From pentest-framework
Scans target URLs for web security misconfigurations: HTTP headers, SSL/TLS settings, CORS policies, WAF presence. Reports findings by severity from Critical to Info.
npx claudepluginhub sabania/pentest-cli --plugin pentest-frameworkThis skill is limited to using the following tools:
Scan a target application for security misconfigurations including HTTP headers, SSL/TLS settings, CORS policy, and WAF presence.
Scans web apps for security headers, SSL/CORS issues; audits npm/pip dependencies for vulnerabilities; analyzes code for secrets/injections using bandit.
Audits HTTP security headers like CSP, HSTS, X-Frame-Options, and cookie attributes using curl scripts to identify missing or misconfigured browser protections. For web app security assessments and compliance checks.
Audits HTTP security headers like CSP, HSTS, X-Frame-Options, and cookies using curl to detect missing or misconfigured browser protections in web apps.
Share bugs, ideas, or general feedback.
Scan a target application for security misconfigurations including HTTP headers, SSL/TLS settings, CORS policy, and WAF presence.
The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.
Parse the target URL from $ARGUMENTS.
Delegate to scanner-agent using the Agent tool. The agent must run the following commands, collecting all JSON output:
pentest -k -j -o ./findings scan headers <url>
pentest -k -j -o ./findings scan ssl <url>
pentest -k -j -o ./findings scan cors <url>
pentest -k -j -o ./findings cloud waf <url>
Read the JSON outputs from ./findings/ to gather all results.
Present findings organized by severity:
-k to skip SSL verification for targets with self-signed certs.-j for machine-readable JSON output.-o ./findings to persist results for later reporting.