aeondave/pacu
offensive-tools/exploits/pacu/SKILL.md
Auth/lab ref: modular AWS exploitation framework for authorized cloud assessments.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill pacuInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 3:46 AM184.5s1 file scanned
SKILL.md
- name:
- pacu
- description:
- Auth/lab ref: modular AWS exploitation framework for authorized cloud assessments.
- license:
- BSD-3-Clause
- compatibility:
- Linux, macOS, WSL; Python 3.7+.
- author:
- AeonDave
- version:
- 1.0
Pacu
Session-based AWS exploitation framework.
Scope and authorization
Use Pacu only with explicit authorization and with awareness of AWS acceptable-use and testing policy constraints.
Upstream is clear: you are responsible for ensuring the engagement and modules are permitted in the target environment.
Installation
# Preferred on Kali / modern Python environments
pipx install git+https://github.com/RhinoSecurityLabs/pacu.git
# Simpler pip path
pip3 install -U pacu
# Docker alternative
docker run -it rhinosecuritylabs/pacu:latest
Interactive Quick Start
pacu
First launch creates or resumes a session. Sessions store keys and collected data.
Inside Pacu:
set_keys
whoami
list
help iam__privesc_scan
run iam__enum_permissions
run iam__privesc_scan
Core Workflow
1. Create session and load credentials
Use set_keys to provide:
- alias
- access key ID
- secret access key
- optional session token
2. Identify who you are
whoami
Do this immediately after loading creds. It anchors the rest of the assessment.
3. Enumerate available modules
list
help module_name
4. Execute high-value modules
run iam__enum_permissions
run iam__privesc_scan
iam__privesc_scan is one of the highest-value starting points when IAM abuse is in scope.
CLI Mode
pacu --help
pacu --list-modules
pacu --session mysession --whoami
pacu --session mysession --module-name iam__privesc_scan --exec
Useful for reproducible commands, wrappers, or scripted lab flows.
Why Pacu is useful
Upstream highlights that Pacu:
- stores data in a local SQLite-backed workflow
- reduces redundant API calls and logging noise versus ad hoc scripting
- keeps command logging for reporting and timeline building
- provides module-oriented attack paths across enumeration, privesc, exfiltration, and abuse
Practical Notes
- Start with identity and permission enumeration before running noisier exploitation modules.
- Keep region scope intentional. Broad scans create logs quickly.
- Prefer modules that answer a concrete question instead of running everything blindly.
- Export or preserve session artifacts for reporting.
Caveats
- Pacu is powerful but opinionated; understand what a module will do before executing it.
- Docker mounts of
~/.awsare convenient but expose host credentials to the container. - Cloud authorization, provider policy, and customer scope matter more than tool convenience.
Resources
No bundled scripts/, references/, or assets/.
Use the upstream wiki for module catalog details and installation edge cases.
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026