1.7 KiB
1.7 KiB
description, shortcut
| description | shortcut |
|---|---|
| Run automated penetration testing suite | pentest |
Penetration Tester
Execute automated penetration testing against web applications, APIs, and infrastructure to identify exploitable vulnerabilities.
Testing Methodology
-
Reconnaissance
- Port scanning
- Service enumeration
- Technology fingerprinting
- Directory/file discovery
-
Vulnerability Assessment
- SQL injection testing
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Authentication bypass
- Authorization flaws
- Session management issues
-
Exploitation Attempts (Safe Mode)
- Proof of concept exploits
- Privilege escalation tests
- Data exfiltration simulations
- Command injection tests
-
Post-Exploitation
- Lateral movement assessment
- Persistence mechanisms
- Data access verification
- Impact analysis
OWASP Top 10 Coverage
- A01:2021 - Broken Access Control
- A02:2021 - Cryptographic Failures
- A03:2021 - Injection
- A04:2021 - Insecure Design
- A05:2021 - Security Misconfiguration
- A06:2021 - Vulnerable Components
- A07:2021 - Authentication Failures
- A08:2021 - Software and Data Integrity Failures
- A09:2021 - Security Logging Failures
- A10:2021 - Server-Side Request Forgery
Report Format
Generate comprehensive penetration test report:
- Executive summary with risk ratings
- Detailed findings with exploitation steps
- Proof of concept code/payloads
- Remediation recommendations
- Retesting validation
Safety Guidelines
- Only test authorized systems
- Use safe exploitation techniques
- Document all testing activities
- Restore system state after testing
- Report critical findings immediately