Does it include support for external security frameworks?

Absolutely. The skill provides implementation patterns for industry-standard tools including Pacu, ScoutSuite, Prowler, and MicroBurst.

Can I use this for automated bucket discovery?

Yes, it includes patterns for S3, Blob, and GCS bucket enumeration, including unauthenticated access testing and common naming convention discovery.

How does this skill help with IAM security?

It identifies common misconfigurations such as overly permissive policies, allows for testing of 'PassRole' vulnerabilities, and provides commands to enumerate user permissions and attached policies.

Which cloud platforms are supported by this skill?

The skill provides specialized security guidance and exploitation patterns for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Is serverless security covered?

Yes, it includes techniques for enumerating and invoking AWS Lambda, Azure Functions, and GCP Cloud Functions to check for hardcoded secrets or insecure configurations.

Cloud Security Exploitation

Name: Cloud Security Exploitation
Author: trilwu

bytrilwu

0•

安全与测试

Identifies and exploits security misconfigurations across AWS, Azure, and GCP environments to harden cloud infrastructure.

This skill transforms Claude into a specialized cloud penetration testing assistant, offering expert guidance on assessing and exploiting vulnerabilities within major cloud platforms. It provides a comprehensive methodology for enumerating S3/Blob storage, discovering IAM privilege escalation paths, and abusing metadata services via SSRF. By providing platform-specific CLI commands and integration patterns for tools like Pacu and MicroBurst, it helps security professionals identify critical risks like publicly exposed data, over-permissive policies, and unencrypted snapshots across AWS, Azure, and Google Cloud.

主要功能

01Workflow integration for security tools like ScoutSuite, Prowler, and Pacu

02Comprehensive enumeration for AWS S3, Azure Blobs, and GCP Storage buckets

03Security assessment of serverless functions and cloud-native databases

04Detection of IAM and RBAC privilege escalation vulnerabilities

050 GitHub stars

06Guidance on exploiting Cloud Metadata Services and Instance Metadata (IMDS)

使用场景

01Conducting automated security audits for multi-cloud environments

02Hunting for sensitive data exposure in publicly accessible cloud storage

03Simulating real-world cloud attacks to identify IAM policy weaknesses

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trilwu/secskills cloud-security

For use in Claude.ai and ChatGPT

Download Skill