What tools does this skill integrate with?

The skill provides guidance and commands for industry-standard tools including Pacu, Prowler, ScoutSuite, SkyArk, and Principal Mapper.

Is this skill intended for production environments?

This skill is for security testing and auditing. You must obtain written authorization before testing any environment and follow the provided constraints to avoid disrupting production data.

Can this skill help with IMDSv2 metadata attacks?

Yes, it includes specific workflows for retrieving tokens and accessing the metadata service under the more secure IMDSv2 configuration.

Does this skill require specific AWS permissions?

Yes, to perform enumeration and testing, you need the AWS CLI configured with valid credentials, though the skill specializes in identifying what can be done with even low-privilege access.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Performs comprehensive security assessments and penetration testing workflows for AWS cloud infrastructure.

关于

This skill provides a structured methodology for auditing and testing Amazon Web Services environments. It guides users through initial enumeration, IAM permission analysis, and the discovery of privilege escalation paths like 'Shadow Admin' roles. It includes specific techniques for exploiting metadata SSRF (IMDSv1/v2), auditing S3 bucket permissions, extracting Lambda source code, and identifying persistence mechanisms, making it an essential companion for red team operations and security audits.

主要功能

Security auditing integration with Prowler, ScoutSuite, and Pacu
0 GitHub stars
S3 bucket discovery and automated permission auditing
Metadata SSRF exploitation for EC2 and Fargate (IMDSv1 & IMDSv2)
Lambda and EC2 exploitation including code extraction and EBS mounting
Comprehensive IAM enumeration and privilege escalation discovery

使用场景

Validating the effectiveness of AWS security controls and GuardDuty alerts
Red team engagements targeting cloud-native AWS environments
Internal security audits to identify IAM misconfigurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于