CloudExploit is a powerful multi‑cloud security scanning engine built for:
- ☁️ AWS, Azure, GCP, Oracle Cloud
- 🔐 Compliance auditing (HIPAA, PCI, CIS)
- ⚙️ CI/CD security automation
- 🤖 AI‑driven security workflows (future‑ready)
It detects misconfigurations, vulnerabilities, and risky policies across your cloud infrastructure.
CloudExploit supports multiple execution strategies:
| Mode | Description |
|---|---|
standard |
Full scan, all plugins |
fast |
Parallel scan, optimized for speed |
targeted |
Plugin‑specific scanning |
compliance |
Compliance‑only execution |
ci |
Optimized for CI/CD pipelines |
low-memory |
Reduced resource usage |
Example
./index.js --mode=fastRun scans without touching real cloud accounts:
./index.js --emulator=localUse cases
- 🔍 Plugin development
- 🧪 Security testing
- 🎓 Training environments
- 🧱 CI sandbox validation
CloudExploit includes an optional web UI for real‑time visibility.
- 📊 Live scan monitoring
- 🧠 Risk scoring visualization
- 📁 Historical scan explorer
- 📉 Compliance dashboards
- 🔐 Multi‑account view
Run the frontend
cd web
npm install
npm run devOpen: http://localhost:3000
git clone https://github.com/khulnasoft/cloudexploit.git
cd cloudexploit
npm install
./index.js -hdocker build . -t cloudexploit:latest
docker run cloudexploit:latest -h
docker run \
-e AWS_ACCESS_KEY_ID=XX \
-e AWS_SECRET_ACCESS_KEY=YY \
cloudexploit:latest --compliance=pci./index.js./index.js --mode=fast./index.js --compliance=pci./index.js --exit-code --ignore-ok./index.js --json=report.json --csv=report.csv- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Oracle Cloud Infrastructure
- GitHub
CloudExploit requires read‑only security audit access.
- AWS →
docs/aws.md - Azure →
docs/azure.md - GCP →
docs/gcp.md - OCI →
docs/oracle.md
Example config
azure: {
application_id: process.env.AZURE_APPLICATION_ID,
key_value: process.env.AZURE_KEY_VALUE,
directory_id: process.env.AZURE_DIRECTORY_ID,
subscription_id: process.env.AZURE_SUBSCRIPTION_ID
}CloudExploit uses a two‑phase scanning pipeline:
[ Collection Engine ]
↓
[ Data Normalizer ]
↓
[ Plugin Scanner Engine ]
↓
[ Risk Scoring + Compliance Mapper ]
↓
[ Output Engine / API / Web UI ]
Each plugin represents:
- A security control
- A misconfiguration detection rule
- A compliance mapping
Run a single plugin
./index.js --plugin acmValidationSee:
docs/writing-plugins.mddocs/writing-remediation.md
| Format | Usage |
|---|---|
| Console Table | default |
| JSON | --json=file.json |
| CSV | --csv=file.csv |
| JUnit XML | --junit=file.xml |
| Raw Collection | --collection=data.json |
Suppress known acceptable risks:
--suppress pluginId:region:resourceIdExample
--suppress *:*:certificate/*Perfect for:
- GitHub Actions
- GitLab CI
- Jenkins
- DevSecOps pipelines
Example
./index.js --exit-code --ignore-ok --json=report.jsonUse the fully managed SaaS platform:
👉 https://cloud.khulnasoft.com/signup
- 🤖 AI risk scoring engine
- 🧠 LLM‑based remediation suggestions
- 🔗 SIEM & SOAR integrations
- 📡 Real‑time cloud event scanning
- 🛰 Attack path simulation engine
We welcome contributions:
- Plugins
- Remediation scripts
- New cloud providers
- Performance optimizations
See .github/CONTRIBUTING.md
CloudExploit is intended for:
- Security auditing
- Compliance validation
- Defensive security research
Users must ensure legal authorization before scanning cloud environments.
Built with ❤️ by Khulnasoft Security Team