explainx.ainewsletter3.4k
Testing

penetration-tester

404kidwiz/claude-supercode-skills · updated Apr 8, 2026

MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.

$npx skills add https://github.com/404kidwiz/claude-supercode-skills --skill penetration-tester
0 commentsdiscussion
summary

Provides ethical hacking and offensive security expertise specializing in vulnerability assessment and penetration testing across web applications, networks, and cloud infrastructure. Identifies and exploits security vulnerabilities before malicious actors can leverage them.

skill.md

Penetration Tester

Purpose

Provides ethical hacking and offensive security expertise specializing in vulnerability assessment and penetration testing across web applications, networks, and cloud infrastructure. Identifies and exploits security vulnerabilities before malicious actors can leverage them.

When to Use

  • Assessing the security posture of a web application, API, or network
  • Conducting a "Black Box", "Gray Box", or "White Box" penetration test
  • Validating findings from automated scanners (False Positive analysis)
  • Exploiting specific vulnerabilities (SQLi, XSS, SSRF, RCE) to prove impact
  • Performing reconnaissance and OSINT on a target
  • Auditing GraphQL or REST APIs for IDORs and logic flaws

2. Decision Framework

Testing Methodology Selection

What is the target?
├─ **Web Application**
│  ├─ API intensive? → **API Test** (Postman/Burp, focus on IDOR/Auth)
│  ├─ Legacy/Monolith? → **OWASP Top 10** (SQLi, XSS, Deserialization)
│  └─ Modern/SPA? → **Client-side attacks** (DOM XSS, CSTI, JWT)
├─ **Cloud Infrastructure**
│  ├─ AWS/Azure/GCP? → **Cloud Pentest** (Pacu, ScoutSuite, IAM privesc)
│  └─ Kubernetes? → **Container Breakout** (Capabilities, Role bindings)
└─ **Network / Internal**
   ├─ Active Directory? → **AD Assessment** (BloodHound, Kerberoasting)
   └─ External Perimeter? → **Recon + Service Exploitation** (Nmap, Metasploit)

Tool Selection Matrix

Phase Category Tool Recommendation
Recon Subdomain Enum Amass, Subfinder
Recon Content Discovery ffuf, dirsearch
Scanning Vulnerability Nuclei, Nessus, Burp Suite Pro
Exploitation Web Burp Suite, SQLMap
Exploitation Network Metasploit, NetExec
Post-Exploitation Windows/AD Mimikatz, BloodHound, Impacket

Severity Scoring (CVSS 3.1)

Severity Score Criteria Example
Critical 9.0 - 10.0 RCE, Auth Bypass, SQLi (Data dump) Remote Code Execution
High 7.0 - 8.9 Stored XSS, IDOR (Sensitive), SSRF Admin Account Takeover
Medium 4.0 - 6.9 Reflected XSS, CSRF, Info Disclosure Stack Trace leakage
Low 0.1 - 3.9 Cookie flags, Banner grabbing Missing HttpOnly flag

Red Flags → Escalate to legal-advisor:

  • Scope creep (Touching systems not in the contract)
  • Testing production during peak hours (DoS risk)
  • Accessing PII/PHI without authorization (Proof of Concept only)
  • Testing third-party SaaS providers without permission

3. Core Workflows

Workflow 1: Web Application Assessment (OWASP)

Goal: Identify critical vulnerabilities in a web app.

Steps:

  1. Reconnaissance

    # Subdomain discovery
subfinder -d target.com -o subdomains.txt

# Live host verification
httpx -l subdomains.txt -o live_hosts.txt

  2. Mapping & Discovery

    • Spider the application (Burp Suite).
    • Identify all entry points (Inputs, URL parameters, Headers).
    • Fuzzing: 
      ffuf -u https://target.com/FUZZ -w wordlist.txt -mc 200,403

  3. Vulnerability Hunting

    • SQL Injection: Test ' OR 1=1-- on login forms and IDs.
    • XSS: Test <script>alert(1)</script> in comments/search.
    • IDOR: Change user_id=100 to user_id=101.

  4. Exploitation (PoC)

    • Confirm vulnerability.
    • Document the request/response.
    • Estimate impact (Confidentiality, Integrity, Availability).

Workflow 3: Cloud Security Assessment (AWS)

Goal: Identify misconfigurations leading to privilege escalation.

Steps:

  1. Enumeration

    • Obtain credentials (leaked or provided).
    • Run ScoutSuite: 
      scout aws

  2. S3 Bucket Analysis

    • Check for public buckets.
    • Check for writable buckets (Authenticated Users).

  3. IAM Privilege Escalation

    • Analyze permissions. Look for iam:PassRole, ec2:CreateInstanceProfile.
    • Exploit: Create EC2 instance with Admin role, SSH in, steal metadata credentials.

