@intentsolutionsio/penetration-tester 2.0.0

package/.claude-plugin/plugin.json

@@ -0,0 +1,19 @@
+{
+  "name": "penetration-tester",
+  "version": "2.0.0",
+  "description": "Security testing toolkit with HTTP header analysis, dependency auditing, and static code scanning",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "repository": "https://github.com/jeremylongshore/claude-code-plugins",
+  "license": "MIT",
+  "keywords": [
+    "security",
+    "penetration-testing",
+    "pentesting",
+    "owasp",
+    "exploitation",
+    "agent-skills"
+  ]
+}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Jeremy Longshore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,160 @@
+# Penetration Tester Plugin
+
+Security testing toolkit for web applications, dependencies, and source code.
+Three real scanners that wrap established tools (requests, bandit, pip-audit,
+npm audit) with unified reporting.
+
+## What It Does
+
+| Scanner | Target | What It Checks |
+|---------|--------|----------------|
+| `security_scanner.py` | Live URLs | Security headers, SSL/TLS, exposed endpoints, HTTP methods, CORS |
+| `dependency_auditor.py` | Project dirs | npm and pip vulnerabilities, CVEs, outdated packages |
+| `code_security_scanner.py` | Codebases | Hardcoded secrets, SQL injection, command injection, insecure deserialization |
+
+## Installation
+
+```bash
+/plugin install penetration-tester@claude-code-plugins-plus
+```
+
+## Setup
+
+Install Python dependencies:
+
+```bash
+bash scripts/setup_pentest_env.sh
+```
+
+Or with a virtual environment:
+
+```bash
+bash scripts/setup_pentest_env.sh --venv
+```
+
+Requires Python 3.9+. The setup script installs `requests`, `bandit`, and
+`pip-audit`, then verifies each tool works.
+
+## Quick Start
+
+**Check security headers on a URL:**
+```
+> Check the security headers on https://example.com
+```
+
+**Audit project dependencies:**
+```
+> Audit the dependencies in this project for vulnerabilities
+```
+
+**Scan code for security issues:**
+```
+> Scan this codebase for hardcoded secrets and security issues
+```
+
+**Full security audit:**
+```
+> Run a full security audit on this project
+```
+
+## Scanners
+
+### security_scanner.py
+
+HTTP security analysis for live web applications.
+
+```bash
+python3 scripts/security_scanner.py https://example.com
+python3 scripts/security_scanner.py https://example.com --checks headers,ssl
+python3 scripts/security_scanner.py https://example.com --output report.json
+```
+
+**Checks:**
+- Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options,
+  Referrer-Policy, Permissions-Policy)
+- SSL/TLS certificate validity and expiry
+- Exposed endpoints (.git, .env, admin panels, server-status)
+- Dangerous HTTP methods (PUT, DELETE, TRACE)
+- CORS misconfigurations (wildcard, reflected origin)
+
+### dependency_auditor.py
+
+Unified dependency vulnerability scanner.
+
+```bash
+python3 scripts/dependency_auditor.py /path/to/project
+python3 scripts/dependency_auditor.py . --min-severity high
+python3 scripts/dependency_auditor.py . --scanners npm,pip --output findings.json
+```
+
+**Supports:**
+- npm projects (via `npm audit`)
+- Python projects (via `pip-audit`)
+- Auto-detects project type from manifest files
+
+### code_security_scanner.py
+
+Static analysis for security vulnerabilities.
+
+```bash
+python3 scripts/code_security_scanner.py /path/to/code
+python3 scripts/code_security_scanner.py . --tools bandit,regex --severity high
+python3 scripts/code_security_scanner.py . --exclude "test_*,*_test.py"
+```
+
+**Detects:**
+- Hardcoded secrets (API keys, AWS keys, passwords, tokens)
+- SQL injection (string concatenation in queries)
+- Command injection (os.system, subprocess with shell=True)
+- Eval/exec usage
+- Insecure deserialization (pickle, unsafe YAML loading)
+- Weak cryptography (MD5, SHA1)
+- Disabled SSL verification
+
+## Output
+
+All scanners produce:
+- Markdown-formatted reports for terminal display
+- JSON reports via `--output` for programmatic use
+- Risk scoring with severity levels (critical, high, medium, low, info)
+- Remediation guidance for each finding
+
+Exit code 0 means no critical or high findings. Exit code 1 means issues found.
+
+## Reference Documentation
+
+The `references/` directory contains detailed guides:
+
+- **OWASP_TOP_10.md** -- Each OWASP Top 10 risk with scanner mapping and fix templates
+- **SECURITY_HEADERS.md** -- HTTP header implementation for Express, Django, Nginx, Apache
+- **REMEDIATION_PLAYBOOK.md** -- Copy-paste fix templates for common vulnerabilities
+
+## Authorization Warning
+
+**Only test systems you are authorized to test.**
+
+- Never scan URLs you do not own or have written permission to test
+- Local code scanning and dependency auditing of your own projects is always safe
+- The scanners will ask for authorization confirmation before external scans
+- Unauthorized security testing may violate laws in your jurisdiction
+
+## Commands
+
+- `/pentest` -- Full security testing workflow with authorization checks
+- `/scan-headers` -- Quick security header check for a single URL
+
+## Requirements
+
+- Python 3.9+
+- `requests` >= 2.31.0
+- `bandit` >= 1.7.5 (optional, for code scanning)
+- `pip-audit` >= 2.6.0 (optional, for Python dependency auditing)
+- `npm` (optional, for JavaScript dependency auditing)
+
+## Contributors
+
+- [@duskfallcrew](https://github.com/duskfallcrew) -- Reported AV false positive from PHP payloads in docs (#300), prompting the v2.0.0 rebuild
+
+## License
+
+MIT License - See LICENSE file for details.

