Initial commit

.claude-plugin/plugin.json

@@ -0,0 +1,15 @@
+{
+  "name": "penetration-tester",
+  "description": "Automated penetration testing for web applications with OWASP Top 10 coverage",
+  "version": "1.0.0",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "skills": [
+    "./skills"
+  ],
+  "commands": [
+    "./commands"
+  ]
+}

README.md

@@ -0,0 +1,3 @@
+# penetration-tester
+
+Automated penetration testing for web applications with OWASP Top 10 coverage

commands/pentest.md

@@ -0,0 +1,66 @@
+---
+description: Run automated penetration testing suite
+shortcut: pentest
+---
+
+# Penetration Tester
+
+Execute automated penetration testing against web applications, APIs, and infrastructure to identify exploitable vulnerabilities.
+
+## Testing Methodology
+
+1. **Reconnaissance**
+   - Port scanning
+   - Service enumeration
+   - Technology fingerprinting
+   - Directory/file discovery
+
+2. **Vulnerability Assessment**
+   - SQL injection testing
+   - Cross-site scripting (XSS)
+   - Cross-site request forgery (CSRF)
+   - Authentication bypass
+   - Authorization flaws
+   - Session management issues
+
+3. **Exploitation Attempts** (Safe Mode)
+   - Proof of concept exploits
+   - Privilege escalation tests
+   - Data exfiltration simulations
+   - Command injection tests
+
+4. **Post-Exploitation**
+   - Lateral movement assessment
+   - Persistence mechanisms
+   - Data access verification
+   - Impact analysis
+
+## OWASP Top 10 Coverage
+
+- A01:2021 - Broken Access Control
+- A02:2021 - Cryptographic Failures
+- A03:2021 - Injection
+- A04:2021 - Insecure Design
+- A05:2021 - Security Misconfiguration
+- A06:2021 - Vulnerable Components
+- A07:2021 - Authentication Failures
+- A08:2021 - Software and Data Integrity Failures
+- A09:2021 - Security Logging Failures
+- A10:2021 - Server-Side Request Forgery
+
+## Report Format
+
+Generate comprehensive penetration test report:
+- Executive summary with risk ratings
+- Detailed findings with exploitation steps
+- Proof of concept code/payloads
+- Remediation recommendations
+- Retesting validation
+
+## Safety Guidelines
+
+- Only test authorized systems
+- Use safe exploitation techniques
+- Document all testing activities
+- Restore system state after testing
+- Report critical findings immediately

plugin.lock.json

@@ -0,0 +1,61 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/penetration-tester",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "cf9fed54f062c50e1d0710f391cb2e12b0afbdb7",
+    "treeHash": "33e370cd1bc6a9e95ef5b037c9e8a2efb0c9993b9ce9115239ba52015af35144",
+    "generatedAt": "2025-11-28T10:18:39.230776Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "penetration-tester",
+    "description": "Automated penetration testing for web applications with OWASP Top 10 coverage",
+    "version": "1.0.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "61a33a8552d4496e41a8d3e2e15ea6813240ba68b997db957de039f62eeb5fb9"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "8916b0d1c3d82cd5acd8958cc452f4928014282324570d1643b59a921c83f01d"
+      },
+      {
+        "path": "commands/pentest.md",
+        "sha256": "de4431a8048c218aa6d891f7ac4446ff776461bbd468e5cea7a280f36bc8d505"
+      },
+      {
+        "path": "skills/penetration-tester/SKILL.md",
+        "sha256": "ed8648f1e8c64b540ecc62ad34eed878b018fe43ec6507dbb1c8cc0044285093"
+      },
+      {
+        "path": "skills/penetration-tester/references/README.md",
+        "sha256": "77d551392a52b6e0f406066a87d074af6ff93c4355d23a358a1aeeccd33ae03c"
+      },
+      {
+        "path": "skills/penetration-tester/scripts/README.md",
+        "sha256": "dd2a9aa89705b73df385d785ee00a8b1278702c915ef3fbd12a7033fc14454d9"
+      },
+      {
+        "path": "skills/penetration-tester/assets/README.md",
+        "sha256": "b17a6a00339d1f60cfa59bd775d19683c922d7d157424c01e7f403e55ed8dda6"
+      }
+    ],
+    "dirSha256": "33e370cd1bc6a9e95ef5b037c9e8a2efb0c9993b9ce9115239ba52015af35144"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}

