arbazkhan971/pentest
skills/pentest/SKILL.md
Penetration testing (OWASP methodology).
$ install --global
skillsauthnpx skillsauth add arbazkhan971/godmode pentestInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 3:15 AM4.9s1 file scanned
SKILL.md
- name:
- pentest
- description:
- Penetration testing (OWASP methodology).
Activate When
/godmode:pentest, "penetration test", "security test"- "find exploits", "hack test", "red team exercise"
- Preparing for security assessment or compliance audit
Workflow
0. Authorization (MANDATORY)
NEVER test without explicit authorization.
Scope: <in-scope targets, out-of-scope exclusions>
IF NOT authorized: stop immediately.
1. Reconnaissance
# Endpoint discovery
curl -s <target>/robots.txt
curl -s <target>/sitemap.xml
# Technology detection
curl -sI <target> | grep -iE "server|x-powered"
Passive: DNS, WHOIS, public repos, tech stack. Active: endpoint enumeration, API discovery.
2. OWASP Top 10 Testing
A01 Broken Access Control:
[ ] Horizontal escalation (change user ID)
[ ] Vertical escalation (user -> admin)
[ ] IDOR (direct object references)
A02 Cryptographic Failures:
[ ] HTTP (not HTTPS) data transmission
[ ] Weak algorithms (MD5, SHA1 for passwords)
A03 Injection:
[ ] SQL injection (parameterized? or string concat)
[ ] XSS (stored, reflected, DOM-based)
[ ] Command injection (user input in exec/system)
A05 Security Misconfiguration:
[ ] Default credentials
[ ] Debug mode in production
[ ] Directory listing enabled
[ ] Stack traces in error responses
A07 Authentication Failures:
[ ] Brute force (no rate limiting/lockout)
[ ] Weak password policy (< 8 chars allowed)
[ ] Session fixation
IF finding severity >= HIGH: create PoC immediately. IF > 3 CRITICAL findings: stop testing, report.
3. API Security Testing
Auth: API accessible without auth?
Token leakage in logs/URLs?
Token valid after password change?
AuthZ: BOLA (change object IDs)
BFLA (admin endpoints as regular user)
Mass assignment (extra fields in body)
Input: oversized payloads (> 1MB JSON)
Deeply nested JSON (> 100 levels)
Rate limiting absent
4. Proof of Concept Format
FINDING <N>:
Vulnerability: <title>
Category: <OWASP ID>
Severity: CRITICAL|HIGH|MEDIUM|LOW
CVSS: <0.0-10.0>
Steps to reproduce:
1. <exact request/action>
2. <observed response>
Impact: confidentiality/integrity/availability
Exploitability: trivial|moderate|complex
IF cannot reproduce after 2 attempts: discard finding. IF requires unrealistic preconditions: downgrade severity.
5. Remediation
FINDING <N> REMEDIATION:
File: <file:line>
Current (vulnerable): <code>
Fixed: <code>
Why: <security control added>
Verify: <test confirming fix works>
ALWAYS provide concrete code fix, not "sanitize input".
6. Penetration Test Report
Target: <app/system>
Risk Rating: CRITICAL|HIGH|MODERATE|LOW|MINIMAL
Findings: <N>C <N>H <N>M <N>L <N>I
Coverage: 12 OWASP categories tested
Remediation priority:
IMMEDIATE (24h): critical findings
SHORT-TERM (1wk): high findings
MEDIUM-TERM (1mo): medium findings
Verdict: PASS|CONDITIONAL PASS|FAIL
PASS: 0 critical/high, all medium have remediation. CONDITIONAL: 0 critical, high has remediation in progress. FAIL: any critical exists or < 8 categories tested.
<!-- tier-3 -->Quality Targets
- Target: 0 critical/high severity findings in production
- OWASP Top 10: 100% coverage in security scan
- SQL injection test: 0 vulnerable endpoints
Hard Rules
- NEVER test without explicit authorization.
- NEVER use destructive payloads (DROP TABLE, rm -rf).
- NEVER exfiltrate real user data.
- NEVER inflate severity ratings.
- NEVER skip the formal report.
- ALWAYS reproducible steps for every finding.
- ALWAYS concrete remediation code.
- ALWAYS retest after remediation.
TSV Logging
Append .godmode/pentest-results.tsv:
timestamp target categories_tested critical high medium verdict
Keep/Discard
KEEP if: exploit produces observable evidence AND
reproducible AND severity justified by impact.
DISCARD if: cannot reproduce after 2 attempts OR
unrealistic preconditions OR duplicate root cause.
Stop Conditions
STOP when FIRST of:
- All 12 OWASP categories evaluated
- Every finding has PoC + remediation code
- Formal report generated
Autonomous Operation
On failure: git reset --hard HEAD~1. Never pause.
Error Recovery
| Failure | Action | |--|--| | Too many false positives | Tune scanner, verify manually | | Service disruption | Reduce intensity, use staging | | Cannot reproduce | Document exact steps, check WAF |
Related Skills
arbazkhan971/webperf
development
VerifiedTrustedCommunity
Web performance optimization. Lighthouse, bundle analysis, code splitting, image optimization, critical CSS, fonts, service workers, CDN.
10SKILL.mdUpdated Apr 26, 2026
arbazkhan971/webhook
development
VerifiedTrustedCommunity
Webhook design, delivery, retry, HMAC verification, event subscriptions, dead letter queues.
10SKILL.mdUpdated Apr 26, 2026
arbazkhan971/vue
development
VerifiedTrustedCommunity
Vue.js mastery. Composition API, Pinia, Vue Router, Nuxt SSR/SSG, Vite optimization, testing.
10SKILL.mdUpdated Apr 26, 2026
arbazkhan971/verify
development
VerifiedTrustedCommunity
Evidence gate. Run command, read full output, confirm or deny claim. No trust, only proof.
10SKILL.mdUpdated Apr 26, 2026