← ClaudeAtlas

pentest-cloudlisted

Cloud security pentest — AWS/Azure/GCP IAM analysis, lateral path, container escape pattern, serverless abuse advisory. Triggers on cloud pentest, AWS, Azure, GCP, IAM, S3 misconfig, EC2 metadata, Azure AD, GCP IAM, Pacu, ScoutSuite, Prowler, CloudGoat.
fatihkan/badi · ★ 5 · DevOps & Infrastructure · score 76
Install: claude install-skill fatihkan/badi
# pentest-cloud AWS / Azure / GCP pentest methodology. IAM lateral path, public asset enum, container escape pattern. ## Triggers - "AWS pentest" - "Azure AD test" - "GCP IAM enum" - "S3 public bucket" - "EC2 metadata abuse" - "IMDSv2 bypass" - "Pacu / ScoutSuite / Prowler usage" ## Cloud-Provider Specific ### AWS | Attack Surface | Test | |----------------|------| | S3 public read/write | `aws s3 ls s3://<bucket> --no-sign-request` | | EC2 IMDSv1 | `curl http://169.254.169.254/latest/meta-data/iam/security-credentials/` | | Lambda env leak | Lambda invoke + env var dump | | IAM privilege esc | iam:CreateAccessKey, iam:AttachUserPolicy, sts:AssumeRole | | CloudTrail bypass | sts:GetSessionToken (logged as user, not source) | | Misconfigured IAM | `*` action on `*` resource | | Cross-account roles | external Principal "arn:aws:iam::OTHER:root" | | Resource policy | S3 bucket policy with `"Principal": "*"` | | SSM RunCommand | EC2 to OS via SSM session manager | ### Azure | Attack Surface | Test | |----------------|------| | Anonymous storage container | `https://<acc>.blob.core.windows.net/<container>?restype=container&comp=list` | | Azure AD enumeration | UserList API anonymous | | Service Principal abuse | Excessive RBAC role assignment | | Managed Identity | VM -> token endpoint -> assume role | | Azure DevOps PAT | Repo scan for PAT in code | | Key Vault | RBAC misconfig, public access | ### GCP | Attack Surface | Test | |----------------|------| | GCS public buc