Skip to main content

/

/

Stats

Actions

Tags

Stats

Actions

Tags

ClaudePluginHub

Community directory for discovering and installing Claude Code plugins.

Find plugins for your project

AI-powered recommendations based on your stack.

Product

Browse Plugins
Marketplaces
Pricing
About
Contact

Resources

Learning Center
Blog
Weekly Digest
Claude Code Docs
Plugin Guide
Plugin Reference
Plugin Marketplaces

Community

Browse on GitHub
Get Support

Legal

Terms of Service
Privacy Policy

Browse · Plugins · Top Plugins · Marketplaces · Components · Technologies · Skills · Agents · Commands · Hooks · MCP Servers · LSP Servers · Output Styles · Themes · Monitors

Categories · Productivity · Development · Testing · Deployment · Security · Documentation · Data · Utilities

© 2025 ClaudePluginHub

Community Maintained · Not affiliated with Anthropic

ClaudePluginHub

ClaudePluginHub

Tools Learn Pricing

Search everything...

detecting-aws-iam-privilege-escalation | cybersec-toolkit

Home
Skills
cybersec-toolkit
detecting-aws-iam-privilege-escalation

Skill

detecting-aws-iam-privilege-escalation

From cybersec-toolkit

Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations

Popularity

Stars

15

Forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/cybersec-toolkit:detecting-aws-iam-privilege-escalation

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

This skill uses boto3 and Cloudsplaining-style analysis to identify IAM privilege escalation paths in AWS accounts. It downloads the account authorization details, analyzes each policy for dangerous permission combinations (iam:PassRole + lambda:CreateFunction, iam:CreatePolicyVersion, sts:AssumeRole), and flags policies that violate least-privilege principles.

SKILL.md

67 lines · ~609 tokens

Stats

LanguagePython

Stars15

Forks2

MaintenanceExcellent

Last CommitJun 17, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

privilege-escalation

policy-analysis

least-privilege

Stats

LanguagePython

Stars15

Forks2

MaintenanceExcellent

Last CommitJun 17, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

privilege-escalation

policy-analysis

least-privilege

Detecting AWS IAM Privilege Escalation

Overview

This skill uses boto3 and Cloudsplaining-style analysis to identify IAM privilege escalation paths in AWS accounts. It downloads the account authorization details, analyzes each policy for dangerous permission combinations (iam:PassRole + lambda:CreateFunction, iam:CreatePolicyVersion, sts:AssumeRole), and flags policies that violate least-privilege principles.

When to Use

When investigating security incidents that require detecting aws iam privilege escalation
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.8+ with boto3 library
AWS credentials with IAM read-only access (iam:GetAccountAuthorizationDetails)
Optional: cloudsplaining Python package for HTML report generation

Steps

Download IAM Authorization Details — Call iam:GetAccountAuthorizationDetails to retrieve all users, groups, roles, and policies
Analyze Policies for Privilege Escalation — Check each policy for known escalation permission combinations
Identify Wildcard Resource Policies — Flag policies using Resource: "*" with dangerous actions
Map Principal-to-Policy Relationships — Build a graph of which principals can access which escalation paths
Score and Prioritize Findings — Rank findings by severity based on escalation vector type
Generate Report — Produce structured JSON report with remediation guidance

Expected Output

JSON report of privilege escalation findings with severity scores
List of dangerous permission combinations per principal
Wildcard resource policy audit results
Remediation recommendations for each finding

$

npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkit

Similar Skills

detecting-aws-iam-privilege-escalation

13.2k

Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations

3 files

cybersecurity-skills

View detecting-aws-iam-privilege-escalation

detecting-aws-iam-privilege-escalation

23

Detects AWS IAM privilege escalation paths using boto3 and Cloudsplaining analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations.

View detecting-aws-iam-privilege-escalation

performing-aws-privilege-escalation-assessment

15

Scans AWS IAM configurations for privilege escalation paths using Pacu, CloudFox, and Principal Mapper. Helps validate least-privilege policies and assess credential blast radius.

cybersec-toolkit

View performing-aws-privilege-escalation-assessment