skills/penetration-tester/SKILL.md

@@ -0,0 +1,53 @@
+---
+name: performing-penetration-testing
+description: |
+  This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash
+version: 1.0.0
+---
+
+## Overview
+
+This skill automates the process of penetration testing for web applications, identifying vulnerabilities and suggesting exploitation techniques. It leverages the penetration-tester plugin to assess web application security posture.
+
+## How It Works
+
+1. **Target Identification**: Analyzes the user's request to identify the target web application or API endpoint.
+2. **Vulnerability Scanning**: Executes automated scans to discover potential vulnerabilities, covering OWASP Top 10 risks.
+3. **Reporting**: Generates a detailed penetration test report, including identified vulnerabilities, risk ratings, and remediation recommendations.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Perform a penetration test on a web application.
+- Identify vulnerabilities in a web application or API.
+- Assess the security posture of a web application.
+- Generate a report detailing security flaws and remediation steps.
+
+## Examples
+
+### Example 1: Performing a Full Penetration Test
+
+User request: "Run a penetration test on example.com"
+
+The skill will:
+1. Initiate a comprehensive penetration test on the specified domain.
+2. Generate a detailed report outlining identified vulnerabilities, including SQL injection, XSS, and CSRF.
+
+### Example 2: Assessing API Security
+
+User request: "Perform vulnerability assessment on the /api/users endpoint"
+
+The skill will:
+1. Target the specified API endpoint for vulnerability scanning.
+2. Identify potential security flaws in the API, such as authentication bypass or authorization issues, and provide remediation advice.
+
+## Best Practices
+
+- **Authorization**: Always ensure you have explicit authorization before performing penetration testing on any system.
+- **Scope Definition**: Clearly define the scope of the penetration test to avoid unintended consequences.
+- **Safe Exploitation**: Use exploitation techniques carefully to demonstrate vulnerabilities without causing damage.
+
+## Integration
+
+This skill can be integrated with other security tools and plugins to enhance vulnerability management and remediation efforts. For example, findings can be exported to vulnerability tracking systems.

skills/penetration-tester/assets/README.md

@@ -0,0 +1,7 @@
+# Assets
+
+Bundled resources for penetration-tester skill
+
+- [ ] report_template.html: HTML template for generating penetration testing reports.
+- [ ] vulnerability_database.json: JSON file containing a database of known vulnerabilities and exploits.
+- [ ] example_report.pdf: Example penetration testing report.

skills/penetration-tester/references/README.md

@@ -0,0 +1,7 @@
+# References
+
+Bundled resources for penetration-tester skill
+
+- [ ] owasp_top_10.md: Detailed documentation on the OWASP Top 10 vulnerabilities and how to test for them.
+- [ ] penetration_testing_methodology.md: A comprehensive guide to penetration testing methodologies and best practices.
+- [ ] api_security_checklist.md: A checklist for securing APIs, including REST, GraphQL, and SOAP endpoints.

skills/penetration-tester/scripts/README.md

@@ -0,0 +1,7 @@
+# Scripts
+
+Bundled resources for penetration-tester skill
+
+- [ ] pentest.sh: Script to orchestrate the penetration testing process, including information gathering, vulnerability scanning, and exploitation.
+- [ ] report_generator.py: Script to generate detailed penetration testing reports in various formats (e.g., HTML, PDF).
+- [ ] exploit_database.py: Script to manage and update a database of known exploits and vulnerabilities.