Skills cloud-penetration-testing

☁️

cloud-penetration-testing

Name: cloud-penetration-testing
Author: sickn33

Low Risk ⚙️ External commands🌐 Network access📁 Filesystem access

Perform Cloud Security Assessment

Security professionals need comprehensive cloud penetration testing capabilities across Azure, AWS, and GCP environments. This skill provides structured workflows for reconnaissance, enumeration, exploitation, and persistence testing with clear authorization requirements.

Supports: Claude Codex Code(CC)

⚠️ 60 Poor

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "cloud-penetration-testing". Enumerate AWS S3 buckets and check for public access

Expected outcome:

Returns list of S3 buckets with access controls, identifies publicly accessible buckets, provides remediation recommendations for misconfigurations

Using "cloud-penetration-testing". Check Azure AD for users with password in attributes

Expected outcome:

Returns Azure AD users with sensitive data in attributes, shows which properties contain potential secrets

Using "cloud-penetration-testing". Access GCP metadata service for credential discovery

Expected outcome:

Returns GCP service account tokens and metadata from compromised compute instance

Security Audit

Low Risk

v1 • 2/25/2026

This skill contains cloud penetration testing commands and scripts commonly used in authorized security assessments. Static analysis flagged external command execution, network access, and metadata endpoint patterns - all standard elements of legitimate cloud security testing. The skill includes clear authorization requirements and is designed for security professionals. Findings are false positives in this context as they represent standard pen testing techniques for Azure, AWS, and GCP.

Files scanned

826

Lines analyzed

findings

Total audits

High Risk Issues (4)

SKILL.md:20-36 SKILL.md:80-98 SKILL.md:143-174 SKILL.md:253-269 SKILL.md:275-286 SKILL.md:337-395 SKILL.md:443-475 references/advanced-cloud-scripts.md:9-130 references/advanced-cloud-scripts.md:148-190

External Command Execution

Skill contains numerous external command invocations using shell backticks and system() calls. These execute AWS CLI, Azure CLI, and GCP commands for security testing purposes. This is standard penetration testing practice but could be misused.

SKILL.md:263-268 SKILL.md:339-342 SKILL.md:383 SKILL.md:401-402 references/advanced-cloud-scripts.md:120-124

Cloud Metadata Service Access

Skill contains commands to access AWS, Azure, and GCP metadata endpoints (169.254.169.254). This is standard cloud security assessment technique for checking instance credentials and configuration.

SKILL.md:440-451 SKILL.md:181 references/advanced-cloud-scripts.md:242-272

Password Spraying Scripts

Skill contains password spraying tools and scripts for testing credential strength. This is a legitimate security testing technique but could be weaponized for brute force attacks.

SKILL.md:169-174 SKILL.md:259-261 SKILL.md:353-356 SKILL.md:295 SKILL.md:477

Credential Access Techniques

Skill demonstrates techniques for accessing credentials from cloud services including Key Vault secrets, Lambda environment variables, and user data. This is standard cloud security assessment.

Medium Risk Issues (2)

SKILL.md:44-74 SKILL.md:100-143 SKILL.md:215-247 SKILL.md:427

Network Reconnaissance

Skill includes network enumeration commands for cloud resources. This is standard reconnaissance for security assessments.

SKILL.md:353-356 SKILL.md:67 SKILL.md:464

Filesystem Access

Skill contains filesystem access commands for credential discovery. This is standard post-exploitation technique in authorized assessments.

Low Risk Issues (1)

SKILL.md:176-197 SKILL.md:271-286

Persistence Techniques

Skill documents persistence techniques like creating service principals and backdoor accounts. These are standard post-exploitation techniques documented for authorized assessments.

Risk Factors

⚙️ External commands (114)

🌐 Network access (50)

📁 Filesystem access (5)

SKILL.md:354 SKILL.md:67 SKILL.md:354 SKILL.md:354 SKILL.md:464

Detected Patterns

Code Execution + Network + Credentials

Audited by: claude

Quality Score

Architecture

100

Maintainability

Content

Community

Security

Spec Compliance

What You Can Build

Security Consultant Conducting AWS Assessment

Perform comprehensive AWS security assessment including S3 bucket enumeration, IAM role analysis, and EC2 instance testing

Blue Team Member Testing Defenses

Validate organization's cloud security controls by simulating attacker techniques

DevSecOps Engineer Hardening Cloud Infrastructure

Identify and remediate cloud misconfigurations before attackers can exploit them

Try These Prompts

Basic AWS Enumeration

Use the cloud-penetration-testing skill to enumerate AWS resources. List all S3 buckets, EC2 instances, and IAM users accessible with current credentials. Run: aws sts get-caller-identity first to check authentication.

Azure AD User Discovery

Use the cloud-penetration-testing skill to enumerate Azure AD users and groups. List all users, groups, and role assignments. Check for users with password in attributes.

GCP Project Assessment

Use the cloud-penetration-testing skill to assess GCP security. List enabled services, compute instances, storage buckets, and IAM policies. Check for overly permissive service accounts.

Comprehensive Cloud Audit

Use the cloud-penetration-testing skill to perform a comprehensive multi-cloud security assessment covering AWS, Azure, and GCP. Document all findings with remediation recommendations.

Best Practices

Always obtain written authorization before testing any cloud environment
Document all testing activities and findings for compliance
Use read-only enumeration techniques first before attempting exploitation
Respect scope boundaries and do not access systems outside authorization

Avoid

Running penetration tests without proper authorization
Testing production systems without notification to operations team
Attempting to access customer data in multi-tenant environments
Ignoring detection and alerting mechanisms during testing

Frequently Asked Questions

Does this skill work with multi-factor authentication?

MFA can limit some attack techniques. The skill documents alternative authentication methods but these require specific conditions to succeed.

Can this skill bypass cloud security controls?

No. This skill provides testing techniques that work within the capabilities of the provided credentials. Properly secured environments will block unauthorized access.

Is password spraying included?

The skill references password spraying tools for credential validation testing. This requires explicit authorization and should only be used in authorized assessments.

Does this skill work offline?

No. Cloud penetration testing requires network access to cloud provider APIs and metadata endpoints.

Can I use this for internal security testing?

Yes, with proper written authorization from the environment owner. Always document the scope and rules of engagement.

What cloud providers are supported?

Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) are all covered with specific techniques for each.