How does it handle IMDSv2?

The skill includes specific commands for handling the token-based requirements of Instance Metadata Service Version 2 (IMDSv2) when testing for SSRF vulnerabilities.

What is the AWS Penetration Testing skill for?

It provides specialized guidance and commands for conducting security assessments, IAM audits, and ethical hacking within AWS environments.

Is it safe to use on production environments?

This skill is designed for authorized security testing; users must have written permission and follow strict constraints to avoid disrupting production services.

Does this skill require specific tools?

Yes, it leverages common industry tools like the AWS CLI, Pacu, Prowler, ScoutSuite, and enumerate-iam to perform security tasks.

Can this skill help with privilege escalation?

Absolutely; it includes detailed workflows for identifying 'Shadow Admin' permissions and exploiting misconfigured IAM policies to gain higher access.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: zebbern

byzebbern

•

2,883

Security & Testing

Conducts thorough security assessments and ethical hacking operations within Amazon Web Services environments.

About

This skill empowers Claude to guide users through complex AWS security audits and penetration tests, covering critical areas like IAM privilege escalation, S3 bucket enumeration, and Metadata SSRF exploitation. It provides structured workflows for identifying vulnerabilities, extracting credentials, and testing cloud infrastructure resilience using industry-standard tools like Pacu and Prowler. Whether you're performing a red team operation or a security audit, this skill offers the specific commands and methodologies needed to secure or evaluate AWS resources effectively.

Key Features

Automated AWS metadata SSRF (IMDSv1 and IMDSv2) exploitation workflows
2,883 GitHub stars
S3 bucket discovery, enumeration, and data exfiltration techniques
IAM privilege escalation path discovery and permission enumeration
Comprehensive guidance for using security tools like Pacu, Prowler, and ScoutSuite
Lambda function exploitation and malicious code injection patterns

Use Cases

Conducting authorized red team exercises on AWS infrastructure
Auditing IAM policies for Shadow Admin permissions and security gaps
Simulating real-world cloud attacks to test incident response and monitoring

About

Key Features

Automated AWS metadata SSRF (IMDSv1 and IMDSv2) exploitation workflows
2,883 GitHub stars
S3 bucket discovery, enumeration, and data exfiltration techniques
IAM privilege escalation path discovery and permission enumeration
Comprehensive guidance for using security tools like Pacu, Prowler, and ScoutSuite
Lambda function exploitation and malicious code injection patterns

Use Cases

Conducting authorized red team exercises on AWS infrastructure
Auditing IAM policies for Shadow Admin permissions and security gaps
Simulating real-world cloud attacks to test incident response and monitoring