Files
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

1.9 KiB

Cloud Infrastructure Penetration Test — API Reference

Libraries

Library Install Purpose
boto3 pip install boto3 AWS SDK for Python — EC2, S3, IAM, security group enumeration
ScoutSuite pip install scoutsuite Multi-cloud security auditing tool
pacu pip install pacu AWS exploitation framework for penetration testing

Key boto3 Methods

Method Description
ec2.describe_security_groups() List all security groups with inbound/outbound rules
ec2.describe_instances() Enumerate EC2 instances with metadata options
s3.list_buckets() List all S3 buckets in the account
s3.get_bucket_acl(Bucket=name) Check bucket ACL for public access grants
s3.get_bucket_policy(Bucket=name) Retrieve bucket resource policy JSON
iam.list_users() Enumerate all IAM users
iam.list_attached_user_policies(UserName=u) List managed policies attached to a user
iam.list_access_keys(UserName=u) List access keys with creation dates
iam.simulate_principal_policy() Test effective permissions for a principal
sts.get_caller_identity() Identify current credentials (account, ARN)

ScoutSuite CLI

scout aws --no-browser --report-dir ./report
scout azure --cli --no-browser
scout gcp --no-browser

Key Constants

Constant Value
IMDSv2 required HttpTokens: "required"
Public ACL URI http://acs.amazonaws.com/groups/global/AllUsers
Admin policy ARN arn:aws:iam::aws:policy/AdministratorAccess

External References