performing-penetration-testing
关于
This skill automates web application penetration testing using the penetration-tester plugin to identify OWASP Top 10 vulnerabilities and suggest exploits. It triggers when users request a pentest, vulnerability assessment, or ask to exploit a web app, providing comprehensive security reports. Developers should use it for automated vulnerability scanning and security flaw identification.
快速安装
Claude Code
推荐/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/performing-penetration-testing在 Claude Code 中复制并粘贴此命令以安装该技能
技能文档
Overview
This skill automates the process of penetration testing for web applications, identifying vulnerabilities and suggesting exploitation techniques. It leverages the penetration-tester plugin to assess web application security posture.
How It Works
- Target Identification: Analyzes the user's request to identify the target web application or API endpoint.
- Vulnerability Scanning: Executes automated scans to discover potential vulnerabilities, covering OWASP Top 10 risks.
- Reporting: Generates a detailed penetration test report, including identified vulnerabilities, risk ratings, and remediation recommendations.
When to Use This Skill
This skill activates when you need to:
- Perform a penetration test on a web application.
- Identify vulnerabilities in a web application or API.
- Assess the security posture of a web application.
- Generate a report detailing security flaws and remediation steps.
Examples
Example 1: Performing a Full Penetration Test
User request: "Run a penetration test on example.com"
The skill will:
- Initiate a comprehensive penetration test on the specified domain.
- Generate a detailed report outlining identified vulnerabilities, including SQL injection, XSS, and CSRF.
Example 2: Assessing API Security
User request: "Perform vulnerability assessment on the /api/users endpoint"
The skill will:
- Target the specified API endpoint for vulnerability scanning.
- Identify potential security flaws in the API, such as authentication bypass or authorization issues, and provide remediation advice.
Best Practices
- Authorization: Always ensure you have explicit authorization before performing penetration testing on any system.
- Scope Definition: Clearly define the scope of the penetration test to avoid unintended consequences.
- Safe Exploitation: Use exploitation techniques carefully to demonstrate vulnerabilities without causing damage.
Integration
This skill can be integrated with other security tools and plugins to enhance vulnerability management and remediation efforts. For example, findings can be exported to vulnerability tracking systems.
GitHub 仓库
相关推荐技能
content-collections
元Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。
sglang
元SGLang是一个专为LLM设计的高性能推理框架,特别适用于需要结构化输出的场景。它通过RadixAttention前缀缓存技术,在处理JSON、正则表达式、工具调用等具有重复前缀的复杂工作流时,能实现极速生成。如果你正在构建智能体或多轮对话系统,并追求远超vLLM的推理性能,SGLang是理想选择。
evaluating-llms-harness
测试该Skill通过60+个学术基准测试(如MMLU、GSM8K等)评估大语言模型质量,适用于模型对比、学术研究及训练进度追踪。它支持HuggingFace、vLLM和API接口,被EleutherAI等行业领先机构广泛采用。开发者可通过简单命令行快速对模型进行多任务批量评估。
Algorithmic Art Generation
元这个Claude Skill帮助开发者使用p5.js创建算法艺术,特别适用于生成式艺术和交互式可视化项目。它支持种子随机性、流场和粒子系统等关键技术,确保艺术作品的重复性和独特性。当讨论生成艺术、算法艺术或计算美学时,该技能会自动激活,指导开发者完成从概念设计到技术实现的全过程。