@soulofzephir/pi-skill-pentesting 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2025 Rz
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/PUBLISH.md ADDED
@@ -0,0 +1,97 @@
1
+ # 🚀 Publish Instructions
2
+
3
+ ## Step 1: Create GitHub Repository
4
+
5
+ ### Option A: Web Browser (Recommended)
6
+
7
+ 1. Go to: **https://github.com/new**
8
+ 2. Fill in:
9
+ - **Repository name:** `pi-skill-pentesting`
10
+ - **Description:** `Comprehensive pentesting & security check skill for Pi coding agent`
11
+ - **Visibility:** Public
12
+ - **⚠️ DO NOT** check "Add a README file" (we already have one)
13
+ 3. Click **"Create repository"**
14
+
15
+ ### Option B: If you have `gh` CLI installed
16
+
17
+ ```bash
18
+ gh auth login
19
+ gh repo create pi-skill-pentesting --public --description "Pentesting skill for Pi"
20
+ ```
21
+
22
+ ---
23
+
24
+ ## Step 2: Push to GitHub
25
+
26
+ After creating the repo on GitHub, run:
27
+
28
+ ```bash
29
+ cd H:/belajar/test/pi-skill-pentesting
30
+ git push -u origin main
31
+ ```
32
+
33
+ ---
34
+
35
+ ## Step 3: Publish to npm
36
+
37
+ ### First, login to npm:
38
+
39
+ ```bash
40
+ npm login
41
+ # Enter your npm username, email, and password
42
+ # For 2FA: use OTP from your authenticator app
43
+ ```
44
+
45
+ ### Then publish:
46
+
47
+ ```bash
48
+ npm publish --access public
49
+ ```
50
+
51
+ > **⚠️ Note:** First time publish may need verification. Check your email!
52
+
53
+ ---
54
+
55
+ ## ✅ After Successful Publish
56
+
57
+ Your package will be live at:
58
+ - **GitHub:** https://github.com/soulofzephir/pi-skill-pentesting
59
+ - **npm:** https://www.npmjs.com/package/@soulofzephir/pi-skill-pentesting
60
+
61
+ ---
62
+
63
+ ## 📥 Installation (After Publish)
64
+
65
+ Anyone can now install with:
66
+
67
+ ```bash
68
+ npm install -g @soulofzephir/pi-skill-pentesting
69
+ ```
70
+
71
+ ---
72
+
73
+ ## 🔄 Version Updates
74
+
75
+ ```bash
76
+ # 1. Edit version in package.json
77
+ # 2. Commit
78
+ git add .
79
+ git commit -m "v1.0.1"
80
+ git push origin main
81
+ git tag v1.0.1
82
+ git push origin v1.0.1
83
+
84
+ # 3. Publish
85
+ npm publish
86
+ ```
87
+
88
+ ---
89
+
90
+ ## 📋 Quick Summary
91
+
92
+ ```
93
+ GitHub: https://github.com/soulofzephir/pi-skill-pentesting
94
+ npm: https://www.npmjs.com/package/@soulofzephir/pi-skill-pentesting
95
+ ```
96
+
97
+ **Package ready to publish! 🎉**
package/README.md ADDED
@@ -0,0 +1,255 @@
1
+ # 🛡️ Pi Skill - Pentesting & Security Check
2
+
3
+ > **Comprehensive security testing skill for Pi coding agent**
4
+
5
+ [![npm version](https://img.shields.io/npm/v/@soulofzephir/pi-skill-pentesting)](https://www.npmjs.com/package/@soulofzephir/pi-skill-pentesting)
6
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
7
+ [![GitHub stars](https://img.shields.io/github/stars/soulofzephir/pi-skill-pentesting?style=social)](https://github.com/soulofzephir/pi-skill-pentesting)
8
+
9
+ ---
10
+
11
+ ## 👨‍💻 Author
12
+
13
+ ### Rz | @soulofzephir
14
+
15
+ <a href="https://github.com/soulofzephir">
16
+ <img src="https://img.shields.io/badge/GitHub-soulofzephir-181717?style=for-the-badge&logo=github" alt="GitHub"/>
17
+ </a>
18
+ <a href="https://www.npmjs.com/~soulofzephir">
19
+ <img src="https://img.shields.io/badge/npm-soulofzephir-CB3837?style=for-the-badge&logo=npm" alt="npm"/>
20
+ </a>
21
+
22
+ Security enthusiast & automation lover. Building tools for ethical hacking and security assessment.
