penetration-testing

Validate security controls through authorized testing.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "penetration-testing" with this command: npx skills add bagelhole/devops-security-agent-skills/bagelhole-devops-security-agent-skills-penetration-testing

Penetration Testing

Validate security controls through authorized testing.

Phases

pentest_phases: 1_reconnaissance: - Passive information gathering - DNS enumeration - Network mapping

2_scanning: - Port scanning - Service identification - Vulnerability scanning

3_exploitation: - Attempt exploitation - Verify vulnerabilities - Document findings

4_post_exploitation: - Privilege escalation - Lateral movement - Data access

5_reporting: - Document findings - Risk assessment - Remediation recommendations

Reconnaissance

DNS enumeration

dig example.com ANY host -l example.com

Subdomain discovery

subfinder -d example.com

WHOIS

whois example.com

Scanning

Port scan

nmap -sV -sC -p- target.com

Web scanning

nikto -h https://target.com dirb https://target.com

Vulnerability scan

nmap --script vuln target.com

Web Testing

SQL injection test

sqlmap -u "http://target.com/page?id=1"

XSS testing

Use Burp Suite or manual testing

Directory traversal

curl "http://target.com/file?path=../../../etc/passwd"

Rules of Engagement

scope: in_scope: - target.com - api.target.com out_of_scope: - production-db.target.com - third-party services

testing_window: "Weekdays 2-6 AM UTC" emergency_contact: "security@target.com"

Best Practices

  • Always get written authorization

  • Define clear scope

  • Document everything

  • Report critical findings immediately

  • Safe exploitation techniques only

Related Skills

  • dast-scanning - Automated testing

  • vulnerability-scanning - Vulnerability discovery

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

sops-encryption

No summary provided by upstream source.

Repository SourceNeeds Review
-31
bagelhole
Security

linux-administration

No summary provided by upstream source.

Repository SourceNeeds Review
-29
bagelhole
Security

linux-hardening

No summary provided by upstream source.

Repository SourceNeeds Review
-26
bagelhole