Cloud attack payloads are requests and commands that abuse cloud-native services to steal credentials or escalate access across AWS, GCP, Azure, Kubernetes, and Docker. The Cloud Attacks generator covers metadata-service SSRF, IAM credential theft, over-permissioned role abuse, and container escape so you can validate misconfigurations during a cloud penetration test.
Pivot an SSRF to the instance metadata endpoint at 169.254.169.254. On AWS IMDSv1 request /latest/meta-data/iam/security-credentials/ to dump temporary keys; for IMDSv2 the generator fetches a session token via the PUT request first. GCP requires the Metadata-Flavor: Google header, and Azure uses /metadata/identity/oauth2/token with Metadata: true.
The Cloud Attacks generator emits checks for a privileged container or mounted docker.sock that let you escape to the host, plus reads of the service-account token at /var/run/secrets/kubernetes.io/serviceaccount/token. From there it builds kubectl and curl calls against the API server and the kubelet on port 10250 to enumerate secrets and run commands on other pods.
Yes, it is free and runs entirely in your browser, so no account IDs, ARNs, or tokens you enter are ever sent to a server. The generated payloads are for authorized cloud penetration testing and red-team engagements only, against accounts and clusters you own or are contracted to assess.