@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/skills/pentesting/SKILL.md +189 -224
- package/skills/pentesting/checklists/cors.md +183 -0
- package/skills/pentesting/checklists/exposed-files.md +311 -0
- package/skills/pentesting/checklists/graphql.md +375 -0
- package/skills/pentesting/checklists/jwt.md +225 -0
- package/skills/pentesting/tools/exposed-files-scan.ps1 +333 -0
- package/skills/pentesting/tools/exposed-files-scan.sh +291 -0
- package/skills/pentesting/tools/full-scan.ps1 +508 -0
- package/skills/pentesting/tools/full-scan.sh +454 -0
- package/skills/pentesting/tools/test-skill.ps1 +291 -0
- package/skills/pentesting/tools/test-skill.sh +345 -0
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@soulofzephir/pi-skill-pentesting",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"description": "Comprehensive pentesting & security check skill for Pi coding agent - headers, ports, SQLi, XSS, OWASP Top 10",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pi",
|
|
7
|
-
"pi-package",
|
|
7
|
+
"pi-package",
|
|
8
8
|
"pi-skill",
|
|
9
9
|
"pentesting",
|
|
10
10
|
"security",
|
|
@@ -1,28 +1,30 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: pentesting
|
|
3
|
-
description: Comprehensive website security testing skill for penetration testing, vulnerability assessment, security headers analysis, port scanning, SQL injection, XSS testing, OWASP Top 10,
|
|
3
|
+
description: Comprehensive website security testing skill for penetration testing, vulnerability assessment, security headers analysis, port scanning, SQL injection, XSS testing, OWASP Top 10, SSL/TLS audit, exposed files detection, CORS, JWT, and GraphQL security testing. Use when user asks for pentest, security check, security audit, vulnerability scan, header security, port scan, SQL injection, XSS, OWASP, ethical hacking, exposed files, CORS, JWT, GraphQL, or bug bounty testing. Generates reports to site/domainname-date.md format.
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
# 🛡️ Pentesting & Security Check Skill
|
|
7
7
|
|
|
8
|
-
> **AUTHOR:** Rz | **VERSION:**
|
|
8
|
+
> **AUTHOR:** Rz (@soulofzephir) | **VERSION:** 3.0 | **LAST UPDATED:** 2025-07-05
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
12
|
-
## 📋 CAPABILITIES OVERVIEW
|
|
12
|
+
## 📋 CAPABILITIES OVERVIEW (v3.0)
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
| Category | Coverage | Automated |
|
|
17
|
-
|----------|----------|-----------|
|
|
14
|
+
| Category | Coverage | Status |
|
|
15
|
+
|----------|----------|--------|
|
|
18
16
|
| **Security Headers** | 9 critical headers | ✅ Script |
|
|
19
|
-
| **Port Scanning** | 20+ common ports | ✅
|
|
17
|
+
| **Port Scanning** | 20+ common ports | ✅ Script |
|
|
20
18
|
| **SQL Injection** | Union, Blind, Time-based | ✅ SQLMap + Manual |
|
|
21
19
|
| **XSS Testing** | Reflected, Stored, DOM | ✅ Payloads + Tools |
|
|
22
20
|
| **Command Injection** | Linux & Windows | ✅ Commix + Manual |
|
|
23
21
|
| **XXE Testing** | Basic, Blind, DoS | ✅ Manual |
|
|
24
22
|
| **OWASP Top 10** | A01-A10 complete | ✅ Checklist |
|
|
25
23
|
| **SSL/TLS Audit** | Certificate & Ciphers | ✅ testssl.sh |
|
|
24
|
+
| **Exposed Files** | .env, .git, backups, debug | ✅ **NEW** |
|
|
25
|
+
| **CORS Security** | Misconfiguration tests | ✅ **NEW** |
|
|
26
|
+
| **JWT Security** | Algorithm attacks, brute force | ✅ **NEW** |
|
|
27
|
+
| **GraphQL Security** | Introspection, DoS, injection | ✅ **NEW** |
