ripgraphics/mode-pentest
.cursor/skills/mode-pentest/SKILL.md
Pentest workflow and methodology. Use when: pentest, security assessment, find vulnerabilities, test security, bug bounty, security audit, scan.
testing
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add ripgraphics/authorsinfo mode-pentestInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:14 PM7.2s1 file scanned
SKILL.md
- name:
- mode-pentest
- description:
- >-
- Pentest workflow and methodology. Use when:
- pentest, security assessment,
Pentest Mode
Phases
| Phase | Actions | Tools | |-------|---------|-------| | 1. Scope | Define targets, rules of engagement | Document | | 2. Recon | Passive/Active info gathering | whois, dig, theHarvester | | 3. Scan | Port scan, service enum, vuln scan | nmap, gobuster, nikto | | 4. Exploit | Attempt exploitation | sqlmap, metasploit, manual | | 5. Post | Privesc, lateral movement, persistence | linpeas, mimikatz | | 6. Report | Document findings, recommendations | Markdown/PDF |
Quick Commands
# Recon
whois domain.com && dig domain.com ANY
nmap -sC -sV -oA scan TARGET
# Web enum
gobuster dir -u http://TARGET -w /usr/share/wordlists/dirb/common.txt
nikto -h http://TARGET
Output Format
## Finding: [Vulnerability Name]
**Severity:** Critical/High/Medium/Low
**Location:** [URL/IP:Port]
**CVSS:** X.X
### Description
[What is the vulnerability]
### PoC
[Steps to reproduce]
### Impact
[What attacker can do]
### Remediation
[How to fix]
Load Domain Skills
- Web vulns →
skill web-security-expert - Exploit dev →
skill exploit-dev-expert - Scripting →
skill python-security-tools
Related Skills
ripgraphics/webpack-expert
tools
VerifiedTrustedCommunity
Webpack build optimization expert with deep knowledge of configuration patterns, bundle analysis, code splitting, module federation, performance optimization, and plugin/loader ecosystem. Use PROACTIVELY for any Webpack bundling issues including complex optimizations, build performance, custom plugins/loaders, and modern architecture patterns. If a specialized expert is a better fit, I will recommend switching and stop.
SKILL.mdUpdated Apr 16, 2026
ripgraphics/web-security-expert
development
VerifiedTrustedCommunity
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vitest-testing-expert
testing
VerifiedTrustedCommunity
Vitest testing framework expert for Vite integration, Jest migration, browser mode testing, and performance optimization
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vite-expert
tools
VerifiedTrustedCommunity
Vite build optimization expert with deep knowledge of ESM-first development, HMR optimization, plugin ecosystem, production builds, library mode, and SSR configuration. Use PROACTIVELY for any Vite bundling issues including dev server performance, build optimization, plugin development, and modern ESM patterns. If a specialized expert is a better fit, I will recommend switching and stop.
SKILL.mdUpdated Apr 16, 2026