@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/skills/pentesting/SKILL.md +168 -224
- package/skills/pentesting/checklists/cors.md +183 -0
- package/skills/pentesting/checklists/exposed-files.md +311 -0
- package/skills/pentesting/checklists/graphql.md +375 -0
- package/skills/pentesting/checklists/jwt.md +225 -0
- package/skills/pentesting/tools/exposed-files-scan.ps1 +333 -0
- package/skills/pentesting/tools/exposed-files-scan.sh +291 -0
- package/skills/pentesting/tools/full-scan.ps1 +508 -0
- package/skills/pentesting/tools/full-scan.sh +454 -0
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@soulofzephir/pi-skill-pentesting",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "Comprehensive pentesting & security check skill for Pi coding agent - headers, ports, SQLi, XSS, OWASP Top 10",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pi",
|
|
7
|
-
"pi-package",
|
|
7
|
+
"pi-package",
|
|
8
8
|
"pi-skill",
|
|
9
9
|
"pentesting",
|
|
10
10
|
"security",
|
|
@@ -1,28 +1,30 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: pentesting
|
|
3
|
-
description: Comprehensive website security testing skill for penetration testing, vulnerability assessment, security headers analysis, port scanning, SQL injection, XSS testing, OWASP Top 10,
|
|
3
|
+
description: Comprehensive website security testing skill for penetration testing, vulnerability assessment, security headers analysis, port scanning, SQL injection, XSS testing, OWASP Top 10, SSL/TLS audit, exposed files detection, CORS, JWT, and GraphQL security testing. Use when user asks for pentest, security check, security audit, vulnerability scan, header security, port scan, SQL injection, XSS, OWASP, ethical hacking, exposed files, CORS, JWT, GraphQL, or bug bounty testing. Generates reports to site/domainname-date.md format.
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
# 🛡️ Pentesting & Security Check Skill
|
|
7
7
|
|
|
8
|
-
> **AUTHOR:** Rz | **VERSION:**
|
|
8
|
+
> **AUTHOR:** Rz (@soulofzephir) | **VERSION:** 3.0 | **LAST UPDATED:** 2025-07-05
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
12
|
-
## 📋 CAPABILITIES OVERVIEW
|
|
12
|
+
## 📋 CAPABILITIES OVERVIEW (v3.0)
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
| Category | Coverage | Automated |
|
|
17
|
-
|----------|----------|-----------|
|
|
14
|
+
| Category | Coverage | Status |
|
|
15
|
+
|----------|----------|--------|
|
|
18
16
|
| **Security Headers** | 9 critical headers | ✅ Script |
|
|
19
|
-
| **Port Scanning** | 20+ common ports | ✅
|
|
17
|
+
| **Port Scanning** | 20+ common ports | ✅ Script |
|
|
20
18
|
| **SQL Injection** | Union, Blind, Time-based | ✅ SQLMap + Manual |
|
|
21
19
|
| **XSS Testing** | Reflected, Stored, DOM | ✅ Payloads + Tools |
|
|
22
20
|
| **Command Injection** | Linux & Windows | ✅ Commix + Manual |
|
|
23
21
|
| **XXE Testing** | Basic, Blind, DoS | ✅ Manual |
|
|
24
22
|
| **OWASP Top 10** | A01-A10 complete | ✅ Checklist |
|
|
25
23
|
| **SSL/TLS Audit** | Certificate & Ciphers | ✅ testssl.sh |
|
|
24
|
+
