cdxiaodong

cdxiaodong / AI-Cloud-pentest-framework

Public

云安全渗透测试框架 - 支持 AWS、Azure、GCP、阿里云、腾讯云、华为云的综合渗透测试工具和指南

11
0
69% credibility
Found Mar 20, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

A framework compiling guides, checklists, and installation tools for authorized security testing of major cloud platforms including AWS, Azure, GCP, and Chinese providers.

How It Works

1
🔍 Discover the Kit

You stumble upon this free collection of guides and tips for checking the security of popular cloud services like AWS or Google Cloud.

2
📥 Bring It Home

You easily save the entire kit to your own computer to start exploring.

3
🛠️ Set Up Your Toolbox

With one simple click, you prepare all the handy checking tools, and everything is ready to go.

4
🔗 Link Test Accounts

You connect the cloud accounts you have full permission to test, feeling secure as you go.

5
📋 Follow Check Guides

You pick a guide for your cloud service and step through simple checks for things like open files or weak permissions.

6
🎯 Spot Weak Spots

You uncover potential risks and jot down notes on how to fix them, like a detective solving a mystery.

🛡️ Cloud Secured

Your cloud setup is now tougher against bad guys, with reports to share for even better protection.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is AI-Cloud-pentest-framework?

This shell-based framework equips pentesters with a unified setup for cloud security assessments across AWS, Azure, GCP, Aliyun, Tencent Cloud, and Huawei Cloud. It solves the hassle of juggling disparate CLIs and tools by offering a single install script that deploys everything from AWS CLI to Pacu and ScoutSuite, plus guides for recon, IAM enumeration, storage bucket checks, metadata exploitation, and serverless testing. Users get cross-cloud service mappings and step-by-step attack scenarios via bash commands like `aws s3 ls` or `az login`.

Why is it gaining traction?

It stands out with broad multi-cloud coverage, including domestic Chinese providers often ignored by Western tools, and a handy service mapping table to translate techniques like S3 pentests to OSS or COS. The interactive installer handles OS-specific setups for macOS, Ubuntu, or CentOS, verifying tools post-install, while curated skills pull proven methods from sources like HackTricks. Developers grab it for quick environment spins without hunting repos individually.

Who should use this?

Cloud security engineers prepping authorized pentests on hybrid international-domestic setups. Red teamers assessing IAM privilege escalation or public bucket exposures in enterprise clouds. Pentesters new to multi-cloud who need CLI workflows and report templates without building from scratch.

Verdict

Skip for production unless you contribute—11 stars and 0.699999988079071% credibility signal early immaturity, with just a fraction of planned skills documented. Still, it's a solid bootstrap for shell-savvy testers prototyping cloud pentests; fork and expand the installer for real value.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.