From penetration-tester
Runs a structured security assessment against a target URL or codebase, checking authorization, scanning for vulnerabilities, and generating a report with findings and remediation priorities.
How this command is triggered — by the user, by Claude, or both
Slash command
/penetration-tester:pentestThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Security Testing Workflow Run a structured security assessment. This command walks through authorization, scope selection, scanning, and reporting. ## Step 1: Authorization Check Before scanning anything, confirm authorization: - If the target is a URL: ask the user to confirm they own it or have written permission to test it. - If the target is local code/dependencies: confirm it is the user's own project. - **Do not proceed without explicit authorization.** ## Step 2: Determine Scope Ask the user what they want to test: 1. **Web application** (URL) -- security headers, SSL, exp...
Run a structured security assessment. This command walks through authorization, scope selection, scanning, and reporting.
Before scanning anything, confirm authorization:
Ask the user what they want to test:
Based on the selected scope, run the appropriate scripts from the plugin:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --verbose
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py TARGET_DIR --verbose
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py TARGET_DIR --verbose
Save JSON reports for any scan that finds critical or high issues:
python3 SCANNER --output /tmp/security-report-$(date +%Y%m%d).json
Summarize results for the user:
For each critical and high finding:
Offer to apply code fixes directly for code-level findings.
If the user wants a saved report, combine all findings into a single JSON file:
# Reports are saved via the --output flag on each scanner
npx claudepluginhub pw00kt/fuzzy-sniffle --plugin penetration-tester2plugins reuse this command
First indexed Jul 18, 2026
/pentestRuns a structured security assessment against a target URL or codebase, checking authorization, scanning for vulnerabilities, and generating a report with findings and remediation priorities.
/scanPerforms a comprehensive security audit — detects vulnerabilities, scans dependencies, checks OWASP Top 10, and generates a structured severity report. Also supports targeted scans (deps, headers, auth).
/kasi-securityRuns security audit on project codebase: detects stack (PHP/Node/Python/etc.), loads checklist, scans files for SQLi/XSS/CSRF/auth bypass/etc., outputs prioritized findings with confidence labels.
/scanGuides automated security scanning, dependency auditing, and secret detection. Also supports license compliance checks.
/security-scanScans codebase for vulnerabilities, hardcoded secrets, OWASP Top 10 compliance, and security best practices violations. Produces report with issues and fix recommendations.
/scanRuns an agentic security scanner on the project, detecting vulnerabilities across SCA, secrets, authz, MCP, pipeline, and logic surfaces. Supports focused scans per surface and supplementary output blocks.