| **Exposed Files** | .env, .git, backups, debug | ✅ **NEW** |
|
|
25
|
+
| **CORS Security** | Misconfiguration tests | ✅ **NEW** |
|
|
26
|
+
| **JWT Security** | Algorithm attacks, brute force | ✅ **NEW** |
|
|
27
|
+
| **GraphQL Security** | Introspection, DoS, injection | ✅ **NEW** |
|
|
26
28
|
| **Report Generation** | .md format | ✅ Auto |
|
|
27
29
|
|
|
28
30
|
---
|
|
@@ -38,24 +40,23 @@ This skill auto-loads when user mentions:
|
|
|
38
40
|
- port scan, open ports, network scan
|
|
39
41
|
- SQL injection, SQLi, XSS, command injection
|
|
40
42
|
- OWASP, OWASP Top 10
|
|
43
|
+
- exposed files, .env, .git exposed
|
|
44
|
+
- CORS, JWT, GraphQL security
|
|
41
45
|
- "test keamanan", "cek security", "audit keamanan"
|
|
42
46
|
|
|
43
47
|
---
|
|
44
48
|
|
|
45
|
-
## ⚡ COMPLETE TEST CHECKLIST
|
|
46
|
-
|
|
47
|
-
For a **comprehensive security assessment**, run these tests in order:
|
|
49
|
+
## ⚡ COMPLETE TEST CHECKLIST (10+ Phases)
|
|
48
50
|
|
|
49
|
-
### Phase 1: Reconnaissance
|
|
51
|
+
### Phase 1: Reconnaissance
|
|
50
52
|
```
|
|
51
|
-
[ ] Domain enumeration
|
|
52
|
-
[ ] Technology fingerprinting
|
|
53
|
-
[ ] Directory enumeration
|
|
53
|
+
[ ] Domain enumeration
|
|
54
|
+
[ ] Technology fingerprinting
|
|
55
|
+
[ ] Directory enumeration
|
|
54
56
|
[ ] Parameter discovery
|
|
55
|
-
[ ] Social media / leak analysis
|
|
56
57
|
```
|
|
57
58
|
|
|
58
|
-
### Phase 2: Security Headers
|
|
59
|
+
### Phase 2: Security Headers (9 Headers)
|
|
59
60
|
```
|
|
60
61
|
[ ] Content-Security-Policy (CSP)
|
|
61
62
|
[ ] Strict-Transport-Security (HSTS)
|
|
@@ -64,218 +65,143 @@ For a **comprehensive security assessment**, run these tests in order:
|
|
|
64
65
|
[ ] Referrer-Policy
|
|
65
66
|
[ ] Permissions-Policy
|
|
66
67
|
[ ] Cache-Control
|
|
67
|
-
[ ] Server header (version
|
|
68
|
-
[ ] X-Powered-By (tech
|
|
69
|
-
[ ] Cross-Origin policies (COOP, CORP, COEP)
|
|
68
|
+
[ ] Server header (hide version)
|
|
69
|
+
[ ] X-Powered-By (hide tech)
|
|
70
70
|
```
|
|
71
71
|
|
|
72
|
-
### Phase 3:
|
|
72
|
+
### Phase 3: Exposed Files & Information Disclosure 🔴 **NEW**
|
|
73
|
+
```
|
|
74
|
+
[ ] .env file accessible?
|
|
75
|
+
[ ] .git directory exposed?
|
|
76
|
+
[ ] Backup files (zip, sql, bak)
|
|
77
|
+
[ ] Debug/Admin panels accessible
|
|
78
|
+
[ ] Sensitive configuration files
|
|
79
|
+
[ ] Spring Boot Actuator endpoints
|
|
80
|
+
[ ] API documentation exposed
|
|
81
|
+
[ ] Log files accessible
|
|
82
|
+
[ ] robots.txt (reveals paths)
|
|
83
|
+
[ ] Security.txt endpoint
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
### Phase 4: Port & Network Scanning
|
|
73
87
|
```
|
|
74
88
|
[ ] Full port scan (1-65535)
|
|
75
89
|
[ ] Service version detection
|
|
76
|
-
[ ] High-risk port exposure
|
|
77
|
-
[ ] Port
|
|
78
|
-
[ ] Port
|
|
79
|
-
[ ] Port
|
|
80
|
-
[ ] Port
|
|
81
|
-
[ ] Port
|
|
82
|
-
[ ] Port
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
[ ]
|
|
90
|
-
[ ] TLS version (no SSLv3, TLS 1.0, TLS 1.1)
|
|
91
|
-
[ ] Weak ciphers disabled?