|
|
26
28
|
| **Report Generation** | .md format | ✅ Auto |
|
|
27
29
|
|
|
28
30
|
---
|
|
@@ -38,24 +40,25 @@ This skill auto-loads when user mentions:
|
|
|
38
40
|
- port scan, open ports, network scan
|
|
39
41
|
- SQL injection, SQLi, XSS, command injection
|
|
40
42
|
- OWASP, OWASP Top 10
|
|
43
|
+
- exposed files, .env, .git exposed
|
|
44
|
+
- CORS, JWT, GraphQL security
|
|
41
45
|
- "test keamanan", "cek security", "audit keamanan"
|
|
46
|
+
- **"test skill", "check skill", "validate skill"**
|
|
47
|
+
- **"skill health", "skill status", "skill diagnostics"**
|
|
42
48
|
|
|
43
49
|
---
|
|
44
50
|
|
|
45
|
-
## ⚡ COMPLETE TEST CHECKLIST
|
|
46
|
-
|
|
47
|
-
For a **comprehensive security assessment**, run these tests in order:
|
|
51
|
+
## ⚡ COMPLETE TEST CHECKLIST (10+ Phases)
|
|
48
52
|
|
|
49
|
-
### Phase 1: Reconnaissance
|
|
53
|
+
### Phase 1: Reconnaissance
|
|
50
54
|
```
|
|
51
|
-
[ ] Domain enumeration
|
|
52
|
-
[ ] Technology fingerprinting
|
|
53
|
-
[ ] Directory enumeration
|
|
55
|
+
[ ] Domain enumeration
|
|
56
|
+
[ ] Technology fingerprinting
|
|
57
|
+
[ ] Directory enumeration
|
|
54
58
|
[ ] Parameter discovery
|
|
55
|
-
[ ] Social media / leak analysis
|
|
56
59
|
```
|
|
57
60
|
|
|
58
|
-
### Phase 2: Security Headers
|
|
61
|
+
### Phase 2: Security Headers (9 Headers)
|
|
59
62
|
```
|
|
60
63
|
[ ] Content-Security-Policy (CSP)
|
|
61
64
|
[ ] Strict-Transport-Security (HSTS)
|
|
@@ -64,224 +67,160 @@ For a **comprehensive security assessment**, run these tests in order:
|
|
|
64
67
|
[ ] Referrer-Policy
|
|
65
68
|
[ ] Permissions-Policy
|
|
66
69
|
[ ] Cache-Control
|
|
67
|
-
[ ] Server header (version
|
|
68
|
-
[ ] X-Powered-By (tech
|
|
69
|
-
|
|
70
|
+
[ ] Server header (hide version)
|
|
71
|
+
[ ] X-Powered-By (hide tech)
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
### Phase 3: Exposed Files & Information Disclosure 🔴 **NEW**
|
|
75
|
+
```
|
|
76
|
+
[ ] .env file accessible?
|
|
77
|
+
[ ] .git directory exposed?
|
|
78
|
+
[ ] Backup files (zip, sql, bak)
|
|
79
|
+
[ ] Debug/Admin panels accessible
|
|
80
|
+
[ ] Sensitive configuration files
|
|
81
|
+
[ ] Spring Boot Actuator endpoints
|
|
82
|
+
[ ] API documentation exposed
|
|
83
|
+
[ ] Log files accessible
|
|
84
|
+
[ ] robots.txt (reveals paths)
|
|
85
|
+
[ ] Security.txt endpoint
|
|
70
86
|
```
|
|
71
87
|
|
|
72
|
-
### Phase
|
|
88
|
+
### Phase 4: Port & Network Scanning
|
|
73
89
|
```
|
|
74
90
|
[ ] Full port scan (1-65535)
|
|
75
91
|
[ ] Service version detection
|
|
76
|
-
[ ] High-risk port exposure
|
|
77
|
-
[ ] Port
|
|
78
|
-
[ ] Port
|
|
79
|
-
[ ] Port
|
|
80
|
-
[ ] Port
|
|
81
|
-
[ ] Port
|
|
82
|
-
[ ] Port
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
[ ]
|
|
90
|
-
[ ] TLS version (no SSLv3, TLS 1.0, TLS 1.1)
|
|
91
|
-
[ ] Weak ciphers disabled?
|
|
92
|
+
[ ] High-risk port exposure:
|
|
93
|
+
[ ] Port 3306 (MySQL)
|
|
94
|
+
[ ] Port 5432 (PostgreSQL)
|
|
95
|
+
[ ] Port 27017 (MongoDB)
|
|
96
|
+
[ ] Port 6379 (Redis)
|
|
97
|
+
[ ] Port 2375 (Docker)
|
|
98
|
+
[ ] Port 9200 (Elasticsearch)
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Phase 5: SSL/TLS Audit
|
|
102
|
+
```
|
|
103
|
+
[ ] Certificate validity
|
|
104
|
+
[ ] TLS version (no 1.0/1.1)
|
|
105
|
+
[ ] Weak ciphers
|
|
92
106
|
[ ] HSTS implementation
|
|
93
|
-
[ ]
|
|
94
|
-
[ ] Self-signed cert check
|
|
95
|
-
[ ] OCSP stapling enabled?
