원클릭으로
cloud-audit
Cloud infrastructure, container image, and Kubernetes security assessment via IAM review, secrets detection, and RBAC analysis.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Cloud infrastructure, container image, and Kubernetes security assessment via IAM review, secrets detection, and RBAC analysis.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Exploit lookup, payload generation, and delivery for confirmed vulnerabilities. Use only after validation has established concrete attack path.
Curated MCP prompts for multi-step attack chains and engagement playbooks. Use for guided workflows spanning multiple skills. Each prompt step now carries expected_time, priority, fallback, and result_context for agent-guided execution.
SMB service enumeration, share discovery, and RPC interrogation on Windows networks. Use to map Windows hosts before credential testing or lateral movement.
Wireless network assessment via monitor mode, handshake capture, and de-authentication testing. Use to assess WiFi security posture and crack WPA/WPA2.
Network reconnaissance via host discovery, port scanning, and service fingerprinting. Use during early reconnaissance phase to map attack surface and identify services.
Active Directory reconnaissance, privilege escalation path analysis, and Kerberos attack surface mapping. Use for domain exploitation and lateral movement.
| name | cloud-audit |
| description | Cloud infrastructure, container image, and Kubernetes security assessment via IAM review, secrets detection, and RBAC analysis. |
Use this skill when target is cloud infrastructure rather than traditional network:
Environment-specific tools prevent wasted effort:
prowler (AWS/Azure/GCP compliance) or pacu (AWS exploitation path) [critical, ~30-60 min]trivy (fast CVE + secrets scan) or grype (detailed report) [high, ~2-10 min]kube-hunter (passive), kubectl (active RBAC/secret enumeration) — passive only without authorization [medium, ~5-20 min]checkov or terrascan on Terraform/CloudFormation before deployment [medium, ~5-15 min]Decision fields (aligned with cloud_security_audit prompt):
prowler, output is grouped by service (iam/s3/ec2) and severity (CRITICAL/HIGH/MEDIUM/LOW). Prioritise CRITICAL findings first.trivy, check for CRITICAL CVEs with known exploits — these are actionable.kube_hunter, if etcd port (2379) is open, full cluster compromise may be possible.docker pull {image} first before retrying.Entry point:
prowler(provider="aws", profile="default", region="us-east-1")
kubectl exec, pod escape, and RBAC abuse require explicit scope confirmationtrivy with registry scan; private registries require auth credentials