|
|
90
|
+
[ ] High-risk port exposure:
|
|
91
|
+
[ ] Port 3306 (MySQL)
|
|
92
|
+
[ ] Port 5432 (PostgreSQL)
|
|
93
|
+
[ ] Port 27017 (MongoDB)
|
|
94
|
+
[ ] Port 6379 (Redis)
|
|
95
|
+
[ ] Port 2375 (Docker)
|
|
96
|
+
[ ] Port 9200 (Elasticsearch)
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### Phase 5: SSL/TLS Audit
|
|
100
|
+
```
|
|
101
|
+
[ ] Certificate validity
|
|
102
|
+
[ ] TLS version (no 1.0/1.1)
|
|
103
|
+
[ ] Weak ciphers
|
|
92
104
|
[ ] HSTS implementation
|
|
93
|
-
[ ]
|
|
94
|
-
[ ] Self-signed cert check
|
|
95
|
-
[ ] OCSP stapling enabled?
|
|
105
|
+
[ ] OCSP stapling
|
|
96
106
|
```
|
|
97
107
|
|
|
98
|
-
### Phase
|
|
108
|
+
### Phase 6: Authentication Testing
|
|
99
109
|
```
|
|
100
|
-
[ ]
|
|
101
|
-
[ ] Password policy
|
|
110
|
+
[ ] Brute force protection
|
|
111
|
+
[ ] Password policy
|
|
102
112
|
[ ] MFA availability
|
|
103
|
-
[ ] Session management
|
|
104
|
-
|
|
105
|
-
[ ] Session timeout
|
|
106
|
-
[ ] HttpOnly cookies
|
|
107
|
-
[ ] Secure cookies
|
|
108
|
-
[ ] SameSite attribute
|
|
109
|
-
[ ] Password reset flow:
|
|
110
|
-
[ ] Token randomness
|
|
111
|
-
[ ] Token expiration
|
|
112
|
-
[ ] Email enumeration
|
|
113
|
-
[ ] Account lockout policy
|
|
114
|
-
[ ] CAPTCHA implementation
|
|
115
|
-
```
|
|
116
|
-
|
|
117
|
-
### Phase 6: Injection Testing
|
|
118
|
-
```
|
|
119
|
-
[ ] SQL Injection:
|
|
120
|
-
[ ] UNION-based
|
|
121
|
-
[ ] Boolean-based blind
|
|
122
|
-
[ ] Time-based blind
|
|
123
|
-
[ ] Error-based
|
|
124
|
-
[ ] Stacked queries
|
|
125
|
-
[ ] XSS (Cross-Site Scripting):
|
|
126
|
-
[ ] Reflected XSS
|
|
127
|
-
[ ] Stored/Persistent XSS
|
|
128
|
-
[ ] DOM-based XSS
|
|
129
|
-
[ ] Polyglot XSS
|
|
130
|
-
[ ] Command Injection:
|
|
131
|
-
[ ] Linux commands
|
|
132
|
-
[ ] Windows commands
|
|
133
|
-
[ ] XXE (XML External Entity)
|
|
134
|
-
[ ] LDAP Injection
|
|
135
|
-
[ ] XPath Injection
|
|
136
|
-
[ ] SSTI (Server-Side Template Injection)
|
|
137
|
-
[ ] SSTRF (Server-Side Request Forgery)
|
|
138
|
-
[ ] Expression Language Injection
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
### Phase 7: Business Logic Testing
|
|
142
|
-
```
|
|
143
|
-
[ ] IDOR (Insecure Direct Object Reference)
|
|
144
|
-
[ ] Horizontal privilege escalation
|
|
145
|
-
[ ] Vertical privilege escalation
|
|
146
|
-
[ ] Price/total manipulation
|
|
147
|
-
[ ] Quantity manipulation
|
|
148
|
-
[ ] Coupon/promotion abuse
|
|
149
|
-
[ ] Race condition (concurrency)
|
|
150
|
-
[ ] Workflow bypass
|
|
151
|
-
[ ] Mass assignment
|
|
152
|
-
```
|
|
153
|
-
|
|
154
|
-
### Phase 8: API Security
|
|
155
|
-
```
|
|
156
|
-
[ ] REST API testing:
|
|
157
|
-
[ ] Authorization bypass
|
|
158
|
-
[ ] Rate limiting
|
|
159
|
-
[ ] Input validation
|
|
160
|
-
[ ] CORS misconfiguration
|
|
161
|
-
[ ] GraphQL testing:
|
|
162
|
-
[ ] Introspection enabled?
