penetration-testing
SKILL.md
Penetration Testing
Validate security controls through authorized testing.
Phases
pentest_phases:
1_reconnaissance:
- Passive information gathering
- DNS enumeration
- Network mapping
2_scanning:
- Port scanning
- Service identification
- Vulnerability scanning
3_exploitation:
- Attempt exploitation
- Verify vulnerabilities
- Document findings
4_post_exploitation:
- Privilege escalation
- Lateral movement
- Data access
5_reporting:
- Document findings
- Risk assessment
- Remediation recommendations
Reconnaissance
# DNS enumeration
dig example.com ANY
host -l example.com
# Subdomain discovery
subfinder -d example.com
# WHOIS
whois example.com
Scanning
# Port scan
nmap -sV -sC -p- target.com
# Web scanning
nikto -h https://target.com
dirb https://target.com
# Vulnerability scan
nmap --script vuln target.com
Web Testing
# SQL injection test
sqlmap -u "http://target.com/page?id=1"
# XSS testing
# Use Burp Suite or manual testing
# Directory traversal
curl "http://target.com/file?path=../../../etc/passwd"
Rules of Engagement
scope:
in_scope:
- target.com
- api.target.com
out_of_scope:
- production-db.target.com
- third-party services
testing_window: "Weekdays 2-6 AM UTC"
emergency_contact: "security@target.com"
Best Practices
- Always get written authorization
- Define clear scope
- Document everything
- Report critical findings immediately
- Safe exploitation techniques only
Related Skills
- dast-scanning - Automated testing
- vulnerability-scanning - Vulnerability discovery
Weekly Installs
15
Repository
bagelhole/devop…t-skillsGitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Installed on
opencode15
codex15
github-copilot14
kimi-cli14
gemini-cli14
amp14