Audits Azure Blob and ADLS storage accounts for public access exposure, weak/long SAS tokens, missing encryption, disabled HTTPS-only traffic, and outdated TLS using azure-mgmt-storage Python SDK.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
Azure 存储账户因公开访问配置错误、长期 SAS 令牌、缺失加密和过时 TLS 版本而成为攻击者的常见目标。本 skill 使用 azure-mgmt-storage Python SDK 配合 StorageManagementClient,枚举订阅中的所有存储账户,检查其安全属性,列出 blob 容器的公开访问设置,并生成一份风险评分审计报告,识别关键错误配置。
Audits Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using azure-mgmt-storage Python SDK. Useful for cloud security audits and incident investigations.
Audits Azure Blob/ADLS storage accounts for public access, weak SAS tokens, missing encryption, HTTPS/TLS issues using azure-mgmt-storage Python SDK. Outputs risk-scored JSON report.
Detects Azure storage account misconfigurations including public blob containers, missing encryption, broad SAS tokens, disabled logging, and network access violations using Azure CLI, PowerShell, and Microsoft Defender for Storage. Use for security audits, compliance, or data exposure investigations.
Share bugs, ideas, or general feedback.
Azure 存储账户因公开访问配置错误、长期 SAS 令牌、缺失加密和过时 TLS 版本而成为攻击者的常见目标。本 skill 使用 azure-mgmt-storage Python SDK 配合 StorageManagementClient,枚举订阅中的所有存储账户,检查其安全属性,列出 blob 容器的公开访问设置,并生成一份风险评分审计报告,识别关键错误配置。
azure-mgmt-storage、azure-identityallow_blob_public_access,或单个容器设置为 Blob/Container 访问级别enable_https_traffic_only 被禁用,允许未加密的 HTTP 流量包含每个账户发现、严重性评级(严重/高/中/低)以及符合 CIS Azure Benchmark 控制项的修复建议的 JSON 报告。