Does it cover the latest AWS Metadata Service (IMDSv2)?

Yes, the skill provides specific commands and logic for both the traditional IMDSv1 and the more secure, token-based IMDSv2.

What tools does this skill support for AWS testing?

It provides comprehensive guidance for industry-standard tools including Pacu, Prowler, ScoutSuite, SkyArk, and Principal Mapper.

Is this skill suitable for defensive security audits?

Absolutely. While framed for penetration testing, it is an excellent resource for security architects to identify and remediate configuration weaknesses before they are exploited.

Can this skill help identify IAM privilege escalation?

Yes, it includes specific workflows for discovering 'Shadow Admin' permissions and techniques to escalate from low-privilege keys to administrator access.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

보안 및 테스팅

Executes comprehensive security assessments and penetration testing workflows across Amazon Web Services environments.

This skill provides a structured framework for red team operations and security audits within AWS cloud infrastructure. It guides users through initial enumeration, IAM privilege escalation discovery, metadata SSRF exploitation, and resource-specific attacks on services like S3, Lambda, and EC2. By leveraging industry-standard tools and proven methodology, it helps security professionals identify vulnerabilities, extract credentials, and test the resilience of cloud environments against sophisticated threats.

주요 기능

01IAM permission enumeration and privilege escalation discovery

020 GitHub stars

03Persistence mechanism identification and track-covering techniques

04Automated security auditing workflows using Pacu and Prowler

05EC2 Instance Metadata Service (IMDSv1/v2) SSRF exploitation guides

06Resource-specific exploitation for S3, Lambda, and SSM

사용 사례

01Conducting formal red team engagements against AWS cloud infrastructure

02Auditing IAM policies to identify 'Shadow Admin' and over-privileged accounts

03Testing web applications for SSRF vulnerabilities leading to cloud credential theft

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill