Welcome to Cloud City, an advanced proxy management tool designed to streamline and automate the process of utilizing cloud resources for security testing. Cloud City is inspired by the classic cloud proxy tool by Tom Steele, reimagined and revamped to meet modern cybersecurity challenges. This utility is tailored for professionals who need to conduct rigorous testing against firewalls and ensure that security operations centers (SOCs) can detect their activity.
- Dynamic Cloud Proxy: Quickly creates and manages a series of Digital Ocean droplets to be used as SSH tunnel proxies.
- Automatic CSV Generation: Generates a CSV file listing all IP addresses used, facilitating easy log checking for clients.
- Graceful Teardown: Upon receiving a CTRL+C command, Cloud City will automatically destroy the droplets, terminate the SSH tunnels, and clean up your
known_hosts
to prevent future SSH conflicts. - Companion Scripts: Two utility scripts,
Firespray
andbobafett
, enhance the functionality of Cloud City by providing specific proxy services for different use cases.
Firespray integrates seamlessly with nmap
, providing you with a fresh, random IP address from your Digital Ocean droplets for each scan initiated, ensuring varied scan sources and improved test reliability.
Bobafett is your go-to for proxychains. It enables you to run any command with a new IP each time, automatically updating your proxychains.conf
to reflect the current active proxies.
Both scripts maintain a detailed log of every command executed and the corresponding IP address it was routed through, culminating in a comprehensive CSV report for evidential and auditing purposes.
To leverage Cloud City, you'll need to have a Digital Ocean account and your SSH key ID readily available. Before compiling the code, ensure you replace the placeholder in the source code with your actual SSH key ID obtained from Digital Ocean.
If your RSA key has a passphrase, you will need to use ssh-add
to add your SSH private key to the list of known keys to allow Cloud City to use it without prompting for a passphrase each time.
Run the following command:
ssh-add /path/to/your/private/key
Note: If you have not used ssh-add
before, you may need to start the SSH agent first with eval $(ssh-agent)
.
Set your Digital Ocean access token as an environment variable:
export DIGITALOCEAN_ACCESS_TOKEN='your_access_token_here'
Replace your_access_token_here
with your actual Digital Ocean personal access token.
Follow these simple steps to obtain your SSH key ID from Digital Ocean:
curl -X GET -H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_ACCESS_TOKEN" \
"https://api.digitalocean.com/v2/account/keys"
- A Digital Ocean account.
- Digital Ocean Personal Access Token.
- SSH key added to your Digital Ocean account.
Clone the repository to your local machine:
git clone https://github.com/lwangenheim/cloud-city
Navigate to the Cloud City directory:
cd cloud-city
Before compiling the tool, open the configuration file or source code and replace the placeholder for the SSH key ID with the one you obtained from your Digital Ocean account.
Compile the tool with the following command:
go build -o cloud-city
./cloud-city
This will start up the proxies and create the tunnels, once those are complete you'll be able to use them. To gracefully shutdown the droplets and close the ssh connections you can type ctrl+c
and it will take care of it. Additionally it will remove the droplets from your known_hosts.
If you would like to contribute to the development of Cloud City, please read CONTRIBUTING.md
for the process for submitting pull requests to us.
- Hxfifty - Initial work - Inspired by the original cloud proxy tool by Tom Steel https://github.com/tomsteele/cloud-proxy.
This project is licensed under the MIT License - see the LICENSE.md
file for details.
- Hat tip to Tom Steele for the original cloud proxy concept.
- Gratitude to the Digital Ocean community for their excellent API and resources.
- Gratitude to ChatGPT that definitely didn't write this README.md file.