performing-penetration-testing

Solid

This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

## Overview This skill automates the process of penetration testing for web applications, identifying vulnerabilities and suggesting exploitation techniques. It leverages the penetration-tester plugin to assess web application security posture. ## How It Works 1. **Target Identification**: Analyzes the user's request to identify the target web application or API endpoint. 2. **Vulnerability Scanning**: Executes automated scans to discover potential vulnerabilities, covering OWASP Top 10 risks. 3. **Reporting**: Generates a detailed penetration test report, including identified vulnerabilities, risk ratings, and remediation recommendations. ## When to Use This Skill This skill activates when you need to: - Perform a penetration test on a web application. - Identify vulnerabilities in a web application or API. - Assess the security posture of a web application. - Generate a report detailing security flaws and remediation steps. ## Examples ### Example 1: Performing a Full Penetration Test User request: "Run a penetration test on example.com" The skill will: 1. Initiate a comprehensive penetration test on the specified domain. 2. Generate a detailed report outlining identified vulnerabilities, including SQL injection, XSS, and CSRF. ### Example 2: Assessing API Security User request: "Perform vulnerability assessment on the /api/users endpoint" The skill will: 1. Target the specified API endpoint for vulnerability scanning. 2. Identify potential security flaws in the...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Solid

performing-security-testing

This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans. The skill covers OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws. Use this skill when the user mentions "security test", "vulnerability scan", "OWASP", "SQL injection", "XSS", "CSRF", "authentication", or "authorization" in the context of application or API testing.

2,266 Updated today
jeremylongshore
Testing & QA Solid

security-pen-testing

Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.

16,642 Updated yesterday
alirezarezvani
AI & Automation Solid

penetration-test-planner

Plan penetration test planner operations. Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category. Use when writing or running tests. Trigger with phrases like "penetration test planner", "penetration planner", "penetration".

2,266 Updated today
jeremylongshore
AI & Automation Solid

scanning-for-vulnerabilities

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

2,266 Updated today
jeremylongshore
AI & Automation Solid

top-100-web-vulnerabilities-reference

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.

4,215 Updated today
zebbern