zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-testing-security-test-scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:23:25 +08:00
commit 00cf45385b
11 changed files with 809 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
skills/security-test-scanner/assets/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Assets
Bundled resources for security-test-scanner skill
- [ ] nmap_scan_template.sh: Template script for running Nmap scans with various options.
- [ ] nessus_scan_policy.xml: Example Nessus scan policy for comprehensive vulnerability assessment.
- [ ] report_template.md: Markdown template for generating security test reports.

120
skills/security-test-scanner/assets/nessus_scan_policy.xml Normal file
View File

@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Nessus Scan Policy for Comprehensive Vulnerability Assessment
This policy is designed to provide a thorough assessment of web application security,
covering OWASP Top 10 vulnerabilities, injection flaws, XSS, CSRF, and authentication/authorization issues.
Instructions:
1. Import this XML file into your Nessus scanner.
2. Configure the scan settings, including the target IP address/hostname.
3. Review and customize the enabled plugins to suit your specific needs.
4. Consider enabling thorough tests for sensitive applications.
Placeholders:
- Replace "[TARGET_HOSTNAME_OR_IP]" with the actual hostname or IP address of your target.
- Review the "Settings" section and adjust to your environment.
- Examine the "Plugins" section to enable or disable specific vulnerability checks.
-->
<Policy>
<PolicyName>Security Test Scanner - Comprehensive</PolicyName>
<PolicyDescription>Comprehensive vulnerability assessment policy covering OWASP Top 10, injection, XSS, CSRF, and authentication/authorization issues.</PolicyDescription>
<Preferences>
<ServerPreferences>
<AutoUpdate>true</AutoUpdate>
<MaxSimultaneousChecks>30</MaxSimultaneousChecks>
<ReportVerbosity>2</ReportVerbosity>
<ScanLocation>local</ScanLocation>
<StopScanOnPluginCrash>true</StopScanOnPluginCrash>
<Timeout>30</Timeout>
</ServerPreferences>
<ScanPreferences>
<CredentialedScan>false</CredentialedScan>
<ReportParanoia>Normal</ReportParanoia>
<ScanType>Thorough</ScanType>
<Target>[TARGET_HOSTNAME_OR_IP]</Target>
<PluginSet>Web App Tests</PluginSet>
<Settings>
<!-- Adjust these settings according to your environment -->
<item>
<name>SYN scan</name>
<value>yes</value>
</item>
<item>
<name>Ping before scanning</name>
<value>yes</value>
</item>
<item>
<name>Port scan range</name>
<value>default</value>
</item>
<item>
<name>Max hosts at once</name>
<value>30</value>
</item>
<item>
<name>Max checks per host</name>
<value>5</value>
</item>
<item>
<name>Safe checks</name>
<value>yes</value>
</item>
<item>
<name>Thorough tests</name>
<value>yes</value>
</item>
<item>
<name>Report Verbosity</name>
<value>2</value>
</item>
</Settings>
</ScanPreferences>
</Preferences>
<Plugins>
<!--
This section lists the enabled plugins. Review and customize based on your requirements.
Example:
<plugin>
<id>10180</id>
<family>CGI abuses</family>
<status>enabled</status>
</plugin>
-->
<!-- OWASP Top 10 -->
<plugin>
<id>57603</id>
<family>Web Servers</family>
<status>enabled</status>
</plugin>
<!-- SQL Injection -->
<plugin>
<id>22964</id>
<family>CGI abuses</family>
<status>enabled</status>
</plugin>
<!-- XSS -->
<plugin>
<id>57605</id>
<family>Web Servers</family>
<status>enabled</status>
</plugin>
<!-- CSRF -->
<plugin>
<id>58580</id>
<family>Web Servers</family>
<status>enabled</status>
</plugin>
<!-- Authentication -->
<plugin>
<id>11757</id>
<family>Authentication</family>
<status>enabled</status>
</plugin>
<!-- Add more plugins here based on your desired coverage -->
</Plugins>
<Credentials>
<!-- Add credentials if required for authenticated scanning -->
</Credentials>
</Policy>

126
skills/security-test-scanner/assets/nmap_scan_template.sh Normal file
View File

