penetration-testing
1
总安装量
1
周安装量
#49946
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill penetration-testing
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
Penetration Testing
Validate security controls through authorized testing.
Phases
pentest_phases:
1_reconnaissance:
- Passive information gathering
- DNS enumeration
- Network mapping
2_scanning:
- Port scanning
- Service identification
- Vulnerability scanning
3_exploitation:
- Attempt exploitation
- Verify vulnerabilities
- Document findings
4_post_exploitation:
- Privilege escalation
- Lateral movement
- Data access
5_reporting:
- Document findings
- Risk assessment
- Remediation recommendations
Reconnaissance
# DNS enumeration
dig example.com ANY
host -l example.com
# Subdomain discovery
subfinder -d example.com
# WHOIS
whois example.com
Scanning
# Port scan
nmap -sV -sC -p- target.com
# Web scanning
nikto -h https://target.com
dirb https://target.com
# Vulnerability scan
nmap --script vuln target.com
Web Testing
# SQL injection test
sqlmap -u "http://target.com/page?id=1"
# XSS testing
# Use Burp Suite or manual testing
# Directory traversal
curl "http://target.com/file?path=../../../etc/passwd"
Rules of Engagement
scope:
in_scope:
- target.com
- api.target.com
out_of_scope:
- production-db.target.com
- third-party services
testing_window: "Weekdays 2-6 AM UTC"
emergency_contact: "security@target.com"
Best Practices
- Always get written authorization
- Define clear scope
- Document everything
- Report critical findings immediately
- Safe exploitation techniques only
Related Skills
- dast-scanning – Automated testing
- vulnerability-scanning – Vulnerability discovery