Skill

pentest-cloud

Tests cloud infrastructure for storage misconfigurations (S3, Azure Blob, GCS, Firebase), WAF detection (Cloudflare, AWS WAF), and email security (SPF, DKIM, DMARC). Useful for identifying passive cloud risks.

AWS

GCP

npx claudepluginhub sabania/pentest-cli --plugin pentest-framework

Tool Access

This skill is limited to using the following tools:

BashAgentRead

Preview

Test a target application's cloud infrastructure for storage misconfigurations, WAF presence, and email security (SPF, DKIM, DMARC).

SKILL.md

Similar Skills

cloud-containers

257

Tests cloud (AWS, Azure, GCP) and container (Docker, Kubernetes) environments for security misconfigurations and exploitation paths. Use for cloud/container security audits.

9 files

communitytools

conducting-cloud-penetration-testing

Guides authorized penetration testing of AWS, Azure, GCP cloud environments using shared responsibility model, tools like Pacu/ScoutSuite, IAM exploits, SSRF attacks, and MITRE ATT&CK reporting.

asi

finding-security-misconfigurations

2.1k

Audits IaC templates (Terraform/CloudFormation), app configs, Docker/Kubernetes manifests, and web server settings for security misconfigurations per OWASP and CIS benchmarks.

6 files7 tools

security-misconfiguration-finder

Stats

Parent Repo Stars5

Parent Repo Forks0

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

/pentest-cloud — Cloud & Infrastructure Testing

Test a target application's cloud infrastructure for storage misconfigurations, WAF presence, and email security (SPF, DKIM, DMARC).

Input

The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.

Steps

Parse the target URL from $ARGUMENTS.

Delegate to cloud-agent using the Agent tool. The agent must run the following commands, collecting all JSON output:

pentest -k -j -o ./findings cloud storage <url>
pentest -k -j -o ./findings cloud waf <url>
pentest -k -j -o ./findings cloud email <url>

Read the JSON outputs from ./findings/ to gather all results.

Report cloud-specific findings covering:

Storage misconfigurations: Publicly accessible S3 buckets, Azure Blob containers, GCS buckets with listing enabled, open Firebase storage
WAF detection: Identified WAF vendor (Cloudflare, AWS WAF, Akamai, etc.), WAF bypass potential, rate limiting policies
Email security: SPF record validity, DKIM configuration, DMARC policy (none/quarantine/reject), email spoofing risk

For each finding, include:

Severity rating
Evidence (URLs, DNS records, response headers)
Remediation steps specific to the cloud provider

Notes

All cloud commands are passive and safe to run without explicit consent.

Storage enumeration checks for publicly known bucket naming patterns.

WAF detection helps inform testing strategy for other skills.

Use -k to skip SSL verification for targets with self-signed certs.

Use -j for machine-readable JSON output.

Use -o ./findings to persist results for later reporting.

/pentest-cloud — Cloud & Infrastructure Testing

Test a target application's cloud infrastructure for storage misconfigurations, WAF presence, and email security (SPF, DKIM, DMARC).

Input

The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.

Steps

Parse the target URL from $ARGUMENTS.

Delegate to cloud-agent using the Agent tool. The agent must run the following commands, collecting all JSON output:

pentest -k -j -o ./findings cloud storage <url>
pentest -k -j -o ./findings cloud waf <url>
pentest -k -j -o ./findings cloud email <url>

Read the JSON outputs from ./findings/ to gather all results.
Report cloud-specific findings covering:
- Storage misconfigurations: Publicly accessible S3 buckets, Azure Blob containers, GCS buckets with listing enabled, open Firebase storage
- WAF detection: Identified WAF vendor (Cloudflare, AWS WAF, Akamai, etc.), WAF bypass potential, rate limiting policies
- Email security: SPF record validity, DKIM configuration, DMARC policy (none/quarantine/reject), email spoofing risk
For each finding, include:
- Severity rating
- Evidence (URLs, DNS records, response headers)
- Remediation steps specific to the cloud provider

Notes

All cloud commands are passive and safe to run without explicit consent.
Storage enumeration checks for publicly known bucket naming patterns.
WAF detection helps inform testing strategy for other skills.
Use -k to skip SSL verification for targets with self-signed certs.
Use -j for machine-readable JSON output.
Use -o ./findings to persist results for later reporting.