performing-penetration-testingClaude Skill

Penetration Testing Skill

Security testing toolkit with three specialized scanners for web applications, dependency chains, and source code.

Overview

This skill provides three real, working security scanners:

1. security_scanner.py -- HTTP security header analysis, SSL/TLS certificate checks, exposed endpoint probing, dangerous HTTP method detection, and CORS misconfiguration testing. Targets live URLs.

2. dependency_auditor.py -- Unified vulnerability scanner for project dependencies. Wraps npm audit and pip-audit with normalized severity output. Targets project directories.

3. code_security_scanner.py -- Static analysis combining bandit (Python) with custom regex patterns for hardcoded secrets, SQL injection, command injection, eval/exec usage, and insecure deserialization. Targets codebases.

Prerequisites

• Python 3.9+
• requests library (for security_scanner.py)
• Optional: bandit (for code scanning), pip-audit (for dependency auditing)
• Optional: npm (for JavaScript dependency auditing)

Run the setup script to install all dependencies:

bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh

Or with a virtual environment (recommended):

bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh --venv

Instructions

Step 1. Confirm Authorization

Before running any scan, verify the user has authorization to test the target. Ask explicitly:

"Do you have authorization to perform security testing on this target? I need confirmation before proceeding."

If testing a URL, confirm the user owns or has written permission to test it. If testing local code/dependencies, confirm it's the user's own project.

Never scan targets without explicit authorization.

Step 2. Define Scope

Determine what to scan based on the user's request:

User says	Scanner to use	Target
"check headers" / "scan URL"	security_scanner.py	URL
"audit dependencies" / "check packages"	dependency_auditor.py	Directory
"find secrets" / "code audit"	code_security_scanner.py	Directory
"full security scan"	All three	URL + Directory
"check SSL" / "certificate"	security_scanner.py --checks ssl	URL
"CORS check"	security_scanner.py --checks cors	URL

Step 3. Run Scans

Execute the appropriate scanner(s):

Web application scan:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL

With specific checks:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --checks headers,ssl,endpoints,methods,cors

Dependency audit:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py /path/to/project

With severity filter:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py /path/to/project --min-severity high

Code security scan:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py /path/to/code

With specific tools:

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py /path/to/code --tools bandit,regex --severity high

Step 4. Analyze Results

Review the scanner output. Each finding includes:

• Severity -- critical, high, medium, low, or info
• Title -- what was found
• Detail -- technical explanation
• Remediation -- how to fix it

Prioritize findings by severity: critical and high findings first.

Step 5. Report Findings

Present results to the user in a clear format:

• Start with a summary (total findings by severity)
• Group findings by severity
• For each finding, explain the risk and provide the remediation steps
• Reference the appropriate playbook entry from references/

Step 6. Suggest Remediations

For each finding, provide:

• The specific code change or configuration needed
• Reference to REMEDIATION_PLAYBOOK.md for copy-paste templates
• Verification steps to confirm the fix works

Scanner Reference

security_scanner.py

Usage: python3 security_scanner.py URL [OPTIONS]

Options:
  --checks CHECKS    Comma-separated: headers,ssl,endpoints,methods,cors (default: all)
  --output FILE      Write JSON report to file
  --timeout SECS     Request timeout in seconds (default: 10)
  --verbose          Show detailed progress
  --help             Show help

Checks performed:

• Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
• SSL/TLS: certificate validity, expiry, protocol version
• Exposed endpoints: .git, .env, admin panels, server-status, directory listing
• HTTP methods: dangerous methods (PUT, DELETE, TRACE)
• CORS: wildcard origins, reflected origins, credentials misconfiguration

dependency_auditor.py

Usage: python3 dependency_auditor.py DIRECTORY [OPTIONS]

Options:
  --scanners SCANNERS   Comma-separated: npm,pip (default: auto-detect)
  --min-severity LEVEL  Minimum severity: critical,high,moderate,low (default: low)
  --output FILE         Write JSON report to file
  --verbose             Show detailed progress
  --help                Show help

Auto-detects project type from package.json, requirements.txt, pyproject.toml, etc.

code_security_scanner.py

Usage: python3 code_security_scanner.py DIRECTORY [OPTIONS]

Options:
  --tools TOOLS        Comma-separated: bandit,regex (default: all available)
  --output FILE        Write JSON report to file
  --severity LEVEL     Minimum severity: critical,high,medium,low (default: low)
  --exclude PATTERNS   Comma-separated glob patterns to exclude
  --verbose            Show detailed progress
  --help               Show help

Detects: hardcoded secrets, SQL injection, command injection, eval/exec, insecure deserialization, weak cryptography, disabled SSL verification.

Examples

Quick header check

User: "Check the security headers on https://example.com"

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py https://example.com --checks headers

Full project security audit

User: "Run a full security audit on my project"

# 1. Scan dependencies
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py .

# 2. Scan code for security issues
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py .

# 3. If the project has a deployed URL, scan it too
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py https://the-deployed-url.com

Code-only audit for secrets

User: "Check this codebase for hardcoded secrets"

python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py . --tools regex --severity high

Output

All scanners produce structured security reports:

• Console report: Markdown-formatted findings with severity, description, and remediation
• JSON report: Machine-readable output via --output flag for CI integration
• Exit codes: 0 = no critical/high findings, 1 = critical/high findings found
• Risk score: security_scanner.py provides a 0-100 score (100 = most secure)
• Severity levels: critical, high, medium, low, info for each finding
• Remediation guidance: Specific fix instructions for each finding

Error Handling

Missing dependencies: If a scanner fails because a tool isn't installed, run the setup script:

bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh

Connection errors: If security_scanner.py can't reach the target URL:

• Verify the URL is correct and accessible
• Check if the site requires VPN or special network access
• Try with --timeout 30 for slow servers

Permission errors: If code_security_scanner.py can't read files:

• Check file permissions in the target directory
• Exclude protected directories with --exclude

Resources

For detailed reference material, see:

• references/OWASP_TOP_10.md -- OWASP Top 10 risks with scanner mapping
• references/SECURITY_HEADERS.md -- HTTP security header implementation guide
• references/REMEDIATION_PLAYBOOK.md -- Copy-paste fix templates