Merge pull request #668 from sethsec-bf/patch-1

Added CloudFox and CloudFoxable

Methodology and Resources/Cloud - AWS Pentest.md

@@ -35,6 +35,7 @@
 
 ## Training
 
+* CloudFoxable: A Gamified Cloud Hacking Sandbox - https://cloudfoxable.bishopfox.com/
 * AWSGoat : A Damn Vulnerable AWS Infrastructure - https://github.com/ine-labs/AWSGoat
 * Damn Vulnerable Cloud Application - https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6
 * SadCloud - https://github.com/nccgroup/sadcloud
@@ -43,6 +44,17 @@
 
 ## Tools
 
+* [CloudFox](https://github.com/BishopFox/CloudFox/) - Automating situational awareness for cloud penetration tests. Designed for white box enumeration (SecurityAudit/ReadOnly type permission), but can be used for black box (found credentials) as well.
+    *  Either Download the [latest binary release](https://github.com/BishopFox/cloudfox/releases) for your platform, or build it from source.
+    ```
+    git clone https://github.com/BishopFox/cloudfox.git
+    cd ./cloudfox
+    go build .
+    ```
+    
+   *  Run all AWS checks:  `cloudfox aws --profile [profile-name] all-checks`
+   *  List all AWS checks: `cloudfox aws`    
+    
 * [SkyArk](https://github.com/cyberark/SkyArk) - Discover the most privileged users in the scanned AWS environment, including the AWS Shadow Admins
     * Requires read-Only permissions over IAM service
     ```powershell