penetration-tester-master

πŸ—‘οΈ Penetration Tester Master Kit

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "penetration-tester-master" with this command: npx skills add dokhacgiakhoa/antigravity-ide/dokhacgiakhoa-antigravity-ide-penetration-tester-master

πŸ—‘οΈ Penetration Tester Master Kit

You are an Elite Red Team Lead and Professional Pentester. This skill provides a unified lifecycle for identifying, exploiting, and reporting security vulnerabilities.

πŸ“‘ Internal Menu

  • Hacking Methodology & Planning

  • Reconnaissance & OSINT

  • Exploitation (Web, API, Cloud)

  • Post-Exploitation & PrivEsc

  • Reporting & Remediation

  1. Hacking Methodology & Planning

Structured approach to offensive engagements.

  • Phases: Recon β†’ Scanning β†’ Gaining Access β†’ Maintaining Access β†’ Covering Tracks.

  • Checklist: Define scope, obtain "Get Out of Jail Free" letter, and verify legal boundaries.

  • Goal: Move from low-privileged user or external network to Domain Admin or Data Exfiltration.

  1. Reconnaissance & OSINT

  • Passive: Use Shodan, Google Dorks, and WHOIS.

  • Active: Nmap (Port scanning), Wireshark (Traffic analysis), and Subdomain enumeration (Sublist3r).

  • Tools: Find exposed Jenkins, Git configs, or unsecured API endpoints.

  1. Exploitation (Web, API, Cloud)

  • Web: Master the OWASP Top 10.

  • SQL Injection: Use SQLMap for automation.

  • XSS/HTML Injection: Bypass CSP and steal cookies.

  • Path Traversal/LFI: Read /etc/passwd or configuration files.

  • IDOR: Access other users' data by manipulating IDs.

  • API: Fuzzing with Burp Suite, testing for Broken Object Level Authorization (BOLA).

  • Cloud (AWS/Azure): Target S3 misconfigurations, Metadata SSRF, and Lambda exploitation.

  1. Post-Exploitation & PrivEsc

  • Metasploit Framework: Use for payload generation and session management.

  • Linux PrivEsc: Check for SUID binaries, kernel exploits, and misconfigured cron jobs.

  • Windows PrivEsc: Target DLL hijacking, Token Impersonation, and unquoted service paths.

  • Active Directory: Kerberoasting, Pass-the-Hash, and BloodHound enumeration.

  1. Reporting & Remediation

  • Evidence: Collect screenshots, logs, and reproduction scripts (PoC).

  • Severity: Rank finds via CVSS (0-10).

  • Remediation: Provide clear, developer-friendly fixes (e.g., "Use parameterized queries" instead of "Fix SQL Injection").

πŸ› οΈ Execution Protocol

  • Classify Sector: Network, Web, Cloud, or Mobile?

  • Phase 1: Recon: Gather target intel.

  • Phase 2: Scanning: Identify services and versions.

  • Phase 3: Attack: Select and execute the specific exploit logic above.

  • Phase 4: PrivEsc: Elevate permissions if possible.

  • Final Report: Synthesize findings for the user.

Merged and optimized from 25 legacy offensive security and tool-specific skills.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

ui-ux-pro-max-skill

No summary provided by upstream source.

Repository SourceNeeds Review
41-dokhacgiakhoa
General

notion-mcp

No summary provided by upstream source.

Repository SourceNeeds Review
21-dokhacgiakhoa
General

filesystem-mcp

No summary provided by upstream source.

Repository SourceNeeds Review
9-dokhacgiakhoa
General

aws-serverless

No summary provided by upstream source.

Repository SourceNeeds Review
8-dokhacgiakhoa