Habilidades aws-penetration-testing

🛡️

aws-penetration-testing

Name: aws-penetration-testing
Author: sickn33

Riesgo alto ⚙️ Comandos externos🌐 Acceso a red📁 Acceso al sistema de archivos🔑 Variables de entorno

Perform AWS Penetration Testing and Security Assessment

Organizations need to validate their AWS cloud security posture against real-world attack techniques. This skill provides authorized security teams with comprehensive methodologies for IAM enumeration, SSRF exploitation testing, S3 bucket assessment, and privilege escalation detection.

Soporta: Claude Codex Code(CC)

⚠️ 57 Deficiente

Descargar el ZIP de la skill

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

Activa y empieza a usar

Pruébalo

Usando "aws-penetration-testing". Enumerate current IAM identity and permissions

Resultado esperado:

Identity: arn:aws:iam::ACCOUNT:user/test-user
Attached Policies: AmazonS3ReadOnlyAccess, CloudWatchLogsReadOnly
Inline Policies: None
Escalation Risk: LOW - No privilege escalation permissions detected

Usando "aws-penetration-testing". Check S3 bucket public access configuration

Resultado esperado:

Bucket: company-assets
Public Access Block: Enabled
Bucket Policy: Denies public access
ACL: Bucket-owner-enforced
Status: SECURE - No public access vectors identified

Usando "aws-penetration-testing". Test metadata endpoint accessibility

Resultado esperado:

IMDS Version: IMDSv2 enabled
Token Required: Yes
Metadata Access: Protected
Status: SECURE - IMDSv2 token requirement prevents SSRF exploitation

Auditoría de seguridad

Riesgo alto

v1 • 2/24/2026

Static analysis detected 287 patterns across 2 files (881 lines). Most findings are FALSE POSITIVEs because files contain Markdown documentation (not executable code). However, content includes sensitive offensive security techniques (SSRF exploitation, privilege escalation, persistence mechanisms) requiring explicit authorization warnings. Recommend: publish with prominent authorization disclaimers and user acknowledgment requirements.

Archivos escaneados

881

Líneas analizadas

hallazgos

Auditorías totales

Problemas de riesgo alto (3)

SKILL.md:98-125

SSRF to AWS Metadata Endpoint Documentation

Skill documents SSRF exploitation technique targeting AWS Instance Metadata Service (IMDS). While educational for authorized testing, this technique can extract IAM role credentials from compromised EC2 instances. Static analyzer correctly identified metadata endpoint patterns (169.254.169.254).

SKILL.md:158-196

Privilege Escalation Techniques

Documents multiple AWS IAM privilege escalation paths including CreateAccessKey, AttachUserPolicy, and Lambda code injection. These are legitimate security testing techniques but require explicit authorization.

SKILL.md:129-136 SKILL.md:276-299

Credential Extraction Methods

Documents techniques for extracting credentials from Lambda environment variables, EBS volumes, and container metadata. Educational for defensive security but offensive in nature.

Problemas de riesgo medio (3)

SKILL.md:56-65 references/advanced-aws-pentesting.md:33-57

Static Analysis False Positives - External Commands

Static analyzer flagged 140 'external_commands' patterns. These are FALSE POSITIVEs - the patterns appear in Markdown code blocks (documentation), not executable scripts. Commands are educational examples for AWS CLI usage during authorized penetration testing.

references/advanced-aws-pentesting.md:225-227

Static Analysis False Positives - Cryptographic Patterns

Static analyzer flagged 'weak cryptographic algorithm' patterns. These are FALSE POSITIVEs - no actual cryptographic implementations exist. Pattern matches likely triggered on documentation text mentioning encryption concepts.

SKILL.md:158-184

Static Analysis False Positives - C2/Malware Keywords

Static analyzer flagged 'C2 keywords' and 'malware type keywords'. These are FALSE POSITIVEs - terms like 'backdoor' appear in educational security context (e.g., 'Lambda Backdooring' as a technique to detect/test for). No actual malware or C2 infrastructure present.

Problemas de riesgo bajo (2)

SKILL.md:39-43 SKILL.md:98-104

Hardcoded URLs and IP Addresses

Static analyzer flagged hardcoded URLs and IP addresses. These are FALSE POSITIVEs - URLs are AWS service endpoints (s3.amazonaws.com), documentation references (github.com), or AWS metadata IPs (169.254.169.254) documented for educational purposes.

SKILL.md:72-88

System Reconnaissance Commands

Static analyzer flagged reconnaissance patterns. These are standard AWS CLI commands (describe-instances, list-users) for authorized security auditing. Low risk in educational documentation context.

