There is a current issue with docker version, will fix asap
Cloud Adversary Simulation Tools for ARM Architecture
Installation β’ Features β’ Tools β’ Usage β’ Contributing
CPTF ARM Edition is a comprehensive setup script that brings a powerful cloud pentesting toolkit to ARM64 devices, including Apple Silicon Macs. This script automates the installation of 40+ cloud security testing tools optimized for AWS, Azure, GCP, and multi-cloud environments.
- π» Security professionals using Apple Silicon MacBooks (M1/M2/M3)
- βοΈ Cloud penetration testers on ARM-based systems
- π΄ Red teams requiring portable cloud testing environments
- π§ DevSecOps teams on ARM infrastructure
- π¬ Researchers using Raspberry Pi or ARM servers
- ποΈ ARM-Native Installation - Optimized for ARM64 architecture with automatic detection
- βοΈ Complete Cloud Coverage - Tools for AWS, Azure, GCP, and multi-cloud environments
- π¦ 40+ Security Tools - Comprehensive suite of enumeration, exploitation, and post-exploitation tools
- π§ Automated Setup - Single script installation with dependency management
- π¨ Organized Structure - Tools categorized by cloud provider and attack phase
- β‘ Performance Optimized - Native ARM binaries where available, source compilation fallback
- π Environment Templates - Pre-configured templates for cloud credentials
- ARM64/aarch64 Linux system (Ubuntu, Debian, Kali, or compatible)
- Minimum 16GB RAM recommended (8GB minimum)
- 20GB+ free disk space
- Internet connection
- sudo privileges
# Clone the repository
git clone https://github.com/ai-redteam/CPTF-arm.git
cd CPTF-arm
# Make the script executable
chmod +x cptf-arm.sh
# Run the installation
sudo ./cptf-arm.shAfter the script finishes, you must perform the following steps to use the tools:
To enable the new commands and aliases, either close and re-open your terminal or run:
source ~/.bashrcA template file has been created in your home directory to manage API keys.
# Edit the credentials file
nano ~/cloud-env.shUncomment the lines for the cloud provider you are testing and add your keys.
Before running any tools, source the file to load your keys as environment variables.
source ~/cloud-env.shNote: You will need to do this for every new terminal session.
The Docker installation provides a clean, isolated environment without modifying your host system.
- Docker Engine 20.10+ with ARM64 support
- 8GB RAM recommended (4GB minimum)
- 15GB free disk space
# Clone the repository
git clone https://github.com/ai-redteam/cptf-arm.git
cd cptf-arm
# Build the image
docker build -t cptf-arm .
# Run the container
docker run -it --name cptf cptf-arm# Start with docker-compose
docker-compose up -d
# Access the container
docker exec -it cptf-arm bash
# Stop and remove
docker-compose down# Run with persistent credentials
docker run -it \
-v ~/.aws:/root/.aws:ro \
-v ~/.azure:/root/.azure:ro \
-v ~/gcp-creds:/root/gcp:ro \
-v ~/cptf-data:/data \
cptf-armCreate a .env file for docker-compose:
AWS_ACCESS_KEY_ID=your_key
AWS_SECRET_ACCESS_KEY=your_secret
AZURE_CLIENT_ID=your_client_id
AZURE_TENANT_ID=your_tenant_id# Run specific tool
docker exec -it cptf-arm pacu
# Update container
docker pull cptf-arm:latest
docker-compose restart
# View logs
docker logs cptf-arm
# Clean up
docker-compose down -vπ‘ Tip: The Docker method provides isolation, easy cleanup, and consistent environments across different systems. All tools are pre-installed and configured in
/opt/{aws,azure,gcp,multi-cloud}/.