@@ -0,0 +1,126 @@
#!/bin/bash
# Script Name: nmap_scan_template.sh
# Description: Template script for running Nmap scans with various options.
# Author: [Your Name/Organization]
# Date: 2023-10-27
# Exit immediately if a command exits with a non-zero status.
set -e
# Usage Instructions:
# ./nmap_scan_template.sh <target_ip_or_hostname> [options]
#
# Options:
# -p <port(s)>: Specify port(s) to scan (e.g., -p 80,443 or -p 1-1000)
# -sV: Enable version detection
# -sS: TCP SYN scan (default)
# -sT: TCP connect scan (if SYN scan is not possible)
# -sU: UDP scan
# -O: Enable OS detection
# -A: Enable aggressive scan (OS detection, version detection, script scanning, and traceroute)
# -T<0-5>: Set timing template (0=paranoid, 1=sneaky, 2=polite, 3=normal, 4=aggressive, 5=insane)
# -oN <output_file>: Output results to a normal format file
# -oX <output_file>: Output results to an XML format file
# -h: Display this help message
# Default values
TARGET=""
PORTS=""
SCAN_TYPE=""
VERSION_DETECTION=""
OS_DETECTION=""
AGGRESSIVE_SCAN=""
TIMING_TEMPLATE=""
OUTPUT_NORMAL=""
OUTPUT_XML=""
# Function to display usage instructions
usage() {
echo "Usage: ./nmap_scan_template.sh <target_ip_or_hostname> [options]"
echo
echo "Options:"
echo " -p <port(s)>: Specify port(s) to scan (e.g., -p 80,443 or -p 1-1000)"
echo " -sV: Enable version detection"
echo " -sS: TCP SYN scan (default)"
echo " -sT: TCP connect scan (if SYN scan is not possible)"
echo " -sU: UDP scan"
echo " -O: Enable OS detection"
echo " -A: Enable aggressive scan (OS detection, version detection, script scanning, and traceroute)"
echo " -T<0-5>: Set timing template (0=paranoid, 1=sneaky, 2=polite, 3=normal, 4=aggressive, 5=insane)"
echo " -oN <output_file>: Output results to a normal format file"
echo " -oX <output_file>: Output results to an XML format file"
echo " -h: Display this help message"
exit 1
}
# Parse command-line arguments
while getopts "p:sVsTUAOTo:o:h" opt; do
case "$opt" in
p)
PORTS="-p $OPTARG"
;;
s)
VERSION_DETECTION="-sV"
;;
S)
SCAN_TYPE="-sS"
;;
T)
SCAN_TYPE="-sT"
;;
U)
SCAN_TYPE="-sU"
;;
O)
OS_DETECTION="-O"
;;
A)
AGGRESSIVE_SCAN="-A"
;;
T)
TIMING_TEMPLATE="-T$OPTARG"
;;
o)
OUTPUT_NORMAL="-oN $OPTARG"
;;
O)
OUTPUT_XML="-oX $OPTARG"
;;
h)
usage
;;
\?)
echo "Invalid option: -$OPTARG" >&2
usage
;;
:)
echo "Option -$OPTARG requires an argument." >&2
usage
;;
esac
done
# Shift off the options, leaving the arguments
shift $((OPTIND-1))
# Check for the target IP or hostname
if [ -z "$1" ]; then
echo "Error: Target IP or hostname is required."
usage
fi
TARGET="$1"
# Construct the Nmap command
NMAP_COMMAND="nmap $PORTS $SCAN_TYPE $VERSION_DETECTION $OS_DETECTION $AGGRESSIVE_SCAN $TIMING_TEMPLATE $OUTPUT_NORMAL $OUTPUT_XML $TARGET"
# Print the Nmap command (for debugging)
echo "Running command: $NMAP_COMMAND"
# Execute the Nmap command
eval $NMAP_COMMAND
echo "Nmap scan completed."
exit 0

