Penetration testing, ethical hacking, and vulnerability assessment techniques for authorized security testing
Performs authorized penetration testing and vulnerability scans. Triggers when users request security testing on systems they own or have explicit permission to test.
/plugin marketplace add pluginagentmarketplace/custom-plugin-cyber-security/plugin install cyber-security-assistant@pluginagentmarketplace-cyber-securityThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/pentest_config.yamlreferences/PENTEST_GUIDE.mdscripts/vuln_scanner.pyPurpose: Authorized security testing methodologies and techniques for identifying vulnerabilities.
┌─────────────────────────────────────────────────────────────────┐
│ SKILL OPERATIONS │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │scan_vuln │ │test_inject │ │enumerate_services │ │
│ │ │ │ │ │ │ │
│ │ Input: │ │ Input: │ │ Input: │ │
│ │ - target │ │ - endpoint │ │ - host │ │
│ │ - type │ │ - type │ │ - port_range │ │
│ │ - depth │ │ - payloads │ │ │ │
│ │ │ │ │ │ Output: │ │
│ │ Output: │ │ Output: │ │ - services[] │ │
│ │ - vulns[] │ │ - vuln │ │ - os_detect │ │
│ │ - time │ │ - evidence │ │ │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────┐ │
│ │ test_authentication │ │
│ │ │ │
│ │ Input: target, test_type │ │
│ │ Output: findings[], weak_creds[] │ │
│ └─────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
| Vulnerability | Test Operation | Detection Method |
|---|---|---|
| A01 Broken Access Control | test_authentication | IDOR, privilege tests |
| A02 Cryptographic Failures | scan_vulnerability | TLS/cert analysis |
| A03 Injection | test_injection | SQLi, XSS, Command |
| A04 Insecure Design | manual | Architecture review |
| A05 Security Misconfig | enumerate_services | Header/config scan |
| A06 Vulnerable Components | scan_vulnerability | CVE database check |
| A07 Auth Failures | test_authentication | Session/token tests |
| A08 Data Integrity | scan_vulnerability | Deserialization checks |
| A09 Logging Failures | manual | Log analysis |
| A10 SSRF | test_injection | SSRF payload tests |
Scan Failed
│
├─► E_NETWORK_TIMEOUT
│ ├── Check: ping/traceroute target
│ ├── Action: Increase timeout, use retry
│ └── Escalate: If persistent, check firewall
│
├─► E_RATE_LIMITED
│ ├── Check: Response headers for rate info
│ ├── Action: Apply exponential backoff
│ └── Escalate: Reduce concurrency
│
├─► E_WAF_BLOCKED
│ ├── Check: Response body for WAF signature
│ ├── Action: Modify payloads, encoding
│ └── Escalate: Document WAF presence
│
└─► E_NO_AUTHORIZATION
└── STOP: Cannot proceed without authorization
| Issue | Symptom | Solution |
|---|---|---|
| False positives | High vuln count | Verify manually, adjust sensitivity |
| Slow scans | Timeout errors | Reduce depth, batch targets |
| Missing vulns | Clean scan | Check scope, increase depth |
| WAF evasion | Blocked requests | Use encoding, timing techniques |
# tests/test_offensive_skill.py
import pytest
from skills.offensive import OffensiveSecurity
class TestVulnerabilityScan:
def test_valid_web_target(self):
skill = OffensiveSecurity()
result = skill.scan_vulnerability(
target="http://testsite.local",
scan_type="web",
depth="quick"
)
assert result.status == "success"
assert isinstance(result.vulnerabilities, list)
def test_invalid_target_format(self):
skill = OffensiveSecurity()
with pytest.raises(ValidationError) as exc:
skill.scan_vulnerability(target="invalid!!!")
assert exc.value.code == "E_INVALID_TARGET"
def test_authorization_required(self):
skill = OffensiveSecurity(authorization=None)
with pytest.raises(AuthorizationError) as exc:
skill.scan_vulnerability(target="http://target.com")
assert exc.value.code == "E_NO_AUTHORIZATION"
| Version | Date | Changes |
|---|---|---|
| 2.0.0 | 2025-01-01 | Production-grade with atomic operations |
| 1.0.0 | 2024-12-29 | Initial release |
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.