What tools does this AWS Penetration Testing skill support?

It provides integrated workflows for industry-standard tools including Pacu, Prowler, ScoutSuite, SkyArk, and Principal Mapper for comprehensive cloud auditing.

Does it support both IMDSv1 and IMDSv2 for metadata attacks?

Yes, the skill includes detailed commands for extracting credentials from both the original IMDSv1 and the more secure, token-based IMDSv2 metadata endpoints.

Is this skill intended for production environments?

This skill is for authorized security testing only. Users must obtain written authorization before performing any penetration testing or security assessment on AWS resources.

Can this skill help detect IAM privilege escalation?

Yes, it specifically identifies 'Shadow Admin' permissions such as iam:CreateAccessKey or iam:PassRole that allow users to escalate their privileges to Administrator.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

보안 및 테스팅

Performs comprehensive security assessments and penetration testing on Amazon Web Services infrastructure to identify vulnerabilities and privilege escalation paths.

소개

The AWS Penetration Testing skill provides a standardized framework for security professionals to audit and exploit Amazon Web Services environments. It guides users through critical security workflows including IAM enumeration, identifying 'Shadow Admin' permissions, performing SSRF attacks against EC2 metadata endpoints (IMDSv1 and v2), and exploiting misconfigured S3 buckets. Whether you are conducting a red team engagement or a routine security audit, this skill offers the specific commands and tool integrations needed to discover, document, and remediate cloud infrastructure risks.

주요 기능

Comprehensive IAM enumeration and privilege escalation path discovery
Secure S3 bucket discovery and permission auditing
EC2 and SSM command execution for lateral movement and persistence
0 GitHub stars
Lambda function code extraction and injection techniques
Automated metadata service (IMDSv1/v2) SSRF exploitation workflows

사용 사례

Conducting professional red team engagements or security audits on cloud-native environments.
Verifying the effectiveness of AWS security controls and GuardDuty monitoring via simulated attacks.
Identifying and remediating 'Shadow Admin' IAM permissions before they are exploited by attackers.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개