|
|
163
|
-
[ ] Query complexity
|
|
164
|
-
[ ] Depth limiting
|
|
165
|
-
[ ] JWT testing:
|
|
166
|
-
[ ] Algorithm confusion
|
|
167
|
-
[ ] Weak secret
|
|
168
|
-
[ ] Token expiration
|
|
169
|
-
[ ] None algorithm
|
|
170
|
-
[ ] API versioning issues
|
|
171
|
-
```
|
|
172
|
-
|
|
173
|
-
### Phase 9: OWASP Top 10
|
|
174
|
-
```
|
|
175
|
-
[ ] A01 - Broken Access Control
|
|
176
|
-
[ ] Vertical privilege escalation
|
|
177
|
-
[ ] Horizontal privilege escalation
|
|
178
|
-
[ ] IDOR
|
|
179
|
-
[ ] CORS misconfiguration
|
|
180
|
-
[ ] A02 - Cryptographic Failures
|
|
181
|
-
[ ] Sensitive data exposure
|
|
182
|
-
[ ] Weak encryption
|
|
183
|
-
[ ] Default crypto
|
|
184
|
-
[ ] Insecure key management
|
|
185
|
-
[ ] A03 - Injection
|
|
186
|
-
[ ] SQL Injection
|
|
187
|
-
[ ] XSS
|
|
188
|
-
[ ] Command Injection
|
|
189
|
-
[ ] LDAP/XXE/XPath
|
|
190
|
-
[ ] A04 - Insecure Design
|
|
191
|
-
[ ] Missing rate limiting
|
|
192
|
-
[ ] Business logic flaws
|
|
193
|
-
[ ] Credential stuffing protection
|
|
194
|
-
[ ] A05 - Security Misconfiguration
|
|
195
|
-
[ ] Default credentials
|
|
196
|
-
[ ] Debug mode
|
|
197
|
-
[ ] Directory listing
|
|
198
|
-
[ ] Unnecessary features
|
|
199
|
-
[ ] Error handling
|
|
200
|
-
[ ] A06 - Vulnerable Components
|
|
201
|
-
[ ] Outdated libraries
|
|
202
|
-
[ ] Known CVEs
|
|
203
|
-
[ ] Unmaintained dependencies
|
|
204
|
-
[ ] A07 - Identification & Auth Failures
|
|
205
|
-
[ ] Weak passwords
|
|
206
|
-
[ ] Session management
|
|
207
|
-
[ ] Credential exposure
|
|
208
|
-
[ ] A08 - Software & Data Integrity
|
|
209
|
-
[ ] Insecure deserialization
|
|
210
|
-
[ ] CI/CD issues
|
|
211
|
-
[ ] Auto-update integrity
|
|
212
|
-
[ ] A09 - Logging & Monitoring
|
|
213
|
-
[ ] No audit logging
|
|
214
|
-
[ ] Failed login tracking
|
|
215
|
-
[ ] Alert fatigue
|
|
216
|
-
[ ] A10 - SSRF
|
|
217
|
-
[ ] URL validation bypass
|
|
218
|
-
[ ] Internal network access
|
|
219
|
-
[ ] Cloud metadata access
|
|
113
|
+
[ ] Session management (HttpOnly, Secure, SameSite)
|
|
114
|
+
[ ] Password reset flow
|
|
220
115
|
```
|
|
221
116
|
|
|
222
|
-
### Phase
|
|
117
|
+
### Phase 7: Injection Testing
|
|
223
118
|
```
|
|
224
|
-
[ ]
|
|
225
|
-
[ ]
|
|
226
|
-
[ ]
|
|
227
|
-
[ ]
|
|
228
|
-
[ ]
|
|
229
|
-
[ ]
|
|
230
|
-
[ ]
|
|
119
|
+
[ ] SQL Injection (5 types)
|
|
120
|
+
[ ] XSS (4 types)
|
|
121
|
+
[ ] Command Injection
|
|
122
|
+
[ ] XXE
|
|
123
|
+
[ ] LDAP Injection
