Stats
Actions
Tags
From pentest-framework
Tests cloud infrastructure for storage misconfigurations (S3, Azure Blob, GCS, Firebase), WAF detection (Cloudflare, AWS WAF), and email security (SPF, DKIM, DMARC). Useful for identifying passive cloud risks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pentest-framework:pentest-cloudThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Test a target application's cloud infrastructure for storage misconfigurations, WAF presence, and email security (SPF, DKIM, DMARC).
Test a target application's cloud infrastructure for storage misconfigurations, WAF presence, and email security (SPF, DKIM, DMARC).
The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.
Parse the target URL from $ARGUMENTS.
Delegate to cloud-agent using the Agent tool. The agent must run the following commands, collecting all JSON output:
pentest -k -j -o ./findings cloud storage <url>
pentest -k -j -o ./findings cloud waf <url>
pentest -k -j -o ./findings cloud email <url>
Read the JSON outputs from ./findings/ to gather all results.
Report cloud-specific findings covering:
For each finding, include:
-k to skip SSL verification for targets with self-signed certs.-j for machine-readable JSON output.-o ./findings to persist results for later reporting.npx claudepluginhub sabania/pentest-cli --plugin pentest-frameworkGuides authorized penetration testing of AWS, Azure, and GCP environments using cloud-specific tools (Pacu, ScoutSuite, Prowler) to exploit IAM misconfigurations, SSRF, and report findings against MITRE ATT&CK Cloud.
Tests cloud infrastructure and container environments for security misconfigurations and exploitation paths.
Outlines methodologies for authorized penetration testing of AWS, Azure, and GCP environments. Covers shared responsibility, IAM misconfigurations, SSRF to metadata services, and tools like Pacu and ScoutSuite.