Perform security penetration testing to identify vulnerabilities. Use when conducting security assessments. Trigger with 'run pentest', 'security testing', or 'find vulnerabilities'.
View on GitHubjeremylongshore/claude-code-plugins-plus-skills
penetration-tester
plugins/security/penetration-tester/skills/performing-penetration-testing/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/blob/main/plugins/security/penetration-tester/skills/performing-penetration-testing/SKILL.md -a claude-code --skill performing-penetration-testingInstallation paths:
.claude/skills/performing-penetration-testing/# Penetration Tester This skill provides automated assistance for penetration tester tasks. ## Overview This skill automates the process of penetration testing for web applications, identifying vulnerabilities and suggesting exploitation techniques. It leverages the penetration-tester plugin to assess web application security posture. ## How It Works 1. **Target Identification**: Analyzes the user's request to identify the target web application or API endpoint. 2. **Vulnerability Scanning**: Executes automated scans to discover potential vulnerabilities, covering OWASP Top 10 risks. 3. **Reporting**: Generates a detailed penetration test report, including identified vulnerabilities, risk ratings, and remediation recommendations. ## When to Use This Skill This skill activates when you need to: - Perform a penetration test on a web application. - Identify vulnerabilities in a web application or API. - Assess the security posture of a web application. - Generate a report detailing security flaws and remediation steps. ## Examples ### Example 1: Performing a Full Penetration Test User request: "Run a penetration test on example.com" The skill will: 1. Initiate a comprehensive penetration test on the specified domain. 2. Generate a detailed report outlining identified vulnerabilities, including SQL injection, XSS, and CSRF. ### Example 2: Assessing API Security User request: "Perform vulnerability assessment on the /api/users endpoint" The skill will: 1. Target the specified API endpoint for vulnerability scanning. 2. Identify potential security flaws in the API, such as authentication bypass or authorization issues, and provide remediation advice. ## Best Practices - **Authorization**: Always ensure you have explicit authorization before performing penetration testing on any system. - **Scope Definition**: Clearly define the scope of the penetration test to avoid unintended consequences. - **Safe Exploitation**: Use exploitation techniques carefully to