你好 @0x727,
对于使用阿里云、腾讯云、华为云的企业,如果能直接从云平台导入资产,会比网络侦察更快更准确。
建议:增加--cloud-provider参数
支持:
python3 ShuiZe.py --cloud-provider aliyun --access-key-id xxx --access-key-secret xxx
python3 ShuiZe.py --cloud-provider tencent --secret-id xxx --secret-key xxx
python3 ShuiZe.py --cloud-provider huawei --ak xxx --sk xxx
拉取的资产类型:
- ECS/CVM实例(公网IP、内网IP、安全组)
- SLB/CLB负载均衡(监听端口、后端服务器)
- RDS/OBS等数据库和存储(内网地址)
- VPC和子网CIDR
SDK依赖:
- 阿里云:
aliyun-python-sdk-core
- 腾讯云:
tencentcloud-sdk-python
- 华为云:
huaweicloudsdkcore
好处:
- 内网IP也能被纳入资产清单
- 安全组规则可以帮助判断端口开放情况
- 从"小时级"侦察缩短到"分钟级"
这是云原生时代非常有竞争力的功能。
[English Translation / 英文摘要]
Hi maintainers, this issue is a feature / architecture / security suggestion for 10_ShuiZe.
The Chinese text above contains the detailed proposal with technical context and implementation ideas.
In summary: we are requesting the enhancement described above and would be happy to provide PRs or further discussion in either Chinese or English.
Thank you for the excellent work on this project!
你好 @0x727,
对于使用阿里云、腾讯云、华为云的企业,如果能直接从云平台导入资产,会比网络侦察更快更准确。
建议:增加
--cloud-provider参数支持:
拉取的资产类型:
SDK依赖:
aliyun-python-sdk-coretencentcloud-sdk-pythonhuaweicloudsdkcore好处:
这是云原生时代非常有竞争力的功能。
[English Translation / 英文摘要]
Hi maintainers, this issue is a feature / architecture / security suggestion for 10_ShuiZe.
The Chinese text above contains the detailed proposal with technical context and implementation ideas.
In summary: we are requesting the enhancement described above and would be happy to provide PRs or further discussion in either Chinese or English.
Thank you for the excellent work on this project!