What tools does this skill integrate with?

The skill provides guidance and commands for industry-standard tools including Pacu, Prowler, ScoutSuite, SkyArk, and Principal Mapper.

Is this skill intended for production environments?

This skill is for security testing and auditing. You must obtain written authorization before testing any environment and follow the provided constraints to avoid disrupting production data.

Can this skill help with IMDSv2 metadata attacks?

Yes, it includes specific workflows for retrieving tokens and accessing the metadata service under the more secure IMDSv2 configuration.

Does this skill require specific AWS permissions?

Yes, to perform enumeration and testing, you need the AWS CLI configured with valid credentials, though the skill specializes in identifying what can be done with even low-privilege access.

AWS Penetration Testing

Name: AWS Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

Security & Testing

Performs comprehensive security assessments and penetration testing workflows for AWS cloud infrastructure.

This skill provides a structured methodology for auditing and testing Amazon Web Services environments. It guides users through initial enumeration, IAM permission analysis, and the discovery of privilege escalation paths like 'Shadow Admin' roles. It includes specific techniques for exploiting metadata SSRF (IMDSv1/v2), auditing S3 bucket permissions, extracting Lambda source code, and identifying persistence mechanisms, making it an essential companion for red team operations and security audits.

Key Features

01Security auditing integration with Prowler, ScoutSuite, and Pacu

020 GitHub stars

03S3 bucket discovery and automated permission auditing

04Metadata SSRF exploitation for EC2 and Fargate (IMDSv1 & IMDSv2)

05Lambda and EC2 exploitation including code extraction and EBS mounting

06Comprehensive IAM enumeration and privilege escalation discovery

Use Cases

01Validating the effectiveness of AWS security controls and GuardDuty alerts

02Red team engagements targeting cloud-native AWS environments

03Internal security audits to identify IAM misconfigurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Security auditing integration with Prowler, ScoutSuite, and Pacu

020 GitHub stars

03S3 bucket discovery and automated permission auditing

04Metadata SSRF exploitation for EC2 and Fargate (IMDSv1 & IMDSv2)

05Lambda and EC2 exploitation including code extraction and EBS mounting

06Comprehensive IAM enumeration and privilege escalation discovery

Use Cases

01Validating the effectiveness of AWS security controls and GuardDuty alerts

02Red team engagements targeting cloud-native AWS environments

03Internal security audits to identify IAM misconfigurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front aws-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill