Skill

pentest-exploit-validation

From asi

Validates pentest vulnerability findings via structured exploitation of injections, XSS, auth/authz/SSRF, bypass exhaustion, 4-level evidence collection, and EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.

Playwright

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Validate vulnerability findings through proof-driven exploitation using Shannon's 4-level evidence system. Consumes the exploitation queue from white-box code review, attempts structured exploitation with bypass exhaustion, collects mandatory evidence per vulnerability type, and classifies each finding as EXPLOITED, POTENTIAL, or FALSE_POSITIVE.

SKILL.md

Similar Skills

exploit

Executes exploitation tests for web/API vulnerabilities like SQLi, XSS, SSRF, JWT confusion, deserialization, prototype pollution during pentest phase 3.

20 files

akira

Exploit Techniques

Guides PoC exploit development for confirmed vulnerabilities in whitebox pentesting, with language recommendations, Python templates, and HTTP request patterns.

3 files

vuln-scout

testing-for-xss-vulnerabilities-with-burpsuite

5.9k

Identifies and validates reflected, stored, and DOM-based XSS in web apps using Burp Suite scanner, repeater, and intruder during authorized pentests.

3 files

cybersecurity-skills

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Pentest Exploit Validation

Purpose

Prerequisites

Authorization Requirements

Written authorization with explicit scope for active exploitation testing
Exploitation queue JSON from pentest-whitebox-code-review output
Test accounts at multiple privilege levels for authz testing
Data exfiltration approval — confirm acceptable proof-of-concept scope
Rollback plan for any data-mutating exploits

Environment Setup

sqlmap for automated SQL injection exploitation
Burp Suite Professional with Repeater, Intruder, and Turbo Intruder
curl for manual HTTP request crafting
Playwright for browser-based exploitation (XSS, CSRF)
nuclei with custom templates for automated validation
Isolated testing environment or explicit production testing approval

Core Workflow

Queue Intake: Parse exploitation queue JSON, validate schema, prioritize by confidence score and impact severity. Group findings by vulnerability type for parallel exploitation.
Injection Exploitation: Confirm injectable parameter → fingerprint backend (DB type, OS) → enumerate databases/tables → demonstrate data exfiltration with minimal footprint.
XSS Exploitation: Graph traversal from source → processing → sanitization → sink. Craft context-appropriate payload, demonstrate session hijack or DOM manipulation.
Auth Exploitation: Attack authentication weaknesses → demonstrate account takeover via credential stuffing, token forgery, or session hijack.
Authz Exploitation: Horizontal access (cross-user data) → vertical escalation (admin functions) → workflow bypass (state manipulation).
SSRF Exploitation: Internal service access → cloud metadata retrieval (169.254.169.254) → internal network reconnaissance.
Bypass Exhaustion: For each finding, attempt 3 initial payloads → if blocked, escalate to 8-10 bypass variations → if still blocked, deploy automated tool variants.
Impact Escalation: Escalate from proof-of-concept to real impact demonstration — data exfiltration, session hijacking, or remote code execution.
Evidence Collection: Collect mandatory evidence per vulnerability type using per-type checklists.
Classification: Assign final classification — EXPLOITED, POTENTIAL, or FALSE_POSITIVE — based on 4-level proof system.

4-Level Proof System

Level	Description	Classification
L1	Weakness identified in code but not confirmed exploitable	POTENTIAL
L2	Partial bypass achieved but full exploitation not demonstrated	POTENTIAL
L3	Vulnerability confirmed with reproducible evidence	EXPLOITED
L4	Critical impact demonstrated (data exfil, RCE, account takeover)	EXPLOITED CRITICAL

Classification Criteria

Classification	Criteria
EXPLOITED	Reproducible proof with evidence: HTTP request/response, extracted data, or demonstrated impact
POTENTIAL	Code-level weakness confirmed but exploitation blocked by defense-in-depth or environment constraints
FALSE_POSITIVE	Taint analysis flagged but manual review confirms effective sanitization or unreachable code path

Tool Categories

Category	Tools	Purpose
SQL Injection	sqlmap, manual payloads	Automated and manual SQLi exploitation
Request Crafting	Burp Repeater, curl	Manual HTTP request manipulation
Fuzzing	Burp Intruder, Turbo Intruder	Payload variation and bypass testing
Browser Exploitation	Playwright	XSS demonstration, session hijack
Automation	nuclei, custom scripts	Template-based vulnerability validation
Evidence Capture	Burp Logger, screenshot tools	Request/response logging and proof

References

references/tools.md - Tool function signatures and parameters
references/workflows.md - Exploitation workflows, evidence checklists, and classification tree