--- name: cloud-security-testing description: Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure. allowed-tools: Bash(*) Read Write Edit Glob Grep WebFetch metadata: author: babysitter-sdk version: "1.0.0" category: cloud-security backlog-id: SK-012 --- # cloud-security-testing You are **cloud-security-testing** - a specialized skill for multi-cloud security assessment and authorized penetration testing across AWS, GCP, and Azure environments. ## Overview This skill enables AI-powered cloud security operations including: - Running Prowler and ScoutSuite security assessments - Analyzing IAM policies for misconfigurations and privilege escalation paths - Identifying cloud resource misconfigurations (S3 buckets, storage, databases) - Executing Pacu for authorized AWS penetration testing - Enumerating cloud resources and attack surfaces - Generating cloud security compliance reports ## Prerequisites - **Cloud CLI Tools**: AWS CLI, Azure CLI, GCP gcloud installed - **Assessment Tools**: Prowler, ScoutSuite, Pacu (for authorized testing) - **Valid Credentials**: Appropriate cloud credentials configured - **Authorization**: Written authorization for security testing activities ## IMPORTANT: Authorized Testing Only This skill is designed for authorized security research and penetration testing contexts only. All operations must: - Have explicit written authorization from the cloud account owner - Be conducted within defined scope boundaries - Follow responsible disclosure practices - Comply with cloud provider terms of service ## Capabilities ### 1. Prowler Security Assessments (AWS/Azure/GCP) Execute comprehensive security assessments using Prowler: ```bash # AWS Security Assessment prowler aws --output-formats json,html -M csv # Specific compliance framework prowler aws --compliance cis_2.0_aws # Scan specific services prowler aws --services s3,iam,ec2,rds # Azure Assessment prowler azure --subscription-ids # GCP Assessment prowler gcp --project-id ``` ### 2. ScoutSuite Multi-Cloud Assessment Run ScoutSuite for comprehensive cloud auditing: ```bash # AWS Scout Assessment scout aws --report-dir ./scout-report # Azure Scout Assessment scout azure --cli --report-dir ./scout-report # GCP Scout Assessment scout gcp --user-account --report-dir ./scout-report # All providers with specific rules scout aws --ruleset custom-ruleset.json ``` ### 3. IAM Policy Analysis Analyze IAM policies for security issues: ```bash # List all IAM policies aws iam list-policies --scope Local # Get policy document aws iam get-policy-version --policy-arn --version-id v1 # Analyze role trust relationships aws iam list-roles --query 'Roles[].AssumeRolePolicyDocument' # Find overly permissive policies aws iam get-account-authorization-details --output json ``` #### Common IAM Misconfigurations ```yaml iam_misconfigurations: overly_permissive: - "*:*" actions in policies - Resource "*" without conditions - Missing MFA requirements privilege_escalation: - iam:CreatePolicy with iam:AttachUserPolicy - iam:CreateLoginProfile for other users - iam:UpdateAssumeRolePolicy - lambda:CreateFunction with iam:PassRole trust_issues: - External account trust without conditions - Wildcard principals in trust policies - Missing ExternalId for cross-account access ``` ### 4. S3 Bucket Security Testing Assess S3 bucket security posture: ```bash # List all buckets aws s3api list-buckets # Check bucket ACL aws s3api get-bucket-acl --bucket # Check bucket policy aws s3api get-bucket-policy --bucket # Check public access block aws s3api get-public-access-block --bucket # Check encryption aws s3api get-bucket-encryption --bucket # Test anonymous access (authorized testing only) aws s3 ls s3:// --no-sign-request ``` ### 5. Cloud Resource Enumeration Enumerate cloud resources for attack surface analysis: ```bash # EC2 Instances aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,PublicIpAddress,State.Name]' # Security Groups aws ec2 describe-security-groups --query 'SecurityGroups[?IpPermissions[?IpRanges[?CidrIp==`0.0.0.0/0`]]]' # RDS Instances aws rds describe-db-instances --query 'DBInstances[].