Penetration Testing
Run structured automated penetration tests against your APIs and web endpoints before release, with findings mapped to severity, CVSS, and remediation.
Overview
penetration-testing is an agent skill for the Ship phase that scaffolds automated penetration tests and structured security findings with CVSS and remediation fields.
Install
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill penetration-testingWhat is this skill?
- Python PenetrationTester class with Finding dataclass (severity, category, CVSS, remediation)
- SQL injection probe suite with common payloads and error-string detection
- Structured finding export via dataclass/asdict for reports and ticketing
- Extensible test methods pattern for adding more attack categories to one target
- 5 SQL injection payload variants in the excerpted test method
Adoption & trust: 748 installs on skills.sh; 250 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to ship but only have manual, inconsistent checks instead of a repeatable pentest workflow your agent can extend.
Who is it for?
Solo builders shipping web apps or APIs who want agent-guided pentest scaffolding and structured vulnerability reporting before go-live.
Skip if: Teams seeking certified penetration-test deliverables, legal clearance workflows, or production attacks without explicit authorization and scope.
When should I use this skill?
You need to scaffold or extend automated penetration tests and normalized security findings before shipping a web or API surface.
What do I get? / Deliverables
After the skill runs, you have a Python pentest framework pattern and SQL-injection probes that emit normalized Finding records ready for your security review backlog.
- PenetrationTester class extension pattern
- Finding records with remediation text
- SQL injection probe results and evidence strings
Recommended Skills
Journey fit
Penetration testing belongs on the Ship shelf because it validates exploitable weaknesses immediately before or alongside production launch, not during early ideation. Security is the canonical subphase for offensive-style validation workflows that produce vulnerability findings and fix guidance.
How it compares
Use instead of one-off chat prompts that list OWASP bullets without executable test structure or exportable finding objects.
Common Questions / FAQ
Who is penetration-testing for?
It is for indie and solo developers using Claude Code, Cursor, or Codex who own pre-launch security validation on their own APIs and web surfaces.
When should I use penetration-testing?
Use it in Ship (security) before release, when hardening a new endpoint, or after major auth or data-access changes when you need repeatable injection-style probes.
Is penetration-testing safe to install?
Review the Security Audits panel on this Prism page for upstream risk signals; only run generated tests against environments you control or have written permission to assess.
SKILL.md
READMESKILL.md - Penetration Testing
# Automated Penetration Testing Framework ## Automated Penetration Testing Framework ```python # pentest_framework.py import requests import socket import subprocess import json from typing import List, Dict from dataclasses import dataclass, asdict from datetime import datetime @dataclass class Finding: severity: str category: str target: str vulnerability: str evidence: str remediation: str cvss_score: float class PenetrationTester: def __init__(self, target: str): self.target = target self.findings: List[Finding] = [] def test_sql_injection(self, url: str) -> None: """Test for SQL injection vulnerabilities""" print(f"Testing SQL injection on {url}") payloads = [ "' OR '1'='1", "'; DROP TABLE users--", "' UNION SELECT NULL, NULL, NULL--", "1' AND 1=1--", "admin'--" ] for payload in payloads: try: response = requests.get( url, params={'id': payload}, timeout=5 ) # Check for SQL errors sql_errors = [ 'mysql_fetch_array', 'SQLServer JDBC Driver', 'ORA-01756', 'PostgreSQL', 'sqlite3.OperationalError' ] for error in sql_errors: if error in response.text: self.findings.append(Finding( severity='critical', category='SQL Injection', target=url, vulnerability=f'SQL Injection detected with payload: {payload}', evidence=f'Error message: {error}', remediation='Use parameterized queries or prepared statements', cvss_score=9.8 )) break except Exception as e: print(f"Error testing {url}: {e}") def test_xss(self, url: str) -> None: """Test for Cross-Site Scripting vulnerabilities""" print(f"Testing XSS on {url}") payloads = [ "<script>alert('XSS')</script>", "<img src=x onerror=alert('XSS')>", "javascript:alert('XSS')", "<svg onload=alert('XSS')>", "'-alert('XSS')-'" ] for payload in payloads: try: response = requests.get( url, params={'q': payload}, timeout=5 ) if payload in response.text: self.findings.append(Finding( severity='high', category='Cross-Site Scripting', target=url, vulnerability=f'Reflected XSS detected with payload: {payload}', evidence='Payload reflected in response without sanitization', remediation='Implement output encoding and Content Security Policy', cvss_score=7.3 )) break except Exception as e: print(f"Error testing {url}: {e}") def test_authentication(self, login_url: str) -> None: """Test authentication mechanisms""" print(f"Testing authentication on {login_url}") # Test default credentials default_creds = [ ('admin', 'admin'), ('admin', 'password'), ('root', 'root'), ('administrator', 'administrator') ] for username, password in default_creds: try: response = requests.post( login_url, data={'username': username, 'password': password},