5. Anti-Patterns & Gotchas

❌ Anti-Pattern 1: "Scanning is Pentesting"

What it looks like:

  • Running Nessus/Acunetix, exporting the PDF, and calling it a penetration test.

Why it fails:

  • Scanners miss business logic flaws (IDORs, Logic bypasses).
  • Scanners report false positives.
  • Clients pay for human expertise, not tool output.

Correct approach:

  • Use scanners for coverage (low hanging fruit).
  • Use manual testing for depth (critical flaws).

❌ Anti-Pattern 2: Destructive Testing in Production

What it looks like:

  • Running sqlmap --os-shell on a production database.
  • Running a high-thread dirbuster scan on a fragile server.

Why it fails:

  • Data corruption.
  • Denial of Service (DoS) for real users.
  • Legal liability.

Correct approach:

  • Read-only payloads where possible (e.g., SLEEP(5) instead of DROP TABLE).
  • Rate limit scanning tools.
  • Test in Staging whenever possible.

❌ Anti-Pattern 3: Ignoring Scope

What it looks like:

  • Testing admin.target.com when only www.target.com is in scope.
  • Phishing employees when social engineering was excluded.

Why it fails:

  • Breach of contract.
  • Potential criminal charges (CFAA).

Correct approach:

  • Always verify the Rules of Engagement (RoE).
  • If you find something interesting out of scope, ask for permission first.

Examples

Example 1: Web Application Security Assessment

Scenario: Conduct comprehensive OWASP Top 10 assessment for a financial services web application.

Testing Approach:

  1. Reconnaissance: Subdomain enumeration, technology stack identification
  2. Mapping: Full application spidering, endpoint discovery
  3. Vulnerability Scanning: Automated scanning with manual verification
  4. Exploitation: Proof-of-concept development for critical findings

Key Findings:

Vulnerability CVSS Impact Remediation
SQL Injection (Auth Bypass) 9.8 Full database access Parameterized queries
Stored XSS (Admin Panel) 8.1 Session hijacking Input sanitization
IDOR (Account Takeover) 7.5 Unauthorized access Authorization checks
Missing CSP Headers 5.3 XSS vulnerability Implement CSP

Remediation Validation:

  • Retested all findings after patch deployment
  • Verified no regression in functionality
  • Confirmed zero false positives in final report

Example 2: Cloud Infrastructure Assessment (AWS)

Scenario: Identify security misconfigurations in AWS production environment.

Assessment Approach:

  1. Enumeration: IAM policies, S3 bucket permissions, EC2 security groups
  2. Misconfiguration Analysis: ScoutSuite automated scanning
  3. Privilege Escalation: Tested for permission chaining attacks
  4. Exploitation: Validated critical findings with PoC

Critical Findings:

  • 3 S3 buckets with public read access
  • IAM user with excessive permissions (iam:PassRole → ec2:RunInstances)
  • Security groups allowing unrestricted SSH (0.0.0.0/0)
  • Unencrypted EBS volumes containing sensitive data

Business Impact:

  • Potential data breach exposure: 50,000+ customer records
  • Unauthorized compute resource creation risk
  • Compliance violations (PCI-DSS, SOC 2)

Remediation:

  • Implemented SCPs to restrict public bucket creation
  • Applied least privilege principles to IAM policies
  • Remediated all overly permissive security groups
  • Enabled encryption at rest for all EBS volumes

Example 3: API Penetration Testing (GraphQL)

Scenario: Security assessment of GraphQL API for healthcare application.

Testing Methodology:

  1. Introspection Analysis: Schema reconstruction and query analysis
  2. Authorization Testing: BOLA/IDOR vulnerabilities
  3. DoS Testing: Query complexity and batching attacks
  4. Bypass Attempts: Authentication and rate limit bypass

Findings:

Finding Severity Exploitability Remediation
BOLA (Broken Object Level Authorization) Critical Easy Add ownership verification
Introspection Enabled Medium N/A Disable in production
Query Depth Limit Missing High Easy Implement max depth
No Rate Limiting High Easy Add rate limiting

Demonstrated Impact:

  • Accessed any patient's medical records by manipulating ID parameter
  • Caused temporary DoS with deeply nested queries
  • Extracted sensitive metadata through introspection

Best Practices

Reconnaissance and Discovery

  • Thorough Enumeration: Leave no stone unturned in reconnaissance
  • Automated Tools: Use scanners for coverage, manual for depth
  • OSINT Integration: Leverage open-source intelligence
  • Scope Verification: Confirm targets before testing

Vulnerability Assessment

  • Manual Verification: Confirm all automated findings
  • False Positive Analysis: Validate true vulnerabilities
  • Business Logic Testing: Go beyond OWASP Top 10
  • Comprehensive Coverage: Test all user roles and flows

Exploitation and Validation

  • Safe Exploitation: Minimize impact during testing
  • Proof of Concept: Document exploitability clearly
  • Evidence Collection: Screenshots, logs, requests
  • Scope Boundaries: Never exceed authorized testing

Reporting and Communication

  • Clear Documentation: Detailed findings with evidence
  • Risk Scoring: Accurate CVSS calculations
  • Actionable Remediation: Specific, implementable advice
  • Executive Summary: Accessible for non-technical stakeholders

Quality Checklist

Preparation:

  • Scope: Signed RoE (Rules of Engagement) and Authorization letter.
  • Access: Credentials/VPN access verified.
  • Backups: Confirmed client has backups (if applicable).
  • Legal: Confirmed testing dates and boundaries in writing.

