Skill

pentest-advanced

Tests target web apps for advanced vulnerabilities: HTTP request smuggling, race conditions, cache poisoning, subdomain takeover. Reports exploits, impacts, remediations via pentest tool.

Bash

security

testing

npx claudepluginhub sabania/pentest-cli --plugin pentest-framework

Tool Access

This skill is limited to using the following tools:

BashAgentRead

Preview

Test a target application for advanced attack vectors including HTTP request smuggling, race conditions, cache poisoning, and subdomain takeover vulnerabilities.

SKILL.md

Similar Skills

performing-web-cache-poisoning-attack

Guides authorized pentests for web cache poisoning by discovering unkeyed headers/parameters with Burp Suite Param Miner and testing cache keys via curl on CDNs like Cloudflare/Nginx.

asi

performing-web-cache-poisoning-attack

5.9k

Guides authorized pentests for web cache poisoning by exploiting unkeyed headers/parameters in CDNs/proxies (Cloudflare, Varnish, Nginx) using Burp Suite and curl.

3 files

cybersecurity-skills

pentest-request-forgery

Guides web penetration testing for request forgery vulnerabilities like CSRF, HTTP request smuggling, CRLF injection, and clickjacking. Includes exploitation patterns, bypasses, and detection checklists.

1 file

vuln-skills

Stats

Parent Repo Stars5

Parent Repo Forks0

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

/pentest-advanced — Advanced Attack Testing

Test a target application for advanced attack vectors including HTTP request smuggling, race conditions, cache poisoning, and subdomain takeover vulnerabilities.

Input

The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.

Steps

Parse the target URL from $ARGUMENTS.

Delegate to advanced-agent using the Agent tool. The agent must run all advanced attack commands:

pentest -k -j -o ./findings advanced smuggle --active --yes <url>
pentest -k -j -o ./findings advanced race --active --yes <url>
pentest -k -j -o ./findings advanced cache --active --yes <url>
pentest -k -j -o ./findings advanced takeover --active --yes <url>

Read the JSON outputs from ./findings/ to gather all results.

Present findings with detailed exploitation scenarios:

Request Smuggling: CL.TE / TE.CL desync issues, front-end/back-end discrepancies, potential for request hijacking
Race Conditions: Time-of-check-to-time-of-use (TOCTOU) bugs, double-spend scenarios, concurrent request handling flaws
Cache Poisoning: Unkeyed headers that influence responses, cache key manipulation, web cache deception
Subdomain Takeover: Dangling DNS records pointing to unclaimed resources (S3, Heroku, GitHub Pages, Azure, etc.)

For each confirmed vulnerability, include:

Step-by-step exploitation scenario
Potential business impact
Remediation guidance

Notes

Advanced commands perform active testing that sends crafted requests.

Request smuggling tests can disrupt application behavior in rare cases.

Race condition tests send concurrent requests that may trigger unintended side effects.

Use -k to skip SSL verification for targets with self-signed certs.

Use -j for machine-readable JSON output.

Use -o ./findings to persist results for later reporting.