Multi-Cloud Penetration Testing Platform
A modular toolkit for AWS, Azure, GCP, Kubernetes, and modern web applications.
CloudStrikeX is a desktop (Tkinter) security platform that unifies cloud reconnaissance, vulnerability assessment, web-application testing, and exploitation into a single workspace. It is built for red teams and security professionals performing authorized assessments of cloud and web environments — combining multi-cloud coverage, a real-time activity log, and an interactive console.
⚠️ For authorized security testing only. See Legal & Responsible Use.
CloudStrikeX was created by a security researcher with hands-on experience across cloud penetration-testing engagements. It began as a personal collection of scripts — used to speed up the repetitive parts of real assessments — and grew into a single, modular platform.
The goal is simple: give penetration testers and red teams one workspace that brings multi-cloud assessment, web and network testing, OSINT, and reporting together, so they can spend less time on setup and more time on findings — always within the bounds of authorized engagements.
- Multi-Cloud Coverage — dedicated modules for AWS, Azure, GCP, DigitalOcean, and Kubernetes (misconfiguration review, IAM/RBAC analysis, privilege-escalation paths, and service-specific checks).
- Advanced Web Application Scanner — raw-request import (Burp Suite / OWASP ZAP / cURL), flexible target scoping, authenticated scanning, and verified vulnerability detection.
- Network Scanning Suite — configurable port profiles, SYN/stealth scans, service & OS detection, traceroute, and broad protocol enumeration (SMB, LDAP, SNMP, RDP, NFS, Redis, MongoDB, Elastic, MySQL).
- OSINT & Enumeration — DNS, subdomain discovery, certificate transparency, S3/Blob exposure checks, IAM/policy auditing, and GitHub reconnaissance.
- Exploitation Toolkit — AWS credential extraction, IMDS bypass, SSRF chaining, container-escape checks, and managed-identity testing.
- Interactive Console — real-time command execution, quick-action shortcuts, OSINT helpers, module selection, and session management.
- Reporting — export findings to PDF, Excel, and JSON.
AWS — credential validation, IAM, and per-service scanning |
Azure — authentication, RBAC, and resource scanning |
GCP — IAM, storage, GKE, and Secret Manager analysis |
Network — port profiles, scan techniques, and protocol enumeration |
Enumeration & OSINT — subdomains, infrastructure, and intelligence gathering |
Web Scanner — raw-request import and authenticated scanning |
Exploitation — AWS, SSRF, and multi-cloud testing modules |
Automation — scheduling, integrations, and compliance reporting |
Console — quick commands, OSINT shortcuts, and session management |
CloudStrikeX runs on Windows, macOS, and Linux.
- Python 3.8+
- Tkinter — bundled with most Python builds; install separately if missing.
- nmap binary on
PATH— required only for the Network Scanning features. - Python dependencies (cloud SDKs, scanning, reporting) are installed via
requirements.txt. Windows-only packages are gated automatically and are skipped on macOS/Linux.
Platform-specific prerequisites:
| OS | Tkinter | nmap |
|---|---|---|
| Windows | included with the python.org installer | nmap.org/download |
| macOS | brew install python-tk (if needed) |
brew install nmap |
| Debian/Ubuntu | sudo apt install python3-tk |
sudo apt install nmap |
| Fedora/RHEL | sudo dnf install python3-tkinter |
sudo dnf install nmap |
git clone https://github.com/infosec-lab/CloudStrikeX.git
cd CloudStrikeX
# (recommended) create and activate a virtual environment
python -m venv venv
# Windows: venv\Scripts\activate
# macOS / Linux: source venv/bin/activate
pip install -r requirements.txtCloudStrikeX is a desktop GUI application. Launch it with:
python CloudStrikeX.pyOn Windows, you can use the helper script, which verifies Python, checks dependencies, and installs them if needed:
launch.batOnce the window opens, use the top navigation tabs — AWS, Azure, GCP, Network, Enumeration, Web Scanner, Exploitation, Automation, Console — to run modules. Results stream into the Activity Log and Recent Activity panels in real time.
- Global settings:
config/config.json(scan timeouts, thread limits, default ports, reporting formats). - UI preferences (theme, colors):
cloudstrikex_settings.json. - Sample targets:
data/(e.g.data/test_targets.txt).
CloudStrikeX is intended exclusively for authorized security testing, research, and education.
- Only test systems you own or have explicit, written permission to assess.
- Unauthorized scanning or exploitation of systems is illegal in most jurisdictions and may carry severe penalties.
- The authors and contributors accept no liability for misuse or for any damage caused by this tool.
By using CloudStrikeX you agree that you are solely responsible for your actions and for complying with all applicable laws and regulations.
Contributions are welcome! See CONTRIBUTING.md for development setup and conventions, and SECURITY.md for reporting vulnerabilities. A summary of changes is kept in CHANGELOG.md.
Released under the MIT License. See LICENSE for details.
infosec-lab — Senior Security Consultant
📧 Email: infoseclab005@gmail.com
📖 GitHub: @infosec-lab
- Security Community — for feedback, testing, and collaboration
- Open Source Contributors — for inspiration and technical guidance
CloudStrikeX — Multi-Cloud Penetration Testing Platform for AWS, Azure, GCP, and modern web environments.
Built with ❤️ for the security community.