23
+
24
+ > *"Empowering developers to secure their applications with comprehensive testing tools."*
25
+
26
+ ---
27
+
28
+ ## 📋 Description
29
+
30
+ Comprehensive pentesting & security check skill for [Pi coding agent](https://pi.dev). Provides:
31
+
32
+ | Category | Coverage |
33
+ |----------|----------|
34
+ | 🔒 **Security Headers** | 9 critical headers analysis |
35
+ | 🔌 **Port Scanning** | 20+ common ports detection |
36
+ | 💉 **SQL Injection** | Union, Blind, Time-based testing |
37
+ | 🖥️ **XSS Testing** | Reflected, Stored, DOM-based |
38
+ | ⚡ **Command Injection** | Linux & Windows payloads |
39
+ | 📄 **XXE Testing** | XML injection detection |
40
+ | 📋 **OWASP Top 10** | Complete A01-A10 checklist |
41
+ | 🔐 **SSL/TLS Audit** | Certificate & cipher analysis |
42
+
43
+ ---
44
+
45
+ ## 🚀 Installation
46
+
47
+ ### Option 1: npm (Recommended)
48
+
49
+ ```bash
50
+ npm install -g @soulofzephir/pi-skill-pentesting
51
+ ```
52
+
53
+ ### Option 2: Manual
54
+
55
+ ```bash
56
+ # Clone repository
57
+ git clone https://github.com/soulofzephir/pi-skill-pentesting.git
58
+
59
+ # Copy to Pi skills folder
60
+ cp -r skills/pentesting ~/.pi/agent/skills/
61
+ ```
62
+
63
+ ### Option 3: Git Submodule
64
+
65
+ ```bash
66
+ # Add as submodule to your project
67
+ git submodule add https://github.com/soulofzephir/pi-skill-pentesting.git .pi/skills/pentesting
68
+ ```
69
+
70
+ ---
71
+
72
+ ## 🎯 Quick Usage
73
+
74
+ ### In Pi, simply type:
75
+
76
+ ```
77
+ pentest https://example.com
78
+ ```
79
+
80
+ ### Or use specific commands:
81
+
82
+ ```
83
+ /skill pentesting
84
+ security check https://example.com
85
+ test SQL injection di endpoint ini
86
+ scan headers untuk website saya
87
+ OWASP check
88
+ ```
89
+
90
+ ---
91
+
92
+ ## 📁 Package Structure
93
+
94
+ ```
95
+ @ soulofzephir/pi-skill-pentesting/
96
+ ├── package.json # NPM & Pi manifest
97
+ ├── README.md # This file
98
+ ├── LICENSE # MIT License
99
+ ├── skills/
100
+ │ └── pentesting/
101
+ │ ├── SKILL.md # Main skill file
102
+ │ ├── checklists/
103
+ │ │ ├── headers.md # Security headers detail
104
+ │ │ ├── owasp.md # OWASP Top 10
105
+ │ │ ├── ports.md # Port scanning
106
+ │ │ └── injection.md # All injection types
107
+ │ ├── tools/
108
+ │ │ ├── header-scan.sh # Linux/Mac
109
+ │ │ ├── header-scan.ps1 # Windows
110
+ │ │ └── security-scan.ps1 # Windows All-in-One
111
+ │ └── reports/
112
+ │ └── template.md # Report template
113
+ ```
114
+
115
+ ---
116
+
117
+ ## 🔍 What This Skill Does
118
+
119
+ ### 1️⃣ Security Headers Analysis
120
+ Checks 9 critical security headers:
121
+ - ✅ CSP (Content-Security-Policy)
122
+ - ✅ HSTS (Strict-Transport-Security)
123
+ - ✅ X-Content-Type-Options
124
+ - ✅ X-Frame-Options
125
+ - ✅ Referrer-Policy
126
+ - ✅ Permissions-Policy
127
+ - ✅ Cache-Control
128
+ - ✅ Server header
129
+ - ✅ X-Powered-By
130
+
131
+ ### 2️⃣ Port Scanning
132
+ Detects open ports and high-risk services:
133
+ - Database ports (3306, 5432, 27017, 6379)
134
+ - Remote access (22, 3389)
135
+ - Web ports (80, 443, 8080)
136
+ - Dangerous exposed services (Docker 2375)
137
+
138
+ ### 3️⃣ Injection Testing
139
+ Comprehensive payloads for:
140
+ - **SQL Injection** - Union, Blind, Time-based, Error-based
141
+ - **XSS** - Reflected, Stored, DOM, Polyglots
142
+ - **Command Injection** - Linux & Windows
143
+ - **XXE** - Basic, Blind, Billion Laughs
144
+ - **LDAP Injection** - Auth bypass
145
+ - **SSTI** - Jinja2, Twig, Handlebars
146
+
147
+ ### 4️⃣ OWASP Top 10 Checklist
148
+ Complete testing for:
149
+ - A01: Broken Access Control
150
+ - A02: Cryptographic Failures
151
+ - A03: Injection
152
+ - A04: Insecure Design
153
+ - A05: Security Misconfiguration
154
+ - A06: Vulnerable Components
155
+ - A07: Authentication Failures