|
|
124
|
+
[ ] SSTI
|
|
125
|
+
[ ] SSRF
|
|
231
126
|
```
|
|
232
127
|
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
## ⚡ WORKFLOW (Follow in Order)
|
|
236
|
-
|
|
237
|
-
### Step 1: Confirm Scope
|
|
128
|
+
### Phase 8: CORS Security 🔴 **NEW**
|
|
238
129
|
```
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
130
|
+
[ ] Wildcard origin check
|
|
131
|
+
[ ] Credentials with wildcard
|
|
132
|
+
[ ] Null origin allowed?
|
|
133
|
+
[ ] Internal IPs allowed?
|
|
134
|
+
[ ] Sensitive endpoints CORS
|
|
242
135
|
```
|
|
243
136
|
|
|
244
|
-
###
|
|
245
|
-
|
|
246
|
-
### Step 3: Generate Report
|
|
247
|
-
|
|
248
|
-
**IMPORTANT:** Always save report to:
|
|
137
|
+
### Phase 9: JWT Security 🔴 **NEW**
|
|
249
138
|
```
|
|
250
|
-
|
|
139
|
+
[ ] Algorithm confusion (RS256→HS256)
|
|
140
|
+
[ ] alg:none bypass
|
|
141
|
+
[ ] Weak secret brute force
|
|
142
|
+
[ ] Null signature accepted
|
|
143
|
+
[ ] Token manipulation (exp, iat, sub)
|
|
144
|
+
[ ] JWKS cache poisoning
|
|
251
145
|
```
|
|
252
146
|
|
|
253
|
-
|
|
147
|
+
### Phase 10: GraphQL Security 🔴 **NEW**
|
|
254
148
|
```
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
149
|
+
[ ] Introspection enabled?
|
|
150
|
+
[ ] GraphQL IDE exposed
|
|
151
|
+
[ ] Authorization bypass (IDOR)
|
|
152
|
+
[ ] Batch query attack
|
|
153
|
+
[ ] Depth-based DoS
|
|
154
|
+
[ ] SQL/NoSQL Injection
|
|
258
155
|
```
|
|
259
156
|
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
## 🔧 TOOLS & SCRIPTS
|
|
263
|
-
|
|
264
|
-
Scripts available in `tools/`:
|
|
157
|
+
### Phase 11: OWASP Top 10 (A01-A10)
|
|
265
158
|
```
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
159
|
+
[ ] A01 - Broken Access Control
|
|
160
|
+
[ ] A02 - Cryptographic Failures
|
|
161
|
+
[ ] A03 - Injection
|
|
162
|
+
[ ] A04 - Insecure Design
|
|
163
|
+
[ ] A05 - Security Misconfiguration
|
|
164
|
+
[ ] A06 - Vulnerable Components
|
|
165
|
+
[ ] A07 - Auth Failures
|
|
166
|
+
[ ] A08 - Data Integrity
|
|
167
|
+
[ ] A09 - Logging Failures
|
|
168
|
+
[ ] A10 - SSRF
|
|
270
169
|
```
|
|
271
170
|
|
|
272
|
-
|
|
171
|
+
### Phase 12: Business Logic & API
|
|
172
|
+
```
|
|
173
|
+
[ ] IDOR
|
|
174
|
+
[ ] Privilege escalation
|
|
175
|
+
[ ] Price manipulation
|
|
176
|
+
[ ] API security (REST/GraphQL)
|
|
177
|
+
[ ] Rate limiting
|
|
273
178
|
```
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
179
|
+
|
|
180
|
+
---
|
|
181
|
+
|
|
182
|
+