75
skills/security-test-scanner/assets/report_template.md Normal file
View File

@@ -0,0 +1,75 @@
# Security Test Scan Report
**Report Date:** `[Insert Date]`
**Application Name:** `[Insert Application Name]`
**Application Version:** `[Insert Application Version]`
**Report Generated By:** `[Insert Your Name/Organization]`
## 1. Executive Summary
`[Provide a concise summary of the security test findings. Highlight the most critical vulnerabilities and their potential impact. For example: "This report summarizes the results of a security scan conducted on [Application Name] version [Application Version] on [Date]. The scan identified [Number] high-severity vulnerabilities, including [Example Vulnerability 1] and [Example Vulnerability 2], which require immediate attention. The overall security posture of the application is [State Security Posture - e.g., 'moderate' or 'requires improvement']."]`
## 2. Scope of Assessment
### 2.1. In-Scope Targets
`[List the URLs, APIs, or other components that were included in the security scan. Be specific. For example: "The following URLs were included in the scope of the assessment:
* https://example.com/
* https://api.example.com/v1/" ]`
### 2.2. Out-of-Scope Targets
`[List any URLs, APIs, or other components that were explicitly excluded from the security scan. For example: "The following URLs were explicitly excluded from the scope of the assessment:
* https://example.com/documentation/"]`
## 3. Methodology
`[Describe the testing methodologies used during the security scan. Mention the tools used, if applicable. For example: "The security scan was performed using a combination of automated scanning tools (e.g., [Tool Name 1], [Tool Name 2]) and manual penetration testing techniques. The assessment focused on identifying vulnerabilities related to the OWASP Top 10, SQL injection, XSS, CSRF, authentication issues, and authorization flaws."]`
## 4. Vulnerability Findings
`[For each vulnerability, provide the following information. Use the below format as a template. Repeat for each finding.]`
### 4.1. Vulnerability Title: `[Vulnerability Name - e.g., SQL Injection]`
* **Severity:** `[Critical/High/Medium/Low/Informational]`
* **OWASP Category (if applicable):** `[e.g., A1:2021-Injection]`
* **Description:** `[Detailed explanation of the vulnerability. Explain what it is and how it works. For example: "SQL injection is a vulnerability that allows attackers to execute arbitrary SQL code on the backend database. This can lead to data breaches, data manipulation, and denial of service."]`
* **Location:** `[URL or API endpoint where the vulnerability was found. Be precise. For example: "https://example.com/login.php (parameter: username)"]`
* **Proof of Concept (PoC):** `[Step-by-step instructions or the exact payload used to exploit the vulnerability. For example: "1. Navigate to https://example.com/login.php. 2. Enter the following payload in the username field: ' OR '1'='1. 3. Click 'Login'. If the application logs you in without a valid username and password, it is vulnerable to SQL injection."]`
* **Impact:** `[Explain the potential consequences of the vulnerability. For example: "Successful exploitation of this SQL injection vulnerability could allow an attacker to gain unauthorized access to the database, retrieve sensitive information (e.g., usernames, passwords, credit card details), modify data, or even execute arbitrary commands on the server."]`
* **Recommendation:** `[Provide specific steps to remediate the vulnerability. For example: "Implement parameterized queries or prepared statements to prevent SQL injection. Validate and sanitize user input before using it in SQL queries."]`
* **Evidence:** `[Include screenshots, logs, or other evidence to support the finding. This could be a screenshot of the successful SQL injection, or a log entry showing the malicious query.]`
## 5. OWASP Top 10 Coverage
`[Summarize the coverage of the OWASP Top 10 vulnerabilities. For each category, indicate whether it was tested and, if so, the results. For example:]`
* **A1:2021-Injection:** `[Tested. SQL Injection vulnerability identified (see section 4.1).]`
* **A2:2021-Broken Authentication:** `[Tested. Weak password policies detected (see section 4.x).]`
* **A3:2021-Sensitive Data Exposure:** `[Tested. No sensitive data exposure vulnerabilities identified.]`
* **A4:2021-Insecure Design:** `[Partially Tested. Limited scope in this area.]`
* **A5:2021-Security Misconfiguration:** `[Tested. Default configuration settings found (see section 4.y).]`
* **A6:2021-Vulnerable and Outdated Components:** `[Tested. Outdated library detected (see section 4.z).]`
* **A7:2021-Identification and Authentication Failures:** `[Tested. Insecure session management identified (see section 4.w).]`
* **A8:2021-Software and Data Integrity Failures:** `[Not Tested. Scope limitation.]`
* **A9:2021-Security Logging and Monitoring Failures:** `[Tested. Insufficient logging detected (see section 4.v).]`
* **A10:2021-Server-Side Request Forgery (SSRF):** `[Tested. No SSRF vulnerabilities identified.]`
## 6. Overall Risk Assessment
`[Provide an overall assessment of the application's security risk based on the findings. Consider the severity and likelihood of exploitation of the identified vulnerabilities. For example: "Based on the findings of this security scan, the overall risk level for [Application Name] is considered [High/Medium/Low]. The presence of [Number] high-severity vulnerabilities, particularly [Example Vulnerability], poses a significant threat to the confidentiality, integrity, and availability of the application and its data."]`
## 7. Recommendations
`[Provide general recommendations for improving the application's security posture. These should be broader than the individual vulnerability remediation steps. For example:]`
* `Prioritize remediation of high-severity vulnerabilities.`
* `Implement a secure development lifecycle (SDLC).`
* `Conduct regular security testing and code reviews.`
* `Provide security awareness training to developers.`
* `Establish and maintain a vulnerability management program.`
## 8. Disclaimer
`[Include a disclaimer stating the limitations of the security assessment. For example: "This security assessment was conducted based on the information available at the time of the assessment and is limited to the scope defined in section 2. The findings and recommendations presented in this report are intended to improve the security posture of the application but do not guarantee complete security. The security of an application is an ongoing process, and continuous monitoring and improvement are essential."]`