jd-opensource/pentest-config-hardening
skills/pentest-config-hardening/SKILL.md
Security header auditing, TLS configuration testing, HTTP method analysis, CSP bypass assessment, and deployment hardening verification.
$ install --global
skillsauthnpx skillsauth add jd-opensource/joysafeter pentest-config-hardeningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:18 AM4.2s3 files scanned
SKILL.md
- name:
- pentest-config-hardening
- description:
- Security header auditing, TLS configuration testing, HTTP method analysis, CSP bypass assessment, and deployment hardening verification.
Pentest Config Hardening
Purpose
Shannon checks only 2 of 14 WSTG-CONF items. The remaining 12 are "low-hanging fruit" findings expected in every professional pentest report — straightforward to test systematically.
Prerequisites
Authorization Requirements
- Written authorization with infrastructure testing scope
- Target URL list for all web-facing endpoints
- CDN/WAF awareness — some headers may be set by infrastructure, not application
Environment Setup
- testssl.sh for comprehensive TLS analysis
- nmap with ssl-enum-ciphers script
- curl for manual header inspection
- nuclei with misconfig templates
Core Workflow
- HTTP Security Headers: Audit HSTS (+ preload), CSP policy analysis, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORP/COEP/COOP (WSTG-CONF-07/14).
- TLS Configuration: Protocol versions (TLS 1.0/1.1 deprecation), cipher suite strength, certificate validity, HSTS preload status, certificate transparency.
- HTTP Method Handling: OPTIONS enumeration, PUT/DELETE on static resources, TRACE for XST, method override headers (WSTG-CONF-06).
- Infrastructure Exposure: Admin interfaces (WSTG-CONF-05), default credentials on management consoles, exposed monitoring endpoints (/metrics, /health, /debug).
- Cloud Storage Misconfig: Public S3 buckets, Azure blob containers, GCP storage referenced in app code or responses (WSTG-CONF-11).
- CSP Bypass Analysis: unsafe-inline, unsafe-eval, overly broad source lists, JSONP on allowed domains, missing base-uri (WSTG-CONF-12).
- Cookie Security: Secure flag, HttpOnly flag, SameSite attribute, cookie scope, session cookie entropy.
WSTG Coverage
| WSTG ID | Test Name | Status | |---------|-----------|--------| | WSTG-CONF-02 | Test Application Platform Configuration | ✅ | | WSTG-CONF-03 | Test File Extensions Handling | ✅ | | WSTG-CONF-04 | Review Old Backup and Unreferenced Files | ✅ | | WSTG-CONF-05 | Enumerate Infrastructure and Admin Interfaces | ✅ | | WSTG-CONF-06 | Test HTTP Methods | ✅ | | WSTG-CONF-07 | Test HTTP Strict Transport Security | ✅ | | WSTG-CONF-08 | Test RIA Cross Domain Policy | ✅ | | WSTG-CONF-09 | Test File Permission | ✅ | | WSTG-CONF-11 | Test Cloud Storage | ✅ | | WSTG-CONF-12 | Test Content Security Policy | ✅ | | WSTG-CONF-13 | Test for Subdomain Takeover | ✅ | | WSTG-CONF-14 | Test Security Headers | ✅ |
Tool Categories
| Category | Tools | Purpose | |----------|-------|---------| | TLS Testing | testssl.sh, nmap ssl-enum-ciphers | Protocol and cipher analysis | | Header Audit | SecurityHeaders.com API, Mozilla Observatory | Security header grading | | Method Testing | curl, nmap http-methods | HTTP method enumeration | | CSP Analysis | CSP Evaluator, custom scripts | CSP bypass assessment | | Cloud Storage | S3Scanner, cloud_enum | Public bucket detection | | Subdomain | subjack, can-i-take-over-xyz | Subdomain takeover detection |
References
references/tools.md- Tool function signatures and parametersreferences/workflows.md- Attack pattern definitions and test vectors
Related Skills
jd-opensource/xlsx
development
VerifiedTrustedCommunity
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
238SKILL.mdUpdated Apr 6, 2026
jd-opensource/writing-plans
development
VerifiedTrustedCommunity
Use when you have a spec or requirements for a multi-step task, before touching code
238SKILL.mdUpdated Apr 6, 2026
jd-opensource/skill-security-auditor
testing
VerifiedTrustedCommunity
OpenClaw Skills 全方位安全审计工具,检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险
238SKILL.mdUpdated Apr 6, 2026
jd-opensource/skill-creator
tools
VerifiedTrustedCommunity
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends an agent's capabilities with specialized knowledge, workflows, or tool integrations.
238SKILL.mdUpdated Apr 6, 2026