Automic VaultAutomic Vault

brew

Install cloudfox with Homebrew, Nix

Automating situational awareness for cloud penetration tests. Version 2.0.5 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install cloudfox

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#cloudfox

nixpkgs package indexes · pkgs/by-name/cl/cloudfox/package.nix · source: api.github.com

overview

Package summary

Automating situational awareness for cloud penetration tests

Commands and aliases

  • cloudfox

history

Project history and usage

CloudFox is Bishop Fox's open-source command-line tool for cloud penetration-test situational awareness. It began as an AWS-focused offensive-security enumerator and later grew into a multi-cloud tool covering AWS, Azure, and GCP.

Project history

Bishop Fox introduced CloudFox in September 2022 as a way to turn repeated shell, JSON, and cloud-API enumeration work from cloud penetration tests into a portable CLI. The official tool page describes the inspiration as something like PowerView for cloud infrastructure: a set of enumeration commands that reveal practical attack paths.

The project kept the operational model simple for package users: a Go command-line executable with modular commands and GitHub-hosted documentation. By 2026, the CloudFox wiki described AWS, Azure, and GCP support, and Bishop Fox separately announced CloudFox GCP as a purpose-built module suite for Google Cloud attack-path identification.

Adoption history

CloudFox's adoption is concentrated in cloud offensive-security and assessment workflows rather than general cloud administration. Bishop Fox materials present it as a tool used in cloud penetration tests, and the public GitHub project shows a specialist but visible user base, with packaged distribution through Homebrew and Nix recorded in the batch input.

How it is used

Users run CloudFox from the terminal against cloud environments to enumerate identities, permissions, resources, and likely attack paths. The official wiki documents provider-specific command families, including AWS command help and examples, while the README frames the tool as situational awareness for unfamiliar cloud environments.

Why package nerds care

For package-manager users, CloudFox is a good example of a modern security assessment tool shipped as a cross-platform Go CLI: it is easy to bottle, distribute, and keep close to upstream releases. Its value in Homebrew is that a practitioner can install a cloud-enumeration toolkit without cloning a repository or managing language-specific runtime setup.

Timeline

  • 2022: Bishop Fox introduced CloudFox as an AWS-focused cloud penetration-testing CLI.
  • 2024: The GitHub wiki documented AWS command usage and examples.
  • 2026: Bishop Fox announced CloudFox GCP, and the wiki described AWS, Azure, and GCP support.
  • 2026: GitHub releases listed CloudFox 2.x builds for Linux, macOS, and Windows.

Related projects

  • CloudFox sits near other cloud security enumeration and attack-path projects, but its official materials particularly connect it to Bishop Fox's FoxMapper and to NCC Group's Principal Mapper, because CloudFox GCP can use graph-analysis data for privilege-escalation, lateral-movement, and data-exfiltration paths.

security posture

Risk level: red

escape, surveillance, or offensive capability signal. infrastructure mutation or orchestration signal.

Risk classifier

red risk · medium confidence · escape-surveillance-offensive

Why

  • escape, surveillance, or offensive capability signal
  • infrastructure mutation or orchestration signal

Signals

  • text:cloud
  • text:penetration

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
cloudfoxcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.0.5
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv2.0.5

https://github.com/BishopFox/cloudfox

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:cloudfox
Version2.0.5
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/cloudfox
Homepagehttps://bishopfox.com/blog/introducing-cloudfox
Repositoryhttps://github.com/BishopFox/cloudfox
Upstream docshttps://github.com/BishopFox/cloudfox#readme
LicenseMIT
Source archivehttps://github.com/BishopFox/cloudfox/archive/refs/tags/v2.0.5.tar.gz
Last updated2026-06-15T10:20:13-04:00
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecloudfox
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

cloudfox

nix profile install nixpkgs#cloudfox
  • normalized package name match
  • Matched by: Cloudfox
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/cl/cloudfox/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment