From 339a51cd0dc82d9c888301cd3b1de4854421b8b8 Mon Sep 17 00:00:00 2001
From: Seth Art <46326948+sethsec-bf@users.noreply.github.com>
Date: Wed, 30 Aug 2023 14:11:11 -0400
Subject: [PATCH] Added CloudFox and CloudFoxable

---
 Methodology and Resources/Cloud - AWS Pentest.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md
index fc8d999..cf121be 100644
--- a/Methodology and Resources/Cloud - AWS Pentest.md	
+++ b/Methodology and Resources/Cloud - AWS Pentest.md	
@@ -35,6 +35,7 @@
 
 ## Training
 
+* CloudFoxable: A Gamified Cloud Hacking Sandbox - https://cloudfoxable.bishopfox.com/
 * AWSGoat : A Damn Vulnerable AWS Infrastructure - https://github.com/ine-labs/AWSGoat
 * Damn Vulnerable Cloud Application - https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6
 * SadCloud - https://github.com/nccgroup/sadcloud
@@ -43,6 +44,17 @@
 
 ## Tools
 
+* [CloudFox](https://github.com/BishopFox/CloudFox/) - Automating situational awareness for cloud penetration tests. Designed for white box enumeration (SecurityAudit/ReadOnly type permission), but can be used for black box (found credentials) as well.
+    *  Either Download the [latest binary release](https://github.com/BishopFox/cloudfox/releases) for your platform, or build it from source.
+    ```
+    git clone https://github.com/BishopFox/cloudfox.git
+    cd ./cloudfox
+    go build .
+    ```
+    
+   *  Run all AWS checks:  `cloudfox aws --profile [profile-name] all-checks`
+   *  List all AWS checks: `cloudfox aws`    
+    
 * [SkyArk](https://github.com/cyberark/SkyArk) - Discover the most privileged users in the scanned AWS environment, including the AWS Shadow Admins
     * Requires read-Only permissions over IAM service
     ```powershell