## 🔧 TOOLS LOCATION
|
|
183
|
+
|
|
184
|
+
```
|
|
185
|
+
skills/pentesting/
|
|
186
|
+
├── SKILL.md # This file
|
|
187
|
+
├── checklists/
|
|
188
|
+
│ ├── headers.md # 9 headers detail
|
|
189
|
+
│ ├── owasp.md # OWASP Top 10
|
|
190
|
+
│ ├── ports.md # Port scanning
|
|
191
|
+
│ ├── injection.md # All injection types
|
|
192
|
+
│ ├── exposed-files.md # 🔴 NEW - Exposed files
|
|
193
|
+
│ ├── cors.md # 🔴 NEW - CORS security
|
|
194
|
+
│ ├── jwt.md # 🔴 NEW - JWT security
|
|
195
|
+
│ └── graphql.md # 🔴 NEW - GraphQL security
|
|
196
|
+
├── tools/
|
|
197
|
+
│ ├── header-scan.sh # Linux/Mac headers
|
|
198
|
+
│ ├── header-scan.ps1 # Windows headers
|
|
199
|
+
│ ├── exposed-files-scan.sh # 🔴 NEW - Exposed files
|
|
200
|
+
│ ├── exposed-files-scan.ps1 # 🔴 NEW - Exposed files
|
|
201
|
+
│ ├── full-scan.sh # 🔴 NEW - All-in-one Linux
|
|
202
|
+
│ └── full-scan.ps1 # 🔴 NEW - All-in-one Windows
|
|
203
|
+
└── reports/
|
|
204
|
+
└── template.md # Report template
|
|
279
205
|
```
|
|
280
206
|
|
|
281
207
|
---
|
|
@@ -292,16 +218,30 @@ chmod +x tools/header-scan.sh
|
|
|
292
218
|
.\tools\header-scan.ps1 -Target https://target.com
|
|
293
219
|
```
|
|
294
220
|
|
|
221
|
+
### Exposed Files Scan 🔴 NEW
|
|
222
|
+
```bash
|
|
223
|
+
# Linux/Mac
|
|
224
|
+
chmod +x tools/exposed-files-scan.sh
|
|
225
|
+
./tools/exposed-files-scan.sh https://target.com
|
|
226
|
+
|
|
227
|
+
# Windows PowerShell
|
|
228
|
+
.\tools\exposed-files-scan.ps1 -Target https://target.com
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
### Full Security Scan (All-in-One) 🔴 NEW
|
|
232
|
+
```bash
|
|
233
|
+
# Linux/Mac
|
|
234
|
+
chmod +x tools/full-scan.sh
|
|
235
|
+
./tools/full-scan.sh https://target.com
|
|
236
|
+
|
|
237
|
+
# Windows PowerShell
|
|
238
|
+
.\tools\full-scan.ps1 -Target https://target.com
|
|
239
|
+
```
|
|
240
|
+
|
|
295
241
|
### Port Scanning
|
|
296
242
|
```bash
|
|
297
|
-
# Nmap quick
|
|
298
243
|
nmap -sV -p 21,22,80,443,3306,5432,8080 target.com
|
|
299
|
-
|
|
300
|
-
# Full scan
|
|
301
244
|
nmap -p- -sV target.com
|
|
302
|
-
|
|
303
|
-
# Nmap with scripts
|
|
304
|
-
nmap -sC -sV -p- target.com
|
|
305
245
|
```
|
|
306
246
|
|
|
307
247
|
### Vulnerability Scanning
|
|
@@ -319,12 +259,6 @@ dalfox url https://target.com/search?q=test
|
|
|
319
259
|
commix -u "http://target.com/ping?ip=127.0.0.1"
|
|
320
260
|
```
|
|
321
261
|
|
|
322
|
-
### Full Scan
|
|
323
|
-
```powershell
|
|
324
