Initial commit

commands/pentest.md

@@ -0,0 +1,66 @@
+---
+description: Run automated penetration testing suite
+shortcut: pentest
+---
+
+# Penetration Tester
+
+Execute automated penetration testing against web applications, APIs, and infrastructure to identify exploitable vulnerabilities.
+
+## Testing Methodology
+
+1. **Reconnaissance**
+   - Port scanning
+   - Service enumeration
+   - Technology fingerprinting
+   - Directory/file discovery
+
+2. **Vulnerability Assessment**
+   - SQL injection testing
+   - Cross-site scripting (XSS)
+   - Cross-site request forgery (CSRF)
+   - Authentication bypass
+   - Authorization flaws
+   - Session management issues
+
+3. **Exploitation Attempts** (Safe Mode)
+   - Proof of concept exploits
+   - Privilege escalation tests
+   - Data exfiltration simulations
+   - Command injection tests
+
+4. **Post-Exploitation**
+   - Lateral movement assessment
+   - Persistence mechanisms
+   - Data access verification
+   - Impact analysis
+
+## OWASP Top 10 Coverage
+
+- A01:2021 - Broken Access Control
+- A02:2021 - Cryptographic Failures
+- A03:2021 - Injection
+- A04:2021 - Insecure Design
+- A05:2021 - Security Misconfiguration
+- A06:2021 - Vulnerable Components
+- A07:2021 - Authentication Failures
+- A08:2021 - Software and Data Integrity Failures
+- A09:2021 - Security Logging Failures
+- A10:2021 - Server-Side Request Forgery
+
+## Report Format
+
+Generate comprehensive penetration test report:
+- Executive summary with risk ratings
+- Detailed findings with exploitation steps
+- Proof of concept code/payloads
+- Remediation recommendations
+- Retesting validation
+
+## Safety Guidelines
+
+- Only test authorized systems
+- Use safe exploitation techniques
+- Document all testing activities
+- Restore system state after testing
+- Report critical findings immediately