|
|
107
|
+
[ ] OCSP stapling
|
|
96
108
|
```
|
|
97
109
|
|
|
98
|
-
### Phase
|
|
110
|
+
### Phase 6: Authentication Testing
|
|
99
111
|
```
|
|
100
|
-
[ ]
|
|
101
|
-
[ ] Password policy
|
|
112
|
+
[ ] Brute force protection
|
|
113
|
+
[ ] Password policy
|
|
102
114
|
[ ] MFA availability
|
|
103
|
-
[ ] Session management
|
|
104
|
-
|
|
105
|
-
[ ] Session timeout
|
|
106
|
-
[ ] HttpOnly cookies
|
|
107
|
-
[ ] Secure cookies
|
|
108
|
-
[ ] SameSite attribute
|
|
109
|
-
[ ] Password reset flow:
|
|
110
|
-
[ ] Token randomness
|
|
111
|
-
[ ] Token expiration
|
|
112
|
-
[ ] Email enumeration
|
|
113
|
-
[ ] Account lockout policy
|
|
114
|
-
[ ] CAPTCHA implementation
|
|
115
|
-
```
|
|
116
|
-
|
|
117
|
-
### Phase 6: Injection Testing
|
|
118
|
-
```
|
|
119
|
-
[ ] SQL Injection:
|
|
120
|
-
[ ] UNION-based
|
|
121
|
-
[ ] Boolean-based blind
|
|
122
|
-
[ ] Time-based blind
|
|
123
|
-
[ ] Error-based
|
|
124
|
-
[ ] Stacked queries
|
|
125
|
-
[ ] XSS (Cross-Site Scripting):
|
|
126
|
-
[ ] Reflected XSS
|
|
127
|
-
[ ] Stored/Persistent XSS
|
|
128
|
-
[ ] DOM-based XSS
|
|
129
|
-
[ ] Polyglot XSS
|
|
130
|
-
[ ] Command Injection:
|
|
131
|
-
[ ] Linux commands
|
|
132
|
-
[ ] Windows commands
|
|
133
|
-
[ ] XXE (XML External Entity)
|
|
134
|
-
[ ] LDAP Injection
|
|
135
|
-
[ ] XPath Injection
|
|
136
|
-
[ ] SSTI (Server-Side Template Injection)
|
|
137
|
-
[ ] SSTRF (Server-Side Request Forgery)
|
|
138
|
-
[ ] Expression Language Injection
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
### Phase 7: Business Logic Testing
|
|
142
|
-
```
|
|
143
|
-
[ ] IDOR (Insecure Direct Object Reference)
|
|
144
|
-
[ ] Horizontal privilege escalation
|
|
145
|
-
[ ] Vertical privilege escalation
|
|
146
|
-
[ ] Price/total manipulation
|
|
147
|
-
[ ] Quantity manipulation
|
|
148
|
-
[ ] Coupon/promotion abuse
|
|
149
|
-
[ ] Race condition (concurrency)
|
|
150
|
-
[ ] Workflow bypass
|
|
151
|
-
[ ] Mass assignment
|
|
152
|
-
```
|
|
153
|
-
|
|
154
|
-
### Phase 8: API Security
|
|
155
|
-
```
|
|
156
|
-
[ ] REST API testing:
|
|
157
|
-
[ ] Authorization bypass
|
|
158
|
-
[ ] Rate limiting
|
|
159
|
-
[ ] Input validation
|
|
160
|
-
[ ] CORS misconfiguration
|
|
161
|
-
[ ] GraphQL testing:
|
|
162
|
-
[ ] Introspection enabled?
