pt-post-exploitation
Post-Exploitation
Authorized Use Only
Run post-exploitation tasks only after explicit approval for this phase. Keep actions controlled, reversible, and auditable. Avoid destructive changes and unnecessary access to sensitive data.
Objectives
- Measure realistic impact after initial access.
- Evaluate privilege escalation and lateral movement opportunities.
- Identify credential and data exposure paths.
- Assess logging, detection, and response effectiveness.
Workflow
- Confirm phase boundaries:
- Allowed techniques, prohibited actions, and stop conditions
- Approved systems, accounts, and time windows
- Stabilize foothold context:
More from santosomar/ethical-hacking-agent-skills
pt-scanning
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
1pt-report-creation
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
1pt-fuzzing-web-api
Performs authorized fuzzing of web applications and APIs to discover input validation failures, parser bugs, and stability issues. Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs.
1pt-analysis-reporting
Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.
1pt-maintaining-access
Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.
1pt-lotl-techniques
Demonstrates Living-off-the-Land (LotL) techniques using native OS tools to simulate realistic threat actor behavior during authorized penetration tests. Use when proving attack feasibility without custom malware, testing detection coverage, and validating what a real adversary could achieve with only built-in system capabilities.
1