- Home
- Skills
- Transilienceai
- Communitytools
- Cloud Infra Detector
cloud_infra_detector_skill
- Python
42
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill transilienceai/communitytools --skill cloud_infra_detector- SKILL.md9.1 KB
Overview
This skill detects cloud providers, PaaS platforms, serverless services, and related managed technologies from network and repository signals. It consolidates IP attribution, DNS CNAMEs, HTTP/TLS headers, and IaC/CI artifacts to produce ranked infrastructure attributions and confidence weights. Results show both direct platforms and implied underlying cloud providers.
How this skill works
The detector ingests ip_signals, dns_signals, http_signals, tls_signals, and repository_signals and applies pattern matching and weighted heuristics. It matches ASN/IP ranges, CNAME patterns, cloud-specific HTTP headers, certificate issuers, and repository IaC files to build detection entries. Each finding includes signal types, a weight, and optional implications (for example, PaaS → underlying cloud). Results aggregate into a summarized infrastructure profile with confidence scores.
When to use it
- During reconnaissance to map hosting and cloud relationships for an asset
- Prior to exploitation to identify managed services or provider-specific attack surfaces
- When triaging bug bounty targets to prioritize likely cloud features (CDN, object storage, serverless)
- To verify IaC and CI/CD leaks that reveal provider use
- For security research when attributing multi-cloud or PaaS-hosted applications
Best practices
- Correlate multiple signal types (IP, DNS, headers, certs, repo) before concluding provider attribution
- Report both PaaS and the implied underlying cloud when patterns indicate layered hosting
- Treat single weak signals as low confidence and seek additional evidence before action
- Log region and ASN details for targeted follow-up (region-specific services or endpoints)
- Use repository IaC findings to confirm or disambiguate runtime signals
Example use cases
- Detect that a target site is served from Vercel with X-Vercel-Id and vercel.app CNAME, implying AWS backing
- Identify AWS infrastructure via X-Amz-* headers, CloudFront CNAMEs, and ACM certificate issuers
- Find Google Cloud ownership based on GTS certificates, X-Goog-* headers, and googleapis/appspot CNAMEs
- Expose serverless platforms like AWS Lambda, Cloudflare Workers, or Netlify Functions from routes and platform-specific headers
- Flag Terraform or CloudFormation files in a repo to confirm cloud provider and inform privileged misconfiguration checks
FAQ
It reports all matching providers with confidence weights and lowers attribution confidence when signals conflict; correlation across signal categories is used to raise confidence.
Can it detect PaaS and also imply the underlying cloud provider?
Yes. PaaS detections include implied providers when known (for example, Vercel often implies AWS) and results show both PaaS and underlying cloud entries.