pentest

$npx mdskill add HoangNguyen0403/agent-skills-standard/pentest

> [!IMPORTANT] > PTES-aligned adversarial security audit for backend, frontend, and mobile applications. Produces a CVSS-scored Hacker Report with verified PoCs and phased remediation.

SKILL.md

.github/skills/pentestView on GitHub ↗
---
name: pentest
description: "PTES-aligned adversarial security audit for backend, frontend, and mobile applications. Produces a CVSS-scored Hacker Report with verified PoCs and phased remediation."
metadata:
  triggers:
    keywords:
    - pentest
    - workflow
---
# Pentest Skill

> [!IMPORTANT]
> PTES-aligned adversarial security audit for backend, frontend, and mobile applications. Produces a CVSS-scored Hacker Report with verified PoCs and phased remediation.

## Instructions

When the user asks to perform this workflow, execute the following steps:


# 🕵️‍♂️ Penetration Test (PTES-Aligned)

Goal: Execute a 7-phase red-team assessment across backend APIs, frontend web apps, and mobile clients. Deliver an audit-grade Hacker Score (0-100) with verified Proof-of-Concept exploits and per-finding remediation.

## Steps

1. **Phase 0 — Scope & Authorization**:
   - Determine mode (`whitebox`, `greybox`, `blackbox`) and targets.
   - Verify explicit authorization. **Stop if unauthorized.**
2. **Phase 1 — Intel Gathering (Recon)**:
   - Identify tech stack, endpoints, parameters, local storage, schemes, and secrets.
   - Use `common-security-audit` and `common-dast-tooling`.
3. **Phase 2 — Threat Modeling**:
   - Rank endpoints by risk: `exposure × sensitivity × auth_coverage`.
   - Prioritize attack plan (top-10 highest-risk endpoints).
4. **Phase 3 — Vulnerability Analysis**:
   - Run vulnerability scans.
   - Delegate: SAST/SCA to `specialist-aspm-correlator`, dynamic/logic to `specialist-logic-hacker`, binary/mobile to `specialist-mobile-reverser`.
5. **Phase 4 — Exploitation (PoC-Required)**:
   - **Policy: No Exploit = No Report.** Unverified findings are discarded.
   - Construct reproducible PoC for each confirmed vulnerability.
6. **Phase 5 — Post-Exploitation**:
   - Assess blast radius: lateral movement, privilege escalation, data exfiltration, persistence.
7. **Phase 6 — Hacker Score & Reporting**:
   - Score: Deduct from 100: Critical -25 (cap 25), High -15 (cap 40), Medium -8, Low -3.
   - Deliver findings in the standard template below.

## Output Template

### Executive Summary

- **Hacker Score**: X/100 ([Critical/Vulnerable/Moderate/Hardened])
- **Target Scope**: [repos, URLs, mobile apps]
- **Findings**: [Critical/High/Medium/Low counts]

### Findings Table

| ID | Title | Platform | Severity | CVSS | CWE | PoC |
|---|---|---|---|---|---|---|
| SEC-01 | | [backend|frontend|mobile] | [Critical|High|Medium|Low] | | | [Yes|No] |

### Finding Details

#### SEC-[ID]: [Title]
- **Affected Component**: [file:line or endpoint]
- **Proof of Concept**:
  - Preconditions: [auth, configuration]
  - Steps: [command/payload, expected vs actual]
  - Evidence: [response, screenshot, logs]
- **Impact & Blast Radius**: [access, lateral movement]
- **Remediation**: [specific code fix, diff, or configuration change]

More from HoangNguyen0403/agent-skills-standard

SkillDescription
android-agp-upgradeUpgrade an Android project to Android Gradle Plugin (AGP) 9. Use when migrating to AGP 9, updating Gradle build files, migrating to built-in Kotlin, or adopting the new AGP DSL.
android-architectureApply Clean Architecture layering, modularization, and Unidirectional Data Flow in Android projects. Use when setting up project structure, placing code in layers, configuring feature/core modules, or implementing UDF patterns.
android-background-workImplement WorkManager and background processing correctly on Android. Use when creating Worker classes, scheduling tasks, choosing between WorkManager and Foreground Services, or setting up Hilt in workers.
android-composeBuild high-performance declarative UI with Jetpack Compose. Use when writing Composable functions, optimizing recomposition, hoisting state, or working with LazyColumn and side effects.
android-compose-migrationMigrate an Android XML View to Jetpack Compose following a structured 10-step workflow. Use when converting XML layouts to Compose, setting up Compose in an existing View-based project, or incrementally adopting Compose.
android-concurrencyWrite correct coroutine scopes, Flow collection, and dispatcher injection in Android. Use when writing suspend functions, choosing between StateFlow and SharedFlow, or injecting Dispatchers for testability.
android-deploymentConfigure release signing, R8 obfuscation, and App Bundle publishing for Android. Use when setting up signing configs, enabling minification, adding ProGuard keep rules, or preparing for Play Store submission.
android-design-systemEnforce Material Design 3 theming and design token usage in Jetpack Compose. Use when implementing M3 components, color schemes, typography, or design tokens.
android-diConfigure Hilt dependency injection with proper scoping, modules, and constructor injection in Android. Use when setting up Hilt DI, defining modules, or configuring component scoping.
android-edge-to-edgeMigrate a Jetpack Compose app to edge-to-edge display and fix system bar inset issues. Use when UI components are obscured by navigation/status bars, fixing IME insets, or enabling edge-to-edge for SDK 35+.