156
+ - A08: Software & Data Integrity
157
+ - A09: Security Logging
158
+ - A10: Server-Side Request Forgery (SSRF)
159
+
160
+ ---
161
+
162
+ ## 🛠️ Tools Included
163
+
164
+ ### Automated Scripts
165
+
166
+ | Script | Platform | Description |
167
+ |--------|----------|-------------|
168
+ | `header-scan.sh` | Linux/Mac | Security headers scanner |
169
+ | `header-scan.ps1` | Windows | Security headers scanner |
170
+ | `security-scan.ps1` | Windows | **All-in-one scanner** |
171
+
172
+ ### External Tools Recommended
173
+
174
+ ```
175
+ Headers: securityheaders.com, observatory.mozilla.org
176
+ Vuln Scan: Nuclei, OWASP ZAP, Nikto
177
+ SSL/TLS: testssl.sh, ssllabs.com
178
+ SQLi: SQLMap
179
+ XSS: Dalfox, XSStrike
180
+ Cmd Inj: Commix
181
+ Ports: Nmap, RustScan
182
+ ```
183
+
184
+ ---
185
+
186
+ ## 📊 Output
187
+
188
+ ### Header Security Score (0-100)
189
+ ```
190
+ A (90-100): Excellent
191
+ B (70-89): Good
192
+ C (50-69): Needs Improvement
193
+ D (30-49): Poor
194
+ F (0-29): Critical
195
+ ```
196
+
197
+ ### Vulnerability Severity
198
+ ```
199
+ 🔴 CRITICAL → Fix immediately
200
+ 🟠 HIGH → Fix within 1 week
201
+ 🟡 MEDIUM → Fix within 1 month
202
+ 🟢 LOW/INFO → Fix when possible
203
+ ```
204
+
205
+ ---
206
+
207
+ ## ⚠️ Disclaimer
208
+
209
+ > **For authorized testing only!**
210
+ >
211
+ > - ✅ Test your own websites
212
+ > - ✅ Test with written permission
213
+ > - ❌ **NEVER** test without authorization - it's ILLEGAL
214
+
215
+ ---
216
+
217
+ ## 🤝 Contributing
218
+
219
+ Contributions welcome! Feel free to submit issues and pull requests.
220
+
221
+ 1. Fork the repository
222
+ 2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
223
+ 3. Commit your changes (`git commit -m 'Add AmazingFeature'`)
224
+ 4. Push to the branch (`git push origin feature/AmazingFeature`)
225
+ 5. Open a Pull Request
226
+
227
+ ---
228
+
229
+ ## 📝 License
230
+
231
+ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
232
+
233
+ ---
234
+
235
+ ## 🙏 Credits
236
+
237
+ Built with 💪 by **[Rz (@soulofzephir)](https://github.com/soulofzephir)**
238
+
239
+ Special thanks to:
240
+ - [Pi Coding Agent](https://pi.dev) - The coding harness
241
+ - [Agent Skills Standard](https://agentskills.io) - Skill specification
242
+
243
+ ---
244
+
245
+ ## ⭐ Show Your Support
246
+
247
+ If this skill helped you, give it a ⭐!
248
+
249
+ ```bash
250
+ npm install -g @soulofzephir/pi-skill-pentesting
251
+ ```
252
+
253
+ ---
254
+
255
+ **Made with ❤️ by Rz | [@soulofzephir](https://github.com/soulofzephir) | [Report Issue](https://github.com/soulofzephir/pi-skill-pentesting/issues)**
package/package.json ADDED
@@ -0,0 +1,39 @@
1
+ {
2
+ "name": "@soulofzephir/pi-skill-pentesting",
3
+ "version": "1.0.0",
4
+ "description": "Comprehensive pentesting & security check skill for Pi coding agent - headers, ports, SQLi, XSS, OWASP Top 10",
5
+ "keywords": [
6
+ "pi",
7
+ "pi-package",
8
+ "pi-skill",
9
+ "pentesting",
10
+ "security",
11
+ "security-audit",
12
+ "vulnerability-scan",
13
+ "ethical-hacking"
14
+ ],
15
+ "homepage": "https://github.com/soulofzephir/pi-skill-pentesting",
16
+ "bugs": {
17
+ "url": "https://github.com/soulofzephir/pi-skill-pentesting/issues"
18
+ },
19
+ "license": "MIT",
20
+ "author": {
21
+ "name": "Rz",
22
+ "url": "https://github.com/soulofzephir"
23
+ },
24
+ "contributors": [],
25
+ "repository": {
26
+ "type": "git",
27
+ "url": "https://github.com/soulofzephir/pi-skill-pentesting.git"
28
+ },
29
+ "pi": {
30
+ "skills": "./skills",
31
+ "description": "Pentesting & Security Check Skill for Pi"
32
+ },
33
+ "scripts": {
34
+ "install": "echo 'Skill installed! Restart Pi to use: /skill pentesting'"
35
+ },
36
+ "engines": {
37
+ "node": ">=18.0.0"
38
+ }
39
+ }