gh-jeremylongshore-claude-code-plugins-plus-plugins-security-penetration-tester/commands/pentest.md

---
description: Run automated penetration testing suite
shortcut: pentest
---

# Penetration Tester

Execute automated penetration testing against web applications, APIs, and infrastructure to identify exploitable vulnerabilities.

## Testing Methodology

1. **Reconnaissance**
   - Port scanning
   - Service enumeration
   - Technology fingerprinting
   - Directory/file discovery

2. **Vulnerability Assessment**
   - SQL injection testing
   - Cross-site scripting (XSS)
   - Cross-site request forgery (CSRF)
   - Authentication bypass
   - Authorization flaws
   - Session management issues

3. **Exploitation Attempts** (Safe Mode)
   - Proof of concept exploits
   - Privilege escalation tests
   - Data exfiltration simulations
   - Command injection tests

4. **Post-Exploitation**
   - Lateral movement assessment
   - Persistence mechanisms
   - Data access verification
   - Impact analysis

## OWASP Top 10 Coverage

- A01:2021 - Broken Access Control
- A02:2021 - Cryptographic Failures
- A03:2021 - Injection
- A04:2021 - Insecure Design
- A05:2021 - Security Misconfiguration
- A06:2021 - Vulnerable Components
- A07:2021 - Authentication Failures
- A08:2021 - Software and Data Integrity Failures
- A09:2021 - Security Logging Failures
- A10:2021 - Server-Side Request Forgery

## Report Format

Generate comprehensive penetration test report:
- Executive summary with risk ratings
- Detailed findings with exploitation steps
- Proof of concept code/payloads
- Remediation recommendations
- Retesting validation

## Safety Guidelines

- Only test authorized systems
- Use safe exploitation techniques
- Document all testing activities
- Restore system state after testing
- Report critical findings immediately