Get the FREE Ultimate OpenClaw Setup Guide →

pentest-cloud-auditor

npx machina-cli add skill 0x-Professor/Agent-Skills-Hub/pentest-cloud-auditor --openclaw
Files (1)
SKILL.md
1.3 KB

Pentest Cloud Auditor

Stage

  • PTES: 5-6
  • MITRE: TA0007

Objective

Identify cloud privilege escalation and exposure misconfiguration pathways.

Required Workflow

  1. Validate scope before any active action and reject out-of-scope targets.
  2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
  3. Write findings in canonical finding_schema format with reproducible PoC notes.
  4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
  5. Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-cloud-auditor/scripts/cloud_auditor.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

  • cloud-misconfigs.json
  • cloud-privesc-paths.json
  • cloud-report.json

References

  • references/tools.md
  • skills/autonomous-pentester/shared/scope_schema.json
  • skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Source

git clone https://github.com/0x-Professor/Agent-Skills-Hub/blob/main/skills/pentest-cloud-auditor/SKILL.mdView on GitHub

Overview

Pentest Cloud Auditor assesses IAM privilege escalation and cloud exposure misconfigurations across AWS, Azure, and GCP. It validates scope, performs authorized checks, and records reproducible PoCs in a canonical finding schema. Outputs are deterministic artifacts for downstream skills.

How This Skill Works

The tool validates the engagement scope, then runs authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK. It outputs cloud-misconfigs.json, cloud-privesc-paths.json, and cloud-report.json, and supports dry-run or explicit live authorization via --i-have-authorization.

When to Use It

  • During a structured cloud security assessment to identify IAM escalation paths in AWS, Azure, or GCP
  • Before deploying new cloud workloads to catch misconfigurations that could expose services or keys
  • In red-team exercises with proper written authorization to simulate privilege escalation
  • As part of IAM hardening and access control reviews to verify least privilege
  • During compliance audits referencing PTES, MITRE ATT&CK, and NIST SP 800-115

Quick Start

  1. Step 1: Run the auditor in dry-run mode with a scope file: python skills/pentest-cloud-auditor/scripts/cloud_auditor.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
  2. Step 2: If authorized, re-run with explicit live authorization: add --i-have-authorization
  3. Step 3: Review the produced artifacts: cloud-misconfigs.json, cloud-privesc-paths.json, and cloud-report.json for findings and PoCs

Best Practices

  • Obtain written authorization before any live testing; use dry-run first
  • Clearly scope targets and reject out-of-scope assets per the policy
  • Run only checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK
  • Document reproducible PoC notes in canonical finding_schema format
  • Review outputs (cloud-misconfigs.json, cloud-privesc-paths.json, cloud-report.json) for remediation steps

Example Use Cases

  • Identifying overly permissive IAM roles that enable cross-account privilege escalation
  • Detecting exposed cloud service endpoints due to misconfigured access controls
  • Finding broad S3 bucket or storage access that could be leveraged in privilege escalation
  • Spotting insecure security group rules exposing management APIs or jump hosts
  • Revealing misconfigured KMS/secret scopes that could leak credentials and escalate access

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers