cloud_infra_detector_skill

This skill detects cloud providers, PaaS, and serverless platforms from signals such as IP, DNS, headers, and TLS to identify infrastructure.
  • Python

42

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill transilienceai/communitytools --skill cloud_infra_detector

  • SKILL.md9.1 KB

Overview

This skill detects cloud providers, PaaS platforms, serverless services, and related managed technologies from network and repository signals. It consolidates IP attribution, DNS CNAMEs, HTTP/TLS headers, and IaC/CI artifacts to produce ranked infrastructure attributions and confidence weights. Results show both direct platforms and implied underlying cloud providers.

How this skill works

The detector ingests ip_signals, dns_signals, http_signals, tls_signals, and repository_signals and applies pattern matching and weighted heuristics. It matches ASN/IP ranges, CNAME patterns, cloud-specific HTTP headers, certificate issuers, and repository IaC files to build detection entries. Each finding includes signal types, a weight, and optional implications (for example, PaaS → underlying cloud). Results aggregate into a summarized infrastructure profile with confidence scores.

When to use it

  • During reconnaissance to map hosting and cloud relationships for an asset
  • Prior to exploitation to identify managed services or provider-specific attack surfaces
  • When triaging bug bounty targets to prioritize likely cloud features (CDN, object storage, serverless)
  • To verify IaC and CI/CD leaks that reveal provider use
  • For security research when attributing multi-cloud or PaaS-hosted applications

Best practices

  • Correlate multiple signal types (IP, DNS, headers, certs, repo) before concluding provider attribution
  • Report both PaaS and the implied underlying cloud when patterns indicate layered hosting
  • Treat single weak signals as low confidence and seek additional evidence before action
  • Log region and ASN details for targeted follow-up (region-specific services or endpoints)
  • Use repository IaC findings to confirm or disambiguate runtime signals

Example use cases

  • Detect that a target site is served from Vercel with X-Vercel-Id and vercel.app CNAME, implying AWS backing
  • Identify AWS infrastructure via X-Amz-* headers, CloudFront CNAMEs, and ACM certificate issuers
  • Find Google Cloud ownership based on GTS certificates, X-Goog-* headers, and googleapis/appspot CNAMEs
  • Expose serverless platforms like AWS Lambda, Cloudflare Workers, or Netlify Functions from routes and platform-specific headers
  • Flag Terraform or CloudFormation files in a repo to confirm cloud provider and inform privileged misconfiguration checks

FAQ

It reports all matching providers with confidence weights and lowers attribution confidence when signals conflict; correlation across signal categories is used to raise confidence.

Can it detect PaaS and also imply the underlying cloud provider?

Yes. PaaS detections include implied providers when known (for example, Vercel often implies AWS) and results show both PaaS and underlying cloud entries.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
cloud_infra_detector skill by transilienceai/communitytools | VeilStrat