What tools does this AWS Penetration Testing skill utilize?

The skill leverages popular security tools including Pacu, Prowler, ScoutSuite, SkyArk, and the AWS CLI to perform deep security assessments.

Can this skill help identify IAM misconfigurations?

Yes, it specifically focuses on IAM enumeration to find over-privileged users, 'Shadow Admins', and complex paths to AdministratorAccess.

Are there built-in safeguards for using this skill?

The skill includes explicit constraints requiring written authorization, scoped testing, and the documentation of all actions to ensure ethical and legal compliance.

Can I use this for Lambda and S3 security audits?

Absolutely. It contains dedicated sections for extracting Lambda source code and enumerating S3 bucket permissions to identify data exposure risks.

Does it support testing for both IMDSv1 and IMDSv2?

Yes, it provides specific commands and workflows to test for SSRF vulnerabilities against both the original and the token-secured version of the EC2 Instance Metadata Service.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

•

安全与测试

Conducts comprehensive security audits and penetration testing on Amazon Web Services environments to identify vulnerabilities and privilege escalation paths.

This skill provides a structured framework for security professionals and developers to assess the security posture of AWS cloud infrastructure. It guides users through initial enumeration, IAM permission analysis, and the exploitation of common vulnerabilities like SSRF on EC2 metadata, S3 bucket misconfigurations, and Lambda code extraction. By integrating industry-standard tools like Pacu, Prowler, and ScoutSuite, it helps identify 'Shadow Admin' permissions and potential lateral movement paths within a cloud environment, facilitating proactive defense through rigorous red-team simulation.

主要功能

01EC2 Metadata Service (IMDSv1 and IMDSv2) SSRF exploitation workflows

021 GitHub stars

03Automated IAM enumeration and Shadow Admin permission discovery

04S3 bucket discovery and misconfiguration assessment

05Integration with security tools like Pacu, Prowler, and SkyArk

06Lambda function code extraction and privilege escalation techniques

使用场景

01Testing cloud-native applications for vulnerabilities that could lead to resource compromise

02Conducting professional red-team engagements and security audits on AWS infrastructure

03Identifying and remediating IAM privilege escalation paths before they are exploited

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill