ripgraphics/pentest-expert
.cursor/skills/pentest-expert/SKILL.md
Penetration testing methodology expert. OWASP, PTES, reconnaissance, scanning, exploitation, reporting. Use for security assessments.
testing
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add ripgraphics/authorsinfo pentest-expertInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:15 PM5.6s1 file scanned
SKILL.md
- name:
- pentest-expert
- description:
- >-
Pentest Expert
Methodology
1. Reconnaissance
# Passive
whois target.com
dig target.com ANY +noall +answer
host -t mx target.com
theHarvester -d target.com -b google,bing,linkedin
# Active
nmap -sn 192.168.1.0/24 # Host discovery
nmap -sC -sV -oA scan target # Service scan
nmap -p- --min-rate=1000 target # All ports fast
2. Web Enumeration
# Directory brute
gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt
feroxbuster -u http://target -w wordlist.txt
# Subdomain enum
subfinder -d target.com
amass enum -d target.com
# Tech detection
whatweb http://target
wappalyzer http://target
3. Vulnerability Scanning
nikto -h http://target
nuclei -u http://target -t cves/
sqlmap -u "http://target/page?id=1" --batch
Severity Rating
| Level | CVSS | Examples | |-------|------|----------| | Critical | 9.0-10.0 | RCE, Auth bypass, SQLi with data | | High | 7.0-8.9 | Stored XSS, IDOR with sensitive data | | Medium | 4.0-6.9 | Reflected XSS, Info disclosure | | Low | 0.1-3.9 | Missing headers, version disclosure |
Report Structure
- Executive Summary
- Scope & Methodology
- Findings (sorted by severity)
- Remediation Recommendations
- Appendix (raw data, screenshots)
Related Skills
ripgraphics/webpack-expert
tools
VerifiedTrustedCommunity
Webpack build optimization expert with deep knowledge of configuration patterns, bundle analysis, code splitting, module federation, performance optimization, and plugin/loader ecosystem. Use PROACTIVELY for any Webpack bundling issues including complex optimizations, build performance, custom plugins/loaders, and modern architecture patterns. If a specialized expert is a better fit, I will recommend switching and stop.
SKILL.mdUpdated Apr 16, 2026
ripgraphics/web-security-expert
development
VerifiedTrustedCommunity
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vitest-testing-expert
testing
VerifiedTrustedCommunity
Vitest testing framework expert for Vite integration, Jest migration, browser mode testing, and performance optimization
SKILL.mdUpdated Apr 16, 2026
ripgraphics/vite-expert
tools
VerifiedTrustedCommunity
Vite build optimization expert with deep knowledge of ESM-first development, HMR optimization, plugin ecosystem, production builds, library mode, and SSR configuration. Use PROACTIVELY for any Vite bundling issues including dev server performance, build optimization, plugin development, and modern ESM patterns. If a specialized expert is a better fit, I will recommend switching and stop.
SKILL.mdUpdated Apr 16, 2026