Factores de riesgo

⚙️ Comandos externos (3)

SKILL.md:39-44 SKILL.md:56-65 references/advanced-aws-pentesting.md:33-57

🌐 Acceso a red (3)

SKILL.md:98-124 SKILL.md:347-380 references/advanced-aws-pentesting.md:40-68

📁 Acceso al sistema de archivos (2)

SKILL.md:131 SKILL.md:286-288

🔑 Variables de entorno (1)

SKILL.md:383-385

Patrones detectados

AWS Credential Export PatternEBS Volume Mount for Credential ExtractionCloudTrail Disabling Techniques

Auditado por: claude

Puntuación de calidad

Arquitectura

100

Mantenibilidad

Contenido

Comunidad

Seguridad

Cumplimiento de la especificación

Lo que puedes crear

Authorized Red Team Engagement

Security consultants performing authorized penetration testing against client AWS environments to identify misconfigurations and privilege escalation paths before malicious actors exploit them.

Cloud Security Audit

Internal security teams assessing their organization's AWS security posture against known attack techniques to validate defensive controls and monitoring capabilities.

Security Research and Training

Security researchers and students learning AWS attack techniques in controlled lab environments (AWSGoat, CloudGoat) to improve defensive security skills.

Prueba estos prompts

Basic IAM Enumeration

Help me enumerate IAM permissions for the current AWS identity. I have authorized access and need to document what permissions this identity has. Start with sts get-caller-identity and show me how to list attached policies.

S3 Bucket Security Assessment

I need to assess S3 bucket configurations for public access vulnerabilities. Show me the AWS CLI commands to list buckets, check bucket policies, and identify publicly accessible objects in our authorized test environment.

SSRF to Metadata Testing

We're testing our web application for SSRF vulnerabilities that could access AWS metadata endpoints. Document the IMDSv1 and IMDSv2 techniques so we can verify our instance metadata protection controls are working.

Privilege Escalation Path Analysis

Analyze the IAM permissions we've enumerated and identify potential privilege escalation paths. Check for dangerous permissions like iam:CreateAccessKey, iam:AttachUserPolicy, and lambda:UpdateFunctionCode that could lead to admin access.

Mejores prácticas

Always obtain written authorization documenting scope, systems, and testing window before beginning any penetration testing activities
Enable CloudTrail logging before testing begins and preserve all logs for post-engagement analysis and client reporting
Use dedicated test credentials and avoid testing against production environments without explicit change approval and rollback procedures

Evitar

Never test AWS resources outside the authorized scope - unauthorized access violates computer crime laws even with good intentions
Do not disable security controls (CloudTrail, GuardDuty, Security Hub) permanently - temporary bypasses must be documented and restored
Avoid leaving persistent backdoors or access mechanisms after engagement completion - all test artifacts must be removed during cleanup

Preguntas frecuentes

What authorization do I need before using this skill?

You must have written authorization from the AWS account owner documenting: specific accounts/resources in scope, testing time window, approved techniques, and emergency contact procedures. Unauthorized testing violates AWS Acceptable Use Policy and computer crime laws.

Can this skill execute AWS commands automatically?

No. This skill provides guidance and documentation for AWS CLI commands. You must manually execute commands in your own terminal with your own credentials. The skill cannot access your AWS account directly.

Is it legal to test AWS services I don't own?

No. You may only test AWS resources you own or have explicit written authorization to test. AWS prohibits unauthorized penetration testing in their Acceptable Use Policy. Contact AWS Security for their penetration testing policy if testing AWS infrastructure.

What tools do I need to use this skill effectively?

Required: AWS CLI configured with credentials, Python 3, and boto3 library. Recommended: Pacu (AWS exploitation framework), Prowler or ScoutSuite (security auditing), enumerate-iam (permission enumeration). All tools should only be used in authorized environments.

How do I prevent GuardDuty alerts during testing?

GuardDuty will likely generate alerts during penetration testing. This is expected behavior. Coordinate with the security operations team to whitelist test activity or temporarily adjust alerting thresholds. Never disable GuardDuty without authorization.

What cleanup is required after testing?

Remove all created resources (IAM users, access keys, Lambda functions, EC2 instances). Delete any backdoored code or persistence mechanisms. Restore modified configurations. Document all changes made for client verification. Preserve testing logs for the final report.

Detalles del desarrollador

Autor

sickn33

Licencia

MIT

Repositorio

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/aws-penetration-testing

Ref.

main

Estructura de archivos

📁 references/

📄 advanced-aws-pentesting.md

📄 SKILL.md