
Scan with a specific compliance framework
$ cloudsploit scan --compliance [hipaa]
copy
Output results as JSON
$ cloudsploit scan --json [output.json]
copy
Run a specific plugin only
$ cloudsploit scan --plugin [pluginName]
copy
Scan with a custom config file
$ cloudsploit scan --config [config.js]
copy
Output results as CSV
$ cloudsploit scan --csv [output.csv]
copy

SYNOPSIS

cloudsploit command [options]

DESCRIPTION

CloudSploit is an open-source cloud security scanner that detects security risks and misconfigurations across AWS, Azure, GCP, Oracle Cloud, and GitHub. It checks for hundreds of security issues including public S3 buckets, overly permissive IAM policies, unencrypted databases, and exposed services.The tool operates in two phases: a collection phase that queries cloud APIs to gather infrastructure metadata, and a scanning phase that analyzes the data to identify misconfigurations and security risks. Results are categorized by severity (OK, WARN, FAIL, UNKNOWN) with descriptions and remediation guidance.CloudSploit supports compliance mapping to frameworks like CIS Benchmarks, PCI-DSS, and HIPAA, helping organizations meet regulatory requirements. It can be integrated into CI/CD pipelines for continuous security monitoring.

PARAMETERS

scan

Run security scan against cloud infrastructure.
--cloud provider
Target cloud provider: aws, azure, gcp, oracle.
--compliance framework
Check against a compliance framework (hipaa, pci, cis). CIS runs both Level 1 and Level 2 controls.
--plugin name
Run only the specified plugin.
--json file
Output results in JSON format to the specified file.
--csv file
Output results in CSV format to the specified file.
--junit file
Output results in JUnit XML format.
--config file
Use a custom configuration file for credentials and settings.
--suppress plugins
Suppress specific plugins from results.
--remediate plugins
Attempt automatic remediation for the specified plugins. Takes a comma-separated list of plugin names.

CAVEATS

Requires appropriate cloud credentials with read permissions configured in config.js or environment variables. Scanning large environments may take significant time and incur API costs. Some checks require specific permissions that may not be available in restricted accounts. Automated remediation should be tested in non-production environments first.

HISTORY

CloudSploit was originally created by CloudSploit Inc., which was acquired by Aqua Security in 2019. First released around 2015, it grew to support multiple cloud providers and became one of the foundational open-source tools in the cloud security posture management (CSPM) space. Aqua continues to maintain the open-source version while offering a commercial SaaS platform.

SEE ALSO

prowler(1)

Copied to clipboard
Kai