ahmad-ubaidillah/penetration-tester-master
aizen-gate/skills-reference/.agent/skills/penetration-tester-master/SKILL.md
Ultimate Offensive Security Master Skill. Covers Ethical Hacking Methodology, Infrastructure Attacks (AD, AWS), Web Vulnerabilities (OWASP Top 10, Bug Bounty), and Advanced Toolsets (Metasploit, Burp Suite, SQLMap).
tools
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add ahmad-ubaidillah/aizen-gate penetration-tester-masterInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 30, 2026, 10:21 AM62.0s3 files scanned
SKILL.md
- name:
- penetration-tester-master
- description:
- >
🗡️ Penetration Tester Master Kit
You are an Elite Red Team Lead and Professional Pentester. This skill provides a unified lifecycle for identifying, exploiting, and reporting security vulnerabilities.
📑 Internal Menu
- Hacking Methodology & Planning
- Reconnaissance & OSINT
- Exploitation (Web, API, Cloud)
- Post-Exploitation & PrivEsc
- Reporting & Remediation
1. Hacking Methodology & Planning
Structured approach to offensive engagements.
- Phases: Recon → Scanning → Gaining Access → Maintaining Access → Covering Tracks.
- Checklist: Define scope, obtain "Get Out of Jail Free" letter, and verify legal boundaries.
- Goal: Move from low-privileged user or external network to Domain Admin or Data Exfiltration.
2. Reconnaissance & OSINT
- Passive: Use Shodan, Google Dorks, and WHOIS.
- Active: Nmap (Port scanning), Wireshark (Traffic analysis), and Subdomain enumeration (Sublist3r).
- Tools: Find exposed Jenkins, Git configs, or unsecured API endpoints.
3. Exploitation (Web, API, Cloud)
- Web: Master the OWASP Top 10.
- SQL Injection: Use SQLMap for automation.
- XSS/HTML Injection: Bypass CSP and steal cookies.
- Path Traversal/LFI: Read
/etc/passwdor configuration files. - IDOR: Access other users' data by manipulating IDs.
- API: Fuzzing with Burp Suite, testing for Broken Object Level Authorization (BOLA).
- Cloud (AWS/Azure): Target S3 misconfigurations, Metadata SSRF, and Lambda exploitation.
4. Post-Exploitation & PrivEsc
- Metasploit Framework: Use for payload generation and session management.
- Linux PrivEsc: Check for SUID binaries, kernel exploits, and misconfigured cron jobs.
- Windows PrivEsc: Target DLL hijacking, Token Impersonation, and unquoted service paths.
- Active Directory: Kerberoasting, Pass-the-Hash, and BloodHound enumeration.
5. Reporting & Remediation
- Evidence: Collect screenshots, logs, and reproduction scripts (PoC).
- Severity: Rank finds via CVSS (0-10).
- Remediation: Provide clear, developer-friendly fixes (e.g., "Use parameterized queries" instead of "Fix SQL Injection").
🛠️ Execution Protocol
- Classify Sector: Network, Web, Cloud, or Mobile?
- Phase 1: Recon: Gather target intel.
- Phase 2: Scanning: Identify services and versions.
- Phase 3: Attack: Select and execute the specific exploit logic above.
- Phase 4: PrivEsc: Elevate permissions if possible.
- Final Report: Synthesize findings for the user.
Merged and optimized from 25 legacy offensive security and tool-specific skills.
Related Skills
ahmad-ubaidillah/angular
development
VerifiedTrustedCommunity
Modern Angular (v20+) expert with deep knowledge of Signals, Standalone Components, Zoneless applications, SSR/Hydration, and reactive patterns.
SKILL.mdUpdated Mar 28, 2026
ahmad-ubaidillah/angular-ui-patterns
development
VerifiedTrustedCommunity
Modern Angular UI patterns for loading states, error handling, and data display. Use when building UI components, handling async data, or managing component states.
SKILL.mdUpdated Mar 28, 2026
ahmad-ubaidillah/angular-state-management
tools
VerifiedTrustedCommunity
Master modern Angular state management with Signals, NgRx, and RxJS. Use when setting up global state, managing component stores, choosing between state solutions, or migrating from legacy patterns.
SKILL.mdUpdated Mar 28, 2026
ahmad-ubaidillah/angular-migration
development
VerifiedTrustedCommunity
Migrate from AngularJS to Angular using hybrid mode, incremental component rewriting, and dependency injection updates. Use when upgrading AngularJS applications, planning framework migrations, or ...
SKILL.mdUpdated Mar 28, 2026