Cloud Penetration Testing

The code is a toolkit of offensive cloud enumeration and post-exploitation scripts. It contains multiple high-risk capabilities: credential harvesting (device flow and IMDS), password spraying (credential stuffing and storing successful creds), resource enumeration, and explicit Azure privilege escalation via Graph API role assignments. The code itself is not obfuscated and does not contain stealthy exfiltration code, but it facilitates actions that are malicious when used without authorization. Treat this as a high-risk artifact: do not run in production or on accounts/environments where you lack explicit permission.

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This document is an offensive cloud penetration-testing skill that legitimately contains commands for discovery, exploitation, credential harvesting, and persistence across Azure, AWS, and GCP. The capabilities are coherent with its stated purpose but include high-risk, dual-use operations (creating Owner service principals, importing 'stolen' contexts, password spraying, copying credential directories) that, while appropriate for authorized red-team work, pose significant danger if executed without strict authorization and controls. I find no evidence of obfuscation or hidden network exfiltration to attacker-controlled domains in the provided text, but the guidance enables credential theft and persistent backdoors — making misuse likely. Treat as Suspicious/High-risk unless used under formal legal engagement with logs and oversight. LLM verification: The skill is a high-risk, dual-use penetration-testing playbook. Its capabilities align with its stated purpose (offensive cloud testing) but include explicit, high-impact persistence and credential-harvesting recipes (importing stolen contexts, creating service principals and granting Global Admin/Owner, extracting Key Vault secrets, dumping user attributes that contain passwords). Distribution of this skill as-is is dangerous because it: (1) documents direct credential exfiltration and backdoo