|
|
163
|
-
[ ] Query complexity
|
|
164
|
-
[ ] Depth limiting
|
|
165
|
-
[ ] JWT testing:
|
|
166
|
-
[ ] Algorithm confusion
|
|
167
|
-
[ ] Weak secret
|
|
168
|
-
[ ] Token expiration
|
|
169
|
-
[ ] None algorithm
|
|
170
|
-
[ ] API versioning issues
|
|
171
|
-
```
|
|
172
|
-
|
|
173
|
-
### Phase 9: OWASP Top 10
|
|
174
|
-
```
|
|
175
|
-
[ ] A01 - Broken Access Control
|
|
176
|
-
[ ] Vertical privilege escalation
|
|
177
|
-
[ ] Horizontal privilege escalation
|
|
178
|
-
[ ] IDOR
|
|
179
|
-
[ ] CORS misconfiguration
|
|
180
|
-
[ ] A02 - Cryptographic Failures
|
|
181
|
-
[ ] Sensitive data exposure
|
|
182
|
-
[ ] Weak encryption
|
|
183
|
-
[ ] Default crypto
|
|
184
|
-
[ ] Insecure key management
|
|
185
|
-
[ ] A03 - Injection
|
|
186
|
-
[ ] SQL Injection
|
|
187
|
-
[ ] XSS
|
|
188
|
-
[ ] Command Injection
|
|
189
|
-
[ ] LDAP/XXE/XPath
|
|
190
|
-
[ ] A04 - Insecure Design
|
|
191
|
-
[ ] Missing rate limiting
|
|
192
|
-
[ ] Business logic flaws
|
|
193
|
-
[ ] Credential stuffing protection
|
|
194
|
-
[ ] A05 - Security Misconfiguration
|
|
195
|
-
[ ] Default credentials
|
|
196
|
-
[ ] Debug mode
|
|
197
|
-
[ ] Directory listing
|
|
198
|
-
[ ] Unnecessary features
|
|
199
|
-
[ ] Error handling
|
|
200
|
-
[ ] A06 - Vulnerable Components
|
|
201
|
-
[ ] Outdated libraries
|
|
202
|
-
[ ] Known CVEs
|
|
203
|
-
[ ] Unmaintained dependencies
|
|
204
|
-
[ ] A07 - Identification & Auth Failures
|
|
205
|
-
[ ] Weak passwords
|
|
206
|
-
[ ] Session management
|
|
207
|
-
[ ] Credential exposure
|
|
208
|
-
[ ] A08 - Software & Data Integrity
|
|
209
|
-
[ ] Insecure deserialization
|
|
210
|
-
[ ] CI/CD issues
|
|
211
|
-
[ ] Auto-update integrity
|
|
212
|
-
[ ] A09 - Logging & Monitoring
|
|
213
|
-
[ ] No audit logging
|
|
214
|
-
[ ] Failed login tracking
|
|
215
|
-
[ ] Alert fatigue
|
|
216
|
-
[ ] A10 - SSRF
|
|
217
|
-
[ ] URL validation bypass
|
|
218
|
-
[ ] Internal network access
|
|
219
|
-
[ ] Cloud metadata access
|
|
115
|
+
[ ] Session management (HttpOnly, Secure, SameSite)
|
|
116
|
+
[ ] Password reset flow
|
|
220
117
|
```
|
|
221
118
|
|
|
222
|
-
### Phase
|
|
119
|
+
### Phase 7: Injection Testing
|
|
223
120
|
```
|
|
224
|
-
[ ]
|
|
225
|
-
[ ]
|
|
226
|
-
[ ]
|
|
227
|
-
[ ]
|
|
228
|
-
[ ]
|
|
229
|
-
[ ]
|
|
230
|
-
[ ]
|
|
121
|
+
[ ] SQL Injection (5 types)
|
|
122
|
+
[ ] XSS (4 types)
|
|
123
|
+
[ ] Command Injection
|
|
124
|
+
[ ] XXE
|
|
125
|
+
[ ] LDAP Injection
|
|
126
|
+
[ ] SSTI
|
|
127
|
+
[ ] SSRF
|
|
231
128
|
```
|
|
232
129
|
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
## ⚡ WORKFLOW (Follow in Order)
|
|
236
|
-
|
|
237
|
-
### Step 1: Confirm Scope
|
|
130
|
+
### Phase 8: CORS Security 🔴 **NEW**
|
|
238
131
|
```
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
132
|
+
[ ] Wildcard origin check
|
|
133
|
+
[ ] Credentials with wildcard
|
|
134
|
+
[ ] Null origin allowed?
|
|
135
|
+
[ ] Internal IPs allowed?
|
|
136
|
+
[ ] Sensitive endpoints CORS
|
|
242
137
|
```
|
|
243
138
|
|
|
244
|
-
###
|
|
245
|
-
|
|
246
|
-
### Step 3: Generate Report
|
|
247
|
-
|
|
248
|
-
**IMPORTANT:** Always save report to:
|
|
139
|
+
### Phase 9: JWT Security 🔴 **NEW**
|
|
249
140
|
```
|
|
250
|
-
|
|
141
|
+
[ ] Algorithm confusion (RS256→HS256)
|
|
142
|
+
[ ] alg:none bypass
|
|
143
|
+
[ ] Weak secret brute force
|
|
144
|
+
[ ] Null signature accepted
|
|
145
|
+
[ ] Token manipulation (exp, iat, sub)
|
|
146
|
+
[ ] JWKS cache poisoning
|
|
251
147
|
```
|
|
252
148
|
|
|
253
|
-
|
|
149
|
+
### Phase 10: GraphQL Security 🔴 **NEW**
|
|
254
150
|
```
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
151
|
+
[ ] Introspection enabled?
|
|
152
|
+
[ ] GraphQL IDE exposed
|
|
153
|
+
[ ] Authorization bypass (IDOR)
|
|
154
|
+
[ ] