pentest-config-hardening

Security header auditing, TLS configuration testing, HTTP method analysis, CSP bypass assessment, and deployment hardening verification.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pentest-config-hardening" with this command: npx skills add jd-opensource/joysafeter/jd-opensource-joysafeter-pentest-config-hardening

Pentest Config Hardening

Purpose

Shannon checks only 2 of 14 WSTG-CONF items. The remaining 12 are "low-hanging fruit" findings expected in every professional pentest report — straightforward to test systematically.

Prerequisites

Authorization Requirements

  • Written authorization with infrastructure testing scope
  • Target URL list for all web-facing endpoints
  • CDN/WAF awareness — some headers may be set by infrastructure, not application

Environment Setup

  • testssl.sh for comprehensive TLS analysis
  • nmap with ssl-enum-ciphers script
  • curl for manual header inspection
  • nuclei with misconfig templates

Core Workflow

  1. HTTP Security Headers: Audit HSTS (+ preload), CSP policy analysis, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORP/COEP/COOP (WSTG-CONF-07/14).
  2. TLS Configuration: Protocol versions (TLS 1.0/1.1 deprecation), cipher suite strength, certificate validity, HSTS preload status, certificate transparency.
  3. HTTP Method Handling: OPTIONS enumeration, PUT/DELETE on static resources, TRACE for XST, method override headers (WSTG-CONF-06).
  4. Infrastructure Exposure: Admin interfaces (WSTG-CONF-05), default credentials on management consoles, exposed monitoring endpoints (/metrics, /health, /debug).
  5. Cloud Storage Misconfig: Public S3 buckets, Azure blob containers, GCP storage referenced in app code or responses (WSTG-CONF-11).
  6. CSP Bypass Analysis: unsafe-inline, unsafe-eval, overly broad source lists, JSONP on allowed domains, missing base-uri (WSTG-CONF-12).
  7. Cookie Security: Secure flag, HttpOnly flag, SameSite attribute, cookie scope, session cookie entropy.

WSTG Coverage

WSTG IDTest NameStatus
WSTG-CONF-02Test Application Platform Configuration
WSTG-CONF-03Test File Extensions Handling
WSTG-CONF-04Review Old Backup and Unreferenced Files
WSTG-CONF-05Enumerate Infrastructure and Admin Interfaces
WSTG-CONF-06Test HTTP Methods
WSTG-CONF-07Test HTTP Strict Transport Security
WSTG-CONF-08Test RIA Cross Domain Policy
WSTG-CONF-09Test File Permission
WSTG-CONF-11Test Cloud Storage
WSTG-CONF-12Test Content Security Policy
WSTG-CONF-13Test for Subdomain Takeover
WSTG-CONF-14Test Security Headers

Tool Categories

CategoryToolsPurpose
TLS Testingtestssl.sh, nmap ssl-enum-ciphersProtocol and cipher analysis
Header AuditSecurityHeaders.com API, Mozilla ObservatorySecurity header grading
Method Testingcurl, nmap http-methodsHTTP method enumeration
CSP AnalysisCSP Evaluator, custom scriptsCSP bypass assessment
Cloud StorageS3Scanner, cloud_enumPublic bucket detection
Subdomainsubjack, can-i-take-over-xyzSubdomain takeover detection

References

  • references/tools.md - Tool function signatures and parameters
  • references/workflows.md - Attack pattern definitions and test vectors

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

pentest-ai-llm-security

No summary provided by upstream source.

Repository SourceNeeds Review
32-jd-opensource
General

pentest-osint-recon

No summary provided by upstream source.

Repository SourceNeeds Review
40-jd-opensource
General

pentest-mobile-app

No summary provided by upstream source.

Repository SourceNeeds Review
39-jd-opensource
General

pentest-exploit-validation

No summary provided by upstream source.

Repository SourceNeeds Review
36-jd-opensource