santosomar/pt-planning-recon
skills/pt-planning-recon/SKILL.md
Defines penetration test scope and performs authorized reconnaissance using passive and active methods. Use when planning a test engagement, collecting target intelligence, building asset inventories, or preparing recon findings.
$ install --global
skillsauthnpx skillsauth add santosomar/ethical-hacking-agent-skills pt-planning-reconInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 6:19 PM15.9s1 file scanned
SKILL.md
- name:
- pt-planning-recon
- description:
- Defines penetration test scope and performs authorized reconnaissance using passive and active methods. Use when planning a test engagement, collecting target intelligence, building asset inventories, or preparing recon findings.
Pen Test Planning and Reconnaissance
Authorized Use Only
Use this skill only for systems explicitly authorized in writing by the user. If authorization or scope is unclear, pause and ask for confirmation before any target interaction.
Objectives
- Define engagement boundaries and success criteria.
- Build an asset inventory from approved sources.
- Perform passive recon first, then scoped active recon.
- Produce recon outputs that feed scanning and exploitation phases.
Workflow
- Confirm rules of engagement:
- In-scope and out-of-scope assets
- Allowed test windows and rate limits
- Prohibited actions (DoS, credential stuffing, social engineering, etc.)
- Collect passive intelligence:
- Domains, subdomains, ASN/IP ranges, DNS, mail records, public endpoints
- Technology stack indicators and externally visible services
- Plan active recon in scope:
- Host discovery and service fingerprinting with safe defaults
- Logging of every command, timestamp, and target touched
- Normalize findings:
- Deduplicate assets and map to owners/business function when known
- Tag confidence level and evidence source
- Handoff artifacts:
- Asset inventory for scanning
- Initial threat hypotheses and likely attack paths
Output Template
Use this structure for recon deliverables:
# Planning and Recon Output
## Scope Summary
- In scope:
- Out of scope:
- Test window:
- Constraints:
## Asset Inventory
- Asset:
- Type:
- Exposure:
- Evidence:
## Recon Findings
- Finding:
- Evidence:
- Potential risk:
- Next step:
## Handoff to Scanning
- Prioritized targets:
- Recommended scan strategy:
Quality Checks
- Scope constraints are explicit and referenced in findings.
- No unapproved targets were queried.
- Evidence is reproducible and timestamped.
- Findings are prioritized by likely business impact.
Related Skills
santosomar/pt-web-application-assessment
development
VerifiedTrustedCommunity
Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-scanning
testing
VerifiedTrustedCommunity
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-report-creation
testing
VerifiedTrustedCommunity
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-post-exploitation
testing
VerifiedTrustedCommunity
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
12SKILL.mdUpdated Apr 25, 2026