# Install cloudfox with Homebrew, Nix

Automating situational awareness for cloud penetration tests. Version 2.0.5 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:cloudfox
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install cloudfox
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#cloudfox
```

  Evidence: nixpkgs package indexes: pkgs/by-name/cl/cloudfox/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:cloudfox
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/cloudfox>
- **Version:** 2.0.5
- **Source summary:** Automating situational awareness for cloud penetration tests
- **Homepage:** <https://bishopfox.com/blog/introducing-cloudfox>
- **Repository:** <https://github.com/BishopFox/cloudfox>
- **Upstream docs:** <https://github.com/BishopFox/cloudfox#readme>
- **License:** MIT
- **Source archive:** <https://github.com/BishopFox/cloudfox/archive/refs/tags/v2.0.5.tar.gz>
- **Last updated:** 2026-06-15T10:20:13-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- cloudfox (cli)
- cloudfox (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2.0.5
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/BishopFox/cloudfox
- Upstream latest detected: v2.0.5 (current)
## Project history and usage

CloudFox is Bishop Fox's open-source command-line tool for cloud penetration-test situational awareness. It began as an AWS-focused offensive-security enumerator and later grew into a multi-cloud tool covering AWS, Azure, and GCP.

### Project history

Bishop Fox introduced CloudFox in September 2022 as a way to turn repeated shell, JSON, and cloud-API enumeration work from cloud penetration tests into a portable CLI. The official tool page describes the inspiration as something like PowerView for cloud infrastructure: a set of enumeration commands that reveal practical attack paths.

The project kept the operational model simple for package users: a Go command-line executable with modular commands and GitHub-hosted documentation. By 2026, the CloudFox wiki described AWS, Azure, and GCP support, and Bishop Fox separately announced CloudFox GCP as a purpose-built module suite for Google Cloud attack-path identification.

### Adoption history

CloudFox's adoption is concentrated in cloud offensive-security and assessment workflows rather than general cloud administration. Bishop Fox materials present it as a tool used in cloud penetration tests, and the public GitHub project shows a specialist but visible user base, with packaged distribution through Homebrew and Nix recorded in the batch input.

### How it is used

Users run CloudFox from the terminal against cloud environments to enumerate identities, permissions, resources, and likely attack paths. The official wiki documents provider-specific command families, including AWS command help and examples, while the README frames the tool as situational awareness for unfamiliar cloud environments.

### Why package nerds care

For package-manager users, CloudFox is a good example of a modern security assessment tool shipped as a cross-platform Go CLI: it is easy to bottle, distribute, and keep close to upstream releases. Its value in Homebrew is that a practitioner can install a cloud-enumeration toolkit without cloning a repository or managing language-specific runtime setup.

### Timeline

- 2022: Bishop Fox introduced CloudFox as an AWS-focused cloud penetration-testing CLI.
- 2024: The GitHub wiki documented AWS command usage and examples.
- 2026: Bishop Fox announced CloudFox GCP, and the wiki described AWS, Azure, and GCP support.
- 2026: GitHub releases listed CloudFox 2.x builds for Linux, macOS, and Windows.

### Related projects

- CloudFox sits near other cloud security enumeration and attack-path projects, but its official materials particularly connect it to Bishop Fox's FoxMapper and to NCC Group's Principal Mapper, because CloudFox GCP can use graph-analysis data for privilege-escalation, lateral-movement, and data-exfiltration paths.

### Sources

- <https://bishopfox.com/blog/introducing-cloudfox>
- <https://bishopfox.com/tools/cloudfox-tool>
- <https://github.com/BishopFox/cloudfox#readme>
- <https://github.com/BishopFox/cloudfox/wiki>
- <https://bishopfox.com/blog/introducing-cloudfox-gcp-attack-path-identification-for-google-cloud>
- <https://github.com/BishopFox/cloudfox/releases>


## Security Notes

escape, surveillance, or offensive capability signal. infrastructure mutation or orchestration signal.

- **Geiger risk:** red / medium
- escape, surveillance, or offensive capability signal
- infrastructure mutation or orchestration signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** cloudfox
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - cloudfox: normalized package name match | nixpkgs package indexes: pkgs/by-name/cl/cloudfox/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [cliam](https://www.automicvault.com/pkg/brew/cliam/) - Shares av.db curated category or tags: aws, azure, cli, cloud-security, gcp.
- [yatas](https://www.automicvault.com/pkg/brew/yatas/) - Shares av.db curated category or tags: aws, cli, cloud-security, gcp, security.
- [principalmapper](https://www.automicvault.com/pkg/brew/principalmapper/) - Shares av.db curated category or tags: aws, cli, cloud-security, security.
- [cfripper](https://www.automicvault.com/pkg/brew/cfripper/) - Shares av.db curated category or tags: aws, cli, cloud-security, security.
- [cloudsplaining](https://www.automicvault.com/pkg/brew/cloudsplaining/) - Shares av.db curated category or tags: aws, cli, cloud-security, security.
- [lacework-cli](https://www.automicvault.com/pkg/brew/lacework-cli/) - Shares av.db curated category or tags: cli, cloud-security, security.
- [parliament](https://www.automicvault.com/pkg/brew/parliament/) - Shares av.db curated category or tags: aws, cli, cloud-security, security.
- [prowler](https://www.automicvault.com/pkg/brew/prowler/) - Shares av.db curated category or tags: cli, cloud-security, security.

## Combined YAML source

View the package source record on GitHub. [combined/cloudfox.yml](https://github.com/automic-vault/db/blob/main/combined/cloudfox.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
