npx claudepluginhub arbazkhan971/godmodeThis skill uses the workspace's default tool permissions.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
/godmode:pentest, "penetration test", "security test"NEVER test without explicit authorization.
Scope: <in-scope targets, out-of-scope exclusions>
IF NOT authorized: stop immediately.
# Endpoint discovery
curl -s <target>/robots.txt
curl -s <target>/sitemap.xml
# Technology detection
curl -sI <target> | grep -iE "server|x-powered"
Passive: DNS, WHOIS, public repos, tech stack. Active: endpoint enumeration, API discovery.
A01 Broken Access Control:
[ ] Horizontal escalation (change user ID)
[ ] Vertical escalation (user -> admin)
[ ] IDOR (direct object references)
A02 Cryptographic Failures:
[ ] HTTP (not HTTPS) data transmission
[ ] Weak algorithms (MD5, SHA1 for passwords)
A03 Injection:
[ ] SQL injection (parameterized? or string concat)
[ ] XSS (stored, reflected, DOM-based)
[ ] Command injection (user input in exec/system)
A05 Security Misconfiguration:
[ ] Default credentials
[ ] Debug mode in production
[ ] Directory listing enabled
[ ] Stack traces in error responses
A07 Authentication Failures:
[ ] Brute force (no rate limiting/lockout)
[ ] Weak password policy (< 8 chars allowed)
[ ] Session fixation
IF finding severity >= HIGH: create PoC immediately. IF > 3 CRITICAL findings: stop testing, report.
Auth: API accessible without auth?
Token leakage in logs/URLs?
Token valid after password change?
AuthZ: BOLA (change object IDs)
BFLA (admin endpoints as regular user)
Mass assignment (extra fields in body)
Input: oversized payloads (> 1MB JSON)
Deeply nested JSON (> 100 levels)
Rate limiting absent
FINDING <N>:
Vulnerability: <title>
Category: <OWASP ID>
Severity: CRITICAL|HIGH|MEDIUM|LOW
CVSS: <0.0-10.0>
Steps to reproduce:
1. <exact request/action>
2. <observed response>
Impact: confidentiality/integrity/availability
Exploitability: trivial|moderate|complex
IF cannot reproduce after 2 attempts: discard finding. IF requires unrealistic preconditions: downgrade severity.
FINDING <N> REMEDIATION:
File: <file:line>
Current (vulnerable): <code>
Fixed: <code>
Why: <security control added>
Verify: <test confirming fix works>
ALWAYS provide concrete code fix, not "sanitize input".
Target: <app/system>
Risk Rating: CRITICAL|HIGH|MODERATE|LOW|MINIMAL
Findings: <N>C <N>H <N>M <N>L <N>I
Coverage: 12 OWASP categories tested
Remediation priority:
IMMEDIATE (24h): critical findings
SHORT-TERM (1wk): high findings
MEDIUM-TERM (1mo): medium findings
Verdict: PASS|CONDITIONAL PASS|FAIL
PASS: 0 critical/high, all medium have remediation. CONDITIONAL: 0 critical, high has remediation in progress. FAIL: any critical exists or < 8 categories tested.
Append .godmode/pentest-results.tsv:
timestamp target categories_tested critical high medium verdict
KEEP if: exploit produces observable evidence AND
reproducible AND severity justified by impact.
DISCARD if: cannot reproduce after 2 attempts OR
unrealistic preconditions OR duplicate root cause.
STOP when FIRST of:
- All 12 OWASP categories evaluated
- Every finding has PoC + remediation code
- Formal report generated
On failure: git reset --hard HEAD~1. Never pause.
| Failure | Action |
|---|---|
| Too many false positives | Tune scanner, verify manually |
| Service disruption | Reduce intensity, use staging |
| Cannot reproduce | Document exact steps, check WAF |