pentest-cloud-infrastructure
Pentest Cloud Infrastructure
Purpose
Assess the security configuration of cloud environments and containerized infrastructure to detect misconfigurations, excessive permissions, and vulnerabilities.
Core Workflow
- Cloud Config Audit: Assess cloud provider configuration (AWS/Azure/GCP) using
prowlerandscoutsuite. - IaC Scanning: Analyze Infrastructure-as-Code (Terraform, CloudFormation) for security flaws using
checkovandterrascan. - Container Security: Scan container images and runtime environments using
trivy,clair, anddockle. - Kubernetes Assessment: Audit K8s clusters for CIS compliance and vulnerabilities using
kube-benchandkube-hunter. - Runtime Monitoring: Analyze runtime behavior and rule violations using
falco.
References
references/tools.mdreferences/workflows.md
More from jd-opensource/joysafeter
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
84pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
56pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
55pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
53pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
50pentest-ai-llm-security
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
49