pt-nuclei-template-creation
Nuclei Template Creation
Authorized Use Only
Run generated templates only against targets explicitly in scope. Templates that send payloads (SSRF callbacks, command injection probes, authentication attempts) must respect the same rules of engagement as manual testing. Validate on an approved test host before scanning production.
Objectives
- Convert a confirmed finding into a YAML template with low-to-zero false positives.
- Produce a template that validates against the official JSON schema and passes
nuclei -validate. - Document severity, remediation, and references so the template is report-ready.
- Minimize request count and avoid destructive payloads.
Workflow
- Gather inputs:
- Exact request that triggers the condition (method, path, headers, body)
- Exact response signal that confirms it (status, body string, header, timing)
- CVE/CWE IDs, vendor, product, affected versions, references
More from santosomar/ethical-hacking-agent-skills
pt-scanning
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
1pt-report-creation
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
1pt-fuzzing-web-api
Performs authorized fuzzing of web applications and APIs to discover input validation failures, parser bugs, and stability issues. Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs.
1pt-analysis-reporting
Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.
1pt-post-exploitation
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
1pt-maintaining-access
Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.
1