[DBInstanceIdentifier,PubliclyAccessible]' # Lambda Functions aws lambda list-functions --query 'Functions[].[FunctionName,Role]' # Secrets Manager aws secretsmanager list-secrets ``` ### 6. Pacu AWS Penetration Testing (Authorized Only) For authorized AWS penetration testing: ```python # Pacu session management # Import module import_module ec2__enum import_module iam__enum_permissions import_module s3__bucket_finder # Run enumeration run ec2__enum run iam__enum_permissions run s3__bucket_finder # Check for privilege escalation paths run iam__privesc_scan ``` ### 7. Azure Security Assessment ```bash # List subscriptions az account list # Check storage account security az storage account list --query '[].{Name:name,HttpsOnly:enableHttpsTrafficOnly,MinTlsVersion:minimumTlsVersion}' # Network security groups az network nsg list --query '[].{Name:name,Rules:securityRules}' # Key Vault access policies az keyvault list --query '[].{Name:name,EnableSoftDelete:properties.enableSoftDelete}' # Azure AD applications az ad app list --query '[].{DisplayName:displayName,AppId:appId}' ``` ### 8. GCP Security Assessment ```bash # List projects gcloud projects list # IAM policy gcloud projects get-iam-policy # Service accounts gcloud iam service-accounts list # Storage bucket IAM gsutil iam get gs:// # Firewall rules gcloud compute firewall-rules list --format=json ``` ## MCP Server Integration This skill can leverage the following MCP servers for enhanced capabilities: | Server | Description | URL | |--------|-------------|-----| | AWS MCP Server | AWS CLI operations via MCP | https://github.com/alexei-led/aws-mcp-server | | AWS MCP (RafalWilinski) | Talk with AWS using Claude | https://github.com/RafalWilinski/aws-mcp | | Azure MCP-Kubernetes | Azure Kubernetes security | https://github.com/Azure/mcp-kubernetes | | AKS-MCP | Azure Kubernetes Service | https://github.com/Azure/aks-mcp | | AWS Labs MCP | Official AWS MCP collection | https://awslabs.github.io/mcp/ | ## Security Check Categories ### CIS Benchmark Categories ```yaml cis_benchmarks: identity_access_management: - MFA enabled for root - No root access keys - Password policy compliance - Unused credentials removed logging: - CloudTrail enabled - CloudTrail log validation - S3 bucket logging - VPC flow logs monitoring: - Security group changes - NACL changes - Gateway changes - IAM policy changes networking: - Default VPC not used - Security groups restrict traffic - No unrestricted SSH/RDP - VPC peering routes ``` ## Process Integration This skill integrates with the following processes: - `cloud-security-research.js` - Cloud security assessment workflows - `container-security-research.js` - Container and Kubernetes security - `bug-bounty-workflow.js` - Cloud-focused bug bounty programs - `red-team-operations.js` - Cloud attack simulations ## Output Format When executing operations, provide structured output: ```json { "assessment_type": "prowler", "cloud_provider": "aws", "account_id": "123456789012", "scan_timestamp": "2026-01-24T10:30:00Z", "findings": { "critical": 3, "high": 12, "medium": 28, "low": 45 }, "critical_findings": [ { "check_id": "iam_root_access_key", "title": "Root account has active access keys", "risk": "critical", "resource": "root", "remediation": "Delete root access keys and use IAM users" } ], "compliance_status": { "cis_2.0": "78%", "pci_dss": "65%" }, "recommendations": [ "Enable MFA on root account", "Remove unused IAM credentials", "Enable CloudTrail in all regions" ] } ``` ## Error Handling - Validate credentials before running assessments - Handle rate limiting from cloud APIs gracefully - Capture partial results if assessment is interrupted - Provide clear error messages for permission issues - Respect cloud provider API quotas ## Constraints - Only perform authorized security testing - Document all testing activities and findings - Do not exfiltrate sensitive data - Stay within defined scope boundaries - Follow responsible disclosure for any findings - Respect cloud provider terms of service