Info

metadata endpoint

https://www.alibabacloud.com/help/en/doc-detail/49122.htm

Alibaba cloud CLI

https://github.com/aliyun/aliyun-cli

Access level required to perform cloud review

The following role is requiured:

Organization Resource Auditor

As Unauthenticated

CloudBrute

Link: https://github.com/0xsha/CloudBrute

A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.

As Authenticated

aliyun

Link: https://github.com/aliyun/aliyun-cli

Generate credential report:

aliyun ims GenerateCredentialReport --endpoint ims.aliyuncs.com

ScoutSuite

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.