|
-
# Windows - All in one
|
|
325
|
-
.\tools\security-scan.ps1 -Target https://target.com
|
|
326
|
-
```
|
|
327
|
-
|
|
328
262
|
---
|
|
329
263
|
|
|
330
264
|
## 📊 OUTPUT FORMAT
|
|
@@ -347,7 +281,7 @@ F (0-29): Critical
|
|
|
347
281
|
```
|
|
348
282
|
|
|
349
283
|
### Report File
|
|
350
|
-
**Format:** `site/[domain]-[
|
|
284
|
+
**Format:** `site/[domain]-[date].md`
|
|
351
285
|
|
|
352
286
|
---
|
|
353
287
|
|
|
@@ -363,14 +297,17 @@ F (0-29): Critical
|
|
|
363
297
|
|
|
364
298
|
## 🆘 HELP COMMANDS
|
|
365
299
|
|
|
366
|
-
If user asks:
|
|
367
300
|
- "apa bisa ini?" → Show CAPABILITIES OVERVIEW
|
|
368
301
|
- "cara pakai" → Show QUICK COMMANDS
|
|
369
302
|
- "test sekarang" → Start the test workflow
|
|
370
|
-
- "check [target]" →
|
|
303
|
+
- "check [target]" → Full scan + save report
|
|
371
304
|
- "scan headers" → Run header scan
|
|
305
|
+
- "scan exposed files" → Run exposed files scan
|
|
306
|
+
- "full scan" → Run all-in-one scanner
|
|
372
307
|
- "test SQL injection" → Load SQLi payloads
|
|
373
|
-
- "
|
|
308
|
+
- "test CORS" → Load CORS checklist
|
|
309
|
+
- "test JWT" → Load JWT checklist
|
|
310
|
+
- "test GraphQL" → Load GraphQL checklist
|
|
374
311
|
|
|
375
312
|
---
|
|
376
313
|
|
|
@@ -378,16 +315,22 @@ If user asks:
|
|
|
378
315
|
|
|
379
316
|
```
|
|
380
317
|
User: "pentest untuk website ini: example.com"
|
|
381
|
-
→
|
|
318
|
+
→ Full pentest workflow → site/example.com-2025-07-05.md
|
|
382
319
|
|
|
383
320
|
User: "security audit untuk target.com"
|
|
384
|
-
→
|
|
321
|
+
→ Run all tests → site/target.com-2025-07-05.md
|
|
322
|
+
|
|
323
|
+
User: "check exposed files di website ini"
|
|
324
|
+
→ Run exposed files scan → site/target.com-exposed-2025-07-05.md
|
|
325
|
+
|
|
326
|
+
User: "test CORS di api.target.com"
|
|
327
|
+
→ Run CORS security tests
|
|
385
328
|
|
|
386
|
-
User: "
|
|
387
|
-
→
|
|
329
|
+
User: "audit JWT security"
|
|
330
|
+
→ Run JWT security checklist
|
|
388
331
|
|
|
389
|
-
User: "
|
|
390
|
-
→
|
|
332
|
+
User: "GraphQL security check"
|
|
333
|
+
→ Run GraphQL security tests
|
|
391
334
|
```
|
|
392
335
|
|
|
393
336
|
---
|
|
@@ -395,5 +338,6 @@ User: "scan subdomain ini: api.target.com"
|
|
|
395
338
|
## ✅ SKILL READY
|
|
396
339
|
|
|
397
340
|
**Status:** ACTIVE & READY FOR USE
|
|
398
|
-
**Version:**
|
|
341
|
+
**Version:** 3.0
|
|
399
342
|
**Author:** Rz (@soulofzephir)
|
|
343
|
+
**Last Updated:** 2025-07-05
|