From penetration-tester
Scans web apps for security headers, SSL/CORS issues; audits npm/pip dependencies for vulnerabilities; analyzes code for secrets/injections using bandit.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin penetration-testerThis skill is limited to using the following tools:
Security testing toolkit with three specialized scanners for web applications,
Automates OWASP Top 10 vulnerability scans with Semgrep, ESLint-security, Bandit, dependency audits on JS/Python/Java codebases for security assessments and pen tests.
Identifies security vulnerabilities in code and infrastructure using SAST tools like semgrep, generates audit reports with severity ratings and remediation guidance. Use for audits, scans, and DevSecOps reviews.
Scans Python code for vulnerabilities using Bandit, pip-audit, ruff S-rules, detect-secrets, safety; adds LLM analysis for logic flaws, auth bypasses, race conditions.
Share bugs, ideas, or general feedback.
Security testing toolkit with three specialized scanners for web applications, dependency chains, and source code.
This skill provides three real, working security scanners:
security_scanner.py -- HTTP security header analysis, SSL/TLS certificate checks, exposed endpoint probing, dangerous HTTP method detection, and CORS misconfiguration testing. Targets live URLs.
dependency_auditor.py -- Unified vulnerability scanner for project
dependencies. Wraps npm audit and pip-audit with normalized severity
output. Targets project directories.
code_security_scanner.py -- Static analysis combining bandit (Python)
with custom regex patterns for hardcoded secrets, SQL injection, command
injection, eval/exec usage, and insecure deserialization. Targets codebases.
requests library (for security_scanner.py)bandit (for code scanning), pip-audit (for dependency auditing)npm (for JavaScript dependency auditing)Run the setup script to install all dependencies:
bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh
Or with a virtual environment (recommended):
bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh --venv
Step 1. Confirm Authorization
Before running any scan, verify the user has authorization to test the target. Ask explicitly:
"Do you have authorization to perform security testing on this target? I need confirmation before proceeding."
If testing a URL, confirm the user owns or has written permission to test it. If testing local code/dependencies, confirm it's the user's own project.
Never scan targets without explicit authorization.
Step 2. Define Scope
Determine what to scan based on the user's request:
| User says | Scanner to use | Target |
|---|---|---|
| "check headers" / "scan URL" | security_scanner.py | URL |
| "audit dependencies" / "check packages" | dependency_auditor.py | Directory |
| "find secrets" / "code audit" | code_security_scanner.py | Directory |
| "full security scan" | All three | URL + Directory |
| "check SSL" / "certificate" | security_scanner.py --checks ssl | URL |
| "CORS check" | security_scanner.py --checks cors | URL |
Step 3. Run Scans
Execute the appropriate scanner(s):
Web application scan:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL
With specific checks:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --checks headers,ssl,endpoints,methods,cors
Dependency audit:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py /path/to/project
With severity filter:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py /path/to/project --min-severity high
Code security scan:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py /path/to/code
With specific tools:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py /path/to/code --tools bandit,regex --severity high
Step 4. Analyze Results
Review the scanner output. Each finding includes:
Prioritize findings by severity: critical and high findings first.
Step 5. Report Findings
Present results to the user in a clear format: 5. Start with a summary (total findings by severity) 6. Group findings by severity 7. For each finding, explain the risk and provide the remediation steps 8. Reference the appropriate playbook entry from references/
Step 6. Suggest Remediations
For each finding, provide: 9. The specific code change or configuration needed 10. Reference to REMEDIATION_PLAYBOOK.md for copy-paste templates 11. Verification steps to confirm the fix works
Usage: python3 security_scanner.py URL [OPTIONS]
Options:
--checks CHECKS Comma-separated: headers,ssl,endpoints,methods,cors (default: all)
--output FILE Write JSON report to file
--timeout SECS Request timeout in seconds (default: 10)
--verbose Show detailed progress
--help Show help
Checks performed:
set -euo pipefail
Usage: python3 dependency_auditor.py DIRECTORY [OPTIONS]
Options:
--scanners SCANNERS Comma-separated: npm,pip (default: auto-detect)
--min-severity LEVEL Minimum severity: critical,high,moderate,low (default: low)
--output FILE Write JSON report to file
--verbose Show detailed progress
--help Show help
Auto-detects project type from package.json, requirements.txt, pyproject.toml, etc.
Usage: python3 code_security_scanner.py DIRECTORY [OPTIONS]
Options:
--tools TOOLS Comma-separated: bandit,regex (default: all available)
--output FILE Write JSON report to file
--severity LEVEL Minimum severity: critical,high,medium,low (default: low)
--exclude PATTERNS Comma-separated glob patterns to exclude
--verbose Show detailed progress
--help Show help
Detects: hardcoded secrets, SQL injection, command injection, eval/exec, insecure deserialization, weak cryptography, disabled SSL verification.
User: "Check the security headers on https://example.com"
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py https://example.com --checks headers
User: "Run a full security audit on my project"
# 1. Scan dependencies
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py .
# 2. Scan code for security issues
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py .
# 3. If the project has a deployed URL, scan it too
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py https://the-deployed-url.com
User: "Check this codebase for hardcoded secrets"
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py . --tools regex --severity high
All scanners produce structured security reports:
--output flag for CI integrationMissing dependencies: If a scanner fails because a tool isn't installed, run the setup script:
bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh
Connection errors: If security_scanner.py can't reach the target URL:
--timeout 30 for slow serversPermission errors: If code_security_scanner.py can't read files:
--excludeFor detailed reference material, see:
references/OWASP_TOP_10.md -- OWASP Top 10 risks with scanner mappingreferences/SECURITY_HEADERS.md -- HTTP security header implementation guidereferences/REMEDIATION_PLAYBOOK.md -- Copy-paste fix templates