zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-security-penetration-tester
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:22:23 +08:00
commit 703c5232eb
8 changed files with 219 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
skills/penetration-tester/SKILL.md Normal file
View File

@@ -0,0 +1,53 @@
---
name: performing-penetration-testing
description: |
This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
version: 1.0.0
---
## Overview
This skill automates the process of penetration testing for web applications, identifying vulnerabilities and suggesting exploitation techniques. It leverages the penetration-tester plugin to assess web application security posture.
## How It Works
1. **Target Identification**: Analyzes the user's request to identify the target web application or API endpoint.
2. **Vulnerability Scanning**: Executes automated scans to discover potential vulnerabilities, covering OWASP Top 10 risks.
3. **Reporting**: Generates a detailed penetration test report, including identified vulnerabilities, risk ratings, and remediation recommendations.
## When to Use This Skill
This skill activates when you need to:
- Perform a penetration test on a web application.
- Identify vulnerabilities in a web application or API.
- Assess the security posture of a web application.
- Generate a report detailing security flaws and remediation steps.
## Examples
### Example 1: Performing a Full Penetration Test
User request: "Run a penetration test on example.com"
The skill will:
1. Initiate a comprehensive penetration test on the specified domain.
2. Generate a detailed report outlining identified vulnerabilities, including SQL injection, XSS, and CSRF.
### Example 2: Assessing API Security
User request: "Perform vulnerability assessment on the /api/users endpoint"
The skill will:
1. Target the specified API endpoint for vulnerability scanning.
2. Identify potential security flaws in the API, such as authentication bypass or authorization issues, and provide remediation advice.
## Best Practices
- **Authorization**: Always ensure you have explicit authorization before performing penetration testing on any system.
- **Scope Definition**: Clearly define the scope of the penetration test to avoid unintended consequences.
- **Safe Exploitation**: Use exploitation techniques carefully to demonstrate vulnerabilities without causing damage.
## Integration
This skill can be integrated with other security tools and plugins to enhance vulnerability management and remediation efforts. For example, findings can be exported to vulnerability tracking systems.

7
skills/penetration-tester/assets/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Assets
Bundled resources for penetration-tester skill
- [ ] report_template.html: HTML template for generating penetration testing reports.
- [ ] vulnerability_database.json: JSON file containing a database of known vulnerabilities and exploits.
- [ ] example_report.pdf: Example penetration testing report.

7
skills/penetration-tester/references/README.md Normal file
View File

@@ -0,0 +1,7 @@
# References
Bundled resources for penetration-tester skill
- [ ] owasp_top_10.md: Detailed documentation on the OWASP Top 10 vulnerabilities and how to test for them.
- [ ] penetration_testing_methodology.md: A comprehensive guide to penetration testing methodologies and best practices.
- [ ] api_security_checklist.md: A checklist for securing APIs, including REST, GraphQL, and SOAP endpoints.

7
skills/penetration-tester/scripts/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Scripts
Bundled resources for penetration-tester skill
- [ ] pentest.sh: Script to orchestrate the penetration testing process, including information gathering, vulnerability scanning, and exploitation.
- [ ] report_generator.py: Script to generate detailed penetration testing reports in various formats (e.g., HTML, PDF).
- [ ] exploit_database.py: Script to manage and update a database of known exploits and vulnerabilities.