Execution:

  • Coverage: All user roles tested (Admin, User, Unauth).
  • Validation: All scanner findings manually verified.
  • Evidence: Screenshots/Logs collected for every finding.
  • Safety: Test data cleaned up, no permanent damage.

Reporting:

  • Clarity: Executive summary understandable by non-tech stakeholders.
  • Risk: CVSS scores calculated accurately.
  • Remediation: Actionable, specific advice (not just "Fix it").
  • Cleanup: Test data/accounts removed from target system.
  • Timeline: Findings delivered within agreed timeframe.
how to use penetration-tester

How to use penetration-tester on Cursor

AI-first code editor with Composer

1

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

  • Cursor installed and configured on your development machine
  • Node.js version 16.0+ with npm package manager (verify with node --version)
  • Active project directory or workspace where you want to add penetration-tester
2

Execute installation command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills add https://github.com/404kidwiz/claude-supercode-skills --skill penetration-tester

The skills CLI fetches penetration-tester from GitHub repository 404kidwiz/claude-supercode-skills and configures it for Cursor.

3

Select Cursor when prompted

The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:

◆ Which agents do you want to install to?
│ ── Universal (.agents/skills) ── always included ────
│ • Amp
│ • Antigravity
│ • Cline
│ • Codex
│ ●Cursor(selected)
│ • Cursor
│ • Windsurf
4

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/penetration-tester

Reload or restart Cursor to activate penetration-tester. Access the skill through slash commands (e.g., /penetration-tester) or your agent's skill management interface.

Security & Verification Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.

Additional Resources

View source code on GitHubSkills CLI documentationLearn more about CursorWhat are agent skills?

List & Monetize Your Skill

Submit your Claude Code skill and start earning

GET_STARTED →

Use Cases

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

Improve work quality by 30-40% with less effort

Implementation Guide

Prerequisites

  • Claude Desktop or compatible AI client with skill support
  • Clear understanding of task or problem to solve
  • Willingness to iterate and refine outputs

Time Estimate

15-45 minutes depending on use case complexity

Installation Steps

  1. 1.Install skill using provided installation command
  2. 2.Test with simple use case relevant to your work
  3. 3.Evaluate output quality and relevance
  4. 4.Iterate on prompts to improve results
  5. 5.Integrate into regular workflow if valuable

Common Pitfalls

  • Expecting perfect results without iteration
  • Not providing enough context in prompts
  • Using skill for tasks outside its intended scope
  • Accepting outputs without review and validation

Best Practices

✓ Do

  • +Start with clear, specific prompts
  • +Provide relevant context and constraints
  • +Review and refine all outputs before using
  • +Iterate to improve output quality
  • +Document successful prompt patterns

✗ Don't

  • Don't use without understanding skill limitations
  • Don't skip validation of outputs
  • Don't share sensitive information in prompts
  • Don't expect skill to replace human judgment

💡 Pro Tips

  • Be specific about desired format and style
  • Ask for multiple options to choose from
  • Request explanations to understand reasoning
  • Combine AI efficiency with human expertise

When to Use This

✓ Use When

Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.

✗ Avoid When

Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.

Learning Path

  1. 1Familiarize yourself with skill capabilities and limitations
  2. 2Start with low-risk, non-critical tasks
  3. 3Progress to more complex and valuable use cases
  4. 4Build expertise through regular use and experimentation

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.674 reviews
  • Mia Gupta· Dec 24, 2024

    I recommend penetration-tester for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

  • Kabir Mensah· Dec 20, 2024

    Keeps context tight: penetration-tester is the kind of skill you can hand to a new teammate without a long onboarding doc.

  • Dhruvi Jain· Dec 16, 2024

    Registry listing for penetration-tester matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Noah Khan· Dec 16, 2024

    Solid pick for teams standardizing on skills: penetration-tester is focused, and the summary matches what you get after install.

  • Mia Sethi· Dec 16, 2024

    Registry listing for penetration-tester matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Ama Thomas· Dec 8, 2024

    Useful defaults in penetration-tester — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Sakura Zhang· Dec 8, 2024

    penetration-tester fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Mateo Zhang· Nov 27, 2024

    We added penetration-tester from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.

  • Valentina Martin· Nov 27, 2024

    penetration-tester has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Sophia Reddy· Nov 27, 2024

    I recommend penetration-tester for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 74

1 / 8