| Tool | Description | Category |
|---|---|---|
| AWS CLI v2 | Official AWS command-line interface | Management |
| Pacu | AWS exploitation framework | Exploitation |
| CloudMapper | Analyze AWS environments | Enumeration |
| weirdAAL | AWS Attack Library | Enumeration |
| AWS Consoler | Convert AWS credentials to console access | Exploitation |
| Endgame | AWS Pentesting Library | Post-Exploitation |
| CloudCopy | Cloud bucket exploitation | Exploitation |
| CloudJack | Route53/CloudFront hijacking | Exploitation |
| CredKing | Password spraying | Exploitation |
| Redboto | Red team scripts for AWS | Exploitation |
| Tool | Description | Category |
|---|---|---|
| Azure CLI | Official Azure command-line interface | Management |
| AzureHound | Azure AD reconnaissance | Enumeration |
| MicroBurst | Azure security assessment scripts | Exploitation |
| ROADtools | Azure AD exploration framework | Enumeration |
| PowerUpSQL | SQL Server assessment toolkit | Post-Exploitation |
| AADInternals | Azure AD administration | Exploitation |
| TeamFiltration | Teams enumeration and exfiltration | Exploitation |
| TokenTactics | Azure token manipulation | Exploitation |
| MFASweep | MFA bypass testing | Exploitation |
| Tool | Description | Category |
|---|---|---|
| gcloud CLI | Official Google Cloud CLI | Management |
| GCPBucketBrute | Enumerate GCP buckets | Enumeration |
| GCP IAM Privilege Escalation | Escalate GCP IAM privileges | Post-Exploitation |
| Hayat | Google Cloud Platform Auditor | Enumeration |
| GCPTokenReuse | GCP token reuse attacks | Exploitation |
| Tool | Description | Category |
|---|---|---|
| ScoutSuite | Multi-cloud security auditing | Enumeration |
| Impacket | Network protocol manipulation | Exploitation |
| CloudEnum | Multi-cloud OSINT | Enumeration |
| Cartography | Infrastructure asset inventory | Enumeration |
| PurplePanda | Multi-cloud privilege escalation | Post-Exploitation |
| Responder | LLMNR/NBT-NS/MDNS poisoner | Exploitation |
| Gitleaks | Secret scanning | Enumeration |
/opt/
βββ aws/
β βββ enumeration/
β βββ exploitation/
β βββ post-exploitation/
βββ azure/
β βββ enumeration/
β βββ exploitation/
β βββ post-exploitation/
βββ gcp/
β βββ enumeration/
β βββ exploitation/
β βββ post-exploitation/
βββ multi-cloud/
βββ enumeration/
βββ exploitation/
βββ post-exploitation/
Use the built-in launchers and aliases for fast access to common tools.
# Get a list of primary tool commands
cptf-help
# Launch specific tools directly
pacu # Starts the Pacu AWS exploitation framework
scoutsuite # Runs the ScoutSuite multi-cloud scannerYou can also list all installed tools for a specific cloud provider:
# List tools by provider
aws-tools
azure-tools
gcp-tools
multi-toolsFor tools that don't have a dedicated launcher, you can run them by activating their isolated Python environment.
Example: Running CloudMapper
# 1. Navigate to the tool's directory
cd /opt/aws/enumeration/cloudmapper
# 2. Activate its virtual environment
source venv/bin/activate
# 3. Run the tool according to its documentation
python3 cloudmapper.py --help
# 4. Deactivate the environment when finished
deactivate- macOS on Apple Silicon (M1/M2/M3) via Linux VM
- Ubuntu 22.04 ARM64
- Debian 11/12 ARM64
- Kali Linux ARM64
- Raspberry Pi OS (64-bit)
- Some tools may have reduced functionality on ARM compared to x86_64
- Binary-only tools without ARM support require manual workarounds
- PowerShell modules may have compatibility issues
We welcome contributions! Please see our CONTRIBUTING.md for details.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Found a bug or have a suggestion? Please open an issue with:
- Your ARM device/platform details
- Error messages or logs
- Steps to reproduce the issue
β οΈ IMPORTANT: This toolkit is designed for authorized security testing only.
Users must:
- Only use these tools on systems you own or have explicit permission to test
- Comply with all applicable laws and regulations
- Understand that misuse may result in criminal charges
- Use VPNs and isolated environments when appropriate
This project is licensed under the MIT License - see the LICENSE file for details.
- RedCloud OS Team for the original tool collection
- Parrot Security for the base OS inspiration
- All tool authors and maintainers listed above
- The ARM and Apple Silicon community for testing and feedback
Made with β€οΈ for the ARM Security Community