package/commands/pentest.md

@@ -0,0 +1,84 @@
+---
+name: pentest
+description: Run a security testing workflow against a target URL or codebase
+shortcut: pent
+---
+
+# Security Testing Workflow
+
+Run a structured security assessment. This command walks through authorization,
+scope selection, scanning, and reporting.
+
+## Step 1: Authorization Check
+
+Before scanning anything, confirm authorization:
+
+- If the target is a URL: ask the user to confirm they own it or have written
+  permission to test it.
+- If the target is local code/dependencies: confirm it is the user's own project.
+- **Do not proceed without explicit authorization.**
+
+## Step 2: Determine Scope
+
+Ask the user what they want to test:
+
+1. **Web application** (URL) -- security headers, SSL, exposed endpoints, CORS
+2. **Dependencies** (project directory) -- npm/pip vulnerability audit
+3. **Source code** (directory) -- static analysis for secrets, injection, etc.
+4. **Full audit** -- all of the above
+
+## Step 3: Run Scanners
+
+Based on the selected scope, run the appropriate scripts from the plugin:
+
+### Web Application Scan
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --verbose
+```
+
+### Dependency Audit
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py TARGET_DIR --verbose
+```
+
+### Code Security Scan
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py TARGET_DIR --verbose
+```
+
+Save JSON reports for any scan that finds critical or high issues:
+```bash
+python3 SCANNER --output /tmp/security-report-$(date +%Y%m%d).json
+```
+
+## Step 4: Present Findings
+
+Summarize results for the user:
+
+1. **Summary table** -- total findings by severity across all scanners
+2. **Critical/High findings** -- detail each one with the risk and impact
+3. **Remediation priorities** -- ordered list of what to fix first
+
+## Step 5: Suggest Remediations
+
+For each critical and high finding:
+
+1. Explain the vulnerability in plain language
+2. Provide the specific fix (reference REMEDIATION_PLAYBOOK.md)
+3. Show how to verify the fix
+
+Offer to apply code fixes directly for code-level findings.
+
+## Step 6: Generate Report
+
+If the user wants a saved report, combine all findings into a single JSON file:
+```bash
+# Reports are saved via the --output flag on each scanner
+```
+
+## Safety Rules
+
+- Never run scans against unauthorized targets
+- All scanners use safe, non-destructive techniques (GET requests, static analysis)
+- No exploit payloads are sent to targets
+- No data is exfiltrated or modified

package/commands/scan-headers.md

@@ -0,0 +1,43 @@
+---
+name: scan-headers
+description: Quick security header check for a single URL
+shortcut: sh
+---
+
+# Quick Security Header Scan
+
+Fast single-URL check for HTTP security headers. This is a shortcut for running
+just the header analysis from the full pentest workflow.
+
+## Usage
+
+Ask the user for the target URL, then run:
+
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --checks headers
+```
+
+## What Gets Checked
+
+- Content-Security-Policy (CSP)
+- Strict-Transport-Security (HSTS)
+- X-Frame-Options
+- X-Content-Type-Options
+- Referrer-Policy
+- Permissions-Policy
+- Server version disclosure
+- X-XSS-Protection (deprecated, informational)
+
+## Output
+
+Present the results as a table showing each header, whether it's present, its
+value, and any issues found. Include the overall header security score.
+
+For any missing or misconfigured headers, provide the recommended value and
+a brief explanation of what it protects against. Reference
+`references/SECURITY_HEADERS.md` for implementation details.
+
+## Authorization
+
+Even though this only sends a single GET request, confirm the user has
+authorization to test the target URL before scanning.

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@intentsolutionsio/penetration-tester",
+  "version": "2.0.0",
+  "description": "Security testing toolkit with HTTP header analysis, dependency auditing, and static code scanning",
+  "keywords": [
+    "security",
+    "penetration-testing",
+    "pentesting",
+    "owasp",
+    "exploitation",
+    "agent-skills",
+    "claude-code",
+    "claude-plugin",
+    "tonsofskills"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jeremylongshore/claude-code-plugins-plus-skills.git",
+    "directory": "plugins/security/penetration-tester"
+  },
+  "homepage": "https://tonsofskills.com/plugins/penetration-tester",
+  "bugs": "https://github.com/jeremylongshore/claude-code-plugins-plus-skills/issues",
+  "license": "MIT",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "README.md",
+    ".claude-plugin",
+    "skills",
+    "commands"
+  ],
+  "scripts": {
+    "postinstall": "node -e \"console.log(\\\"\\\\n→ This npm package is a tracking/proof artifact. Install the plugin via:\\\\n  ccpi install penetration-tester\\\\n  or /plugin install penetration-tester@claude-code-plugins-plus in Claude Code\\\\n\\\")\""
+  }
+}

package/skills/performing-penetration-testing/SKILL.md

@@ -0,0 +1,266 @@
+---
+name: performing-penetration-testing
+description: |
+  Perform security testing on web applications, APIs, and codebases. Use when
+  the user asks to "run a security scan", "check for vulnerabilities", "audit
+  dependencies", "check security headers", "find security issues", "pentest",
+  "security audit", or "scan for secrets". Trigger with "pentest", "security scan",
+  "vulnerability check", "audit dependencies", "check headers", "find secrets".
+version: 2.0.0
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash(python3:*), Bash(pip:*), Bash(npm:*), Bash(bandit:*)
+license: MIT
+author: Jeremy Longshore <jeremy@intentsolutions.io>
+compatible-with: claude-code, codex, openclaw
+tags: [security, testing, audit]
+---
+# Penetration Testing Skill
+
+Security testing toolkit with three specialized scanners for web applications,
+dependency chains, and source code.
+
+## Overview
+
+This skill provides three real, working security scanners:
+
+1. **security_scanner.py** -- HTTP security header analysis, SSL/TLS certificate
+   checks, exposed endpoint probing, dangerous HTTP method detection, and CORS
+   misconfiguration testing. Targets live URLs.
+
+2. **dependency_auditor.py** -- Unified vulnerability scanner for project
+   dependencies. Wraps `npm audit` and `pip-audit` with normalized severity
+   output. Targets project directories.
+
+3. **code_security_scanner.py** -- Static analysis combining `bandit` (Python)
+   with custom regex patterns for hardcoded secrets, SQL injection, command
+   injection, eval/exec usage, and insecure deserialization. Targets codebases.
+
+## Prerequisites
+
+- Python 3.9+
+- `requests` library (for security_scanner.py)
+- Optional: `bandit` (for code scanning), `pip-audit` (for dependency auditing)
+- Optional: `npm` (for JavaScript dependency auditing)
+
+Run the setup script to install all dependencies:
+
+```bash
+bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh
+```
+
+Or with a virtual environment (recommended):
+
+```bash
+bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh --venv
+```
+
+## Instructions
+
+Step 1. Confirm Authorization
+
+Before running any scan, verify the user has authorization to test the target.
+Ask explicitly:
+
+> "Do you have authorization to perform security testing on this target? I need
+> confirmation before proceeding."
+
+If testing a URL, confirm the user owns or has written permission to test it.
+If testing local code/dependencies, confirm it's the user's own project.
+
+**Never scan targets without explicit authorization.**
+
+Step 2. Define Scope
+
+Determine what to scan based on the user's request:
+
+| User says | Scanner to use | Target |
+|-----------|---------------|--------|
+| "check headers" / "scan URL" | security_scanner.py | URL |
+| "audit dependencies" / "check packages" | dependency_auditor.py | Directory |
+| "find secrets" / "code audit" | code_security_scanner.py | Directory |
+| "full security scan" | All three | URL + Directory |
+| "check SSL" / "certificate" | security_scanner.py --checks ssl | URL |
+| "CORS check" | security_scanner.py --checks cors | URL |
+
+Step 3. Run Scans
+
+Execute the appropriate scanner(s):
+
+**Web application scan:**
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL
+```
+
+With specific checks:
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --checks headers,ssl,endpoints,methods,cors
+```
+
+**Dependency audit:**
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py /path/to/project
+```
+
+With severity filter:
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py /path/to/project --min-severity high
+```
+
+**Code security scan:**
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py /path/to/code
+```
+
+With specific tools:
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py /path/to/code --tools bandit,regex --severity high
+```
+
+Step 4. Analyze Results
+
+Review the scanner output. Each finding includes:
+1. **Severity** -- critical, high, medium, low, or info
+2. **Title** -- what was found
+3. **Detail** -- technical explanation
+4. **Remediation** -- how to fix it
+
+Prioritize findings by severity: critical and high findings first.
+
+Step 5. Report Findings
+
+Present results to the user in a clear format:
+5. Start with a summary (total findings by severity)
+6. Group findings by severity
+7. For each finding, explain the risk and provide the remediation steps
+8. Reference the appropriate playbook entry from references/
+
+Step 6. Suggest Remediations
+
+For each finding, provide:
+9. The specific code change or configuration needed
+10. Reference to REMEDIATION_PLAYBOOK.md for copy-paste templates
+11. Verification steps to confirm the fix works
+
+## Scanner Reference
+
+### security_scanner.py
+
+```
+Usage: python3 security_scanner.py URL [OPTIONS]
+
+Options:
+  --checks CHECKS    Comma-separated: headers,ssl,endpoints,methods,cors (default: all)
+  --output FILE      Write JSON report to file
+  --timeout SECS     Request timeout in seconds (default: 10)
+  --verbose          Show detailed progress
+  --help             Show help
+```
+
+Checks performed:
+- Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
+- SSL/TLS: certificate validity, expiry, protocol version
+- Exposed endpoints: .git, .env, admin panels, server-status, directory listing
+- HTTP methods: dangerous methods (PUT, DELETE, TRACE)
+- CORS: wildcard origins, reflected origins, credentials misconfiguration
+
+### dependency_auditor.py
+
+```
+set -euo pipefail
+Usage: python3 dependency_auditor.py DIRECTORY [OPTIONS]
+
+Options:
+  --scanners SCANNERS   Comma-separated: npm,pip (default: auto-detect)
+  --min-severity LEVEL  Minimum severity: critical,high,moderate,low (default: low)
+  --output FILE         Write JSON report to file
+  --verbose             Show detailed progress
+  --help                Show help
+```
+
+Auto-detects project type from package.json, requirements.txt, pyproject.toml, etc.
+
+### code_security_scanner.py
+
+```
+Usage: python3 code_security_scanner.py DIRECTORY [OPTIONS]
+
+Options:
+  --tools TOOLS        Comma-separated: bandit,regex (default: all available)
+  --output FILE        Write JSON report to file
+  --severity LEVEL     Minimum severity: critical,high,medium,low (default: low)
+  --exclude PATTERNS   Comma-separated glob patterns to exclude
+  --verbose            Show detailed progress
+  --help               Show help
+```
+
+Detects: hardcoded secrets, SQL injection, command injection, eval/exec, insecure
+deserialization, weak cryptography, disabled SSL verification.
+
+## Examples
+
+### Quick header check
+
+User: "Check the security headers on https://example.com"
+
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py https://example.com --checks headers
+```
+
+### Full project security audit
+
+User: "Run a full security audit on my project"
+
+```bash
+# 1. Scan dependencies
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/dependency_auditor.py .
+
+# 2. Scan code for security issues
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py .
+
+# 3. If the project has a deployed URL, scan it too
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py https://the-deployed-url.com
+```
+
+### Code-only audit for secrets
+
+User: "Check this codebase for hardcoded secrets"
+
+```bash
+python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/code_security_scanner.py . --tools regex --severity high
+```
+
+## Output
+
+All scanners produce structured security reports:
+
+- **Console report**: Markdown-formatted findings with severity, description, and remediation
+- **JSON report**: Machine-readable output via `--output` flag for CI integration
+- **Exit codes**: 0 = no critical/high findings, 1 = critical/high findings found
+- **Risk score**: security_scanner.py provides a 0-100 score (100 = most secure)
+- **Severity levels**: critical, high, medium, low, info for each finding
+- **Remediation guidance**: Specific fix instructions for each finding
+
+## Error Handling
+
+**Missing dependencies:**
+If a scanner fails because a tool isn't installed, run the setup script:
+```bash
+bash ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/setup_pentest_env.sh
+```
+
+**Connection errors:**
+If security_scanner.py can't reach the target URL:
+- Verify the URL is correct and accessible
+- Check if the site requires VPN or special network access
+- Try with `--timeout 30` for slow servers
+
+**Permission errors:**
+If code_security_scanner.py can't read files:
+- Check file permissions in the target directory
+- Exclude protected directories with `--exclude`
+
+## Resources
+
+For detailed reference material, see:
+- `references/OWASP_TOP_10.md` -- OWASP Top 10 risks with scanner mapping
+- `references/SECURITY_HEADERS.md` -- HTTP security header implementation guide
+- `references/REMEDIATION_PLAYBOOK.md` -- Copy-paste fix templates