pentest-cloud-infrastructure

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Pentest Cloud Infrastructure

云基础设施渗透测试

Purpose

目的

Assess the security configuration of cloud environments and containerized infrastructure to detect misconfigurations, excessive permissions, and vulnerabilities.

评估云环境和容器化基础设施的安全配置，检测配置错误、过度权限和漏洞。

Core Workflow

核心工作流程

Cloud Config Audit: Assess cloud provider configuration (AWS/Azure/GCP) using
```
prowler
```
and
```
scoutsuite
```
.
IaC Scanning: Analyze Infrastructure-as-Code (Terraform, CloudFormation) for security flaws using
```
checkov
```
and
```
terrascan
```
.
Container Security: Scan container images and runtime environments using
```
trivy
```
,
```
clair
```
, and
```
dockle
```
.
Kubernetes Assessment: Audit K8s clusters for CIS compliance and vulnerabilities using
```
kube-bench
```
and
```
kube-hunter
```
.
Runtime Monitoring: Analyze runtime behavior and rule violations using
```
falco
```
.

云配置审计：使用
```
prowler
```
和
```
scoutsuite
```
评估云服务商（AWS/Azure/GCP）的配置。
IaC扫描：使用
```
checkov
```
和
```
terrascan
```
分析基础设施即代码（Terraform、CloudFormation）中的安全缺陷。
容器安全：使用
```
trivy
```
、
```
clair
```
和
```
dockle
```
扫描容器镜像和运行时环境。
Kubernetes评估：使用
```
kube-bench
```
和
```
kube-hunter
```
审计K8s集群的CIS合规性和漏洞。
运行时监控：使用
```
falco
```
分析运行时行为和规则违规情况。

References

参考资料

```
references/tools.md
```
```
references/workflows.md
```

```
references/tools.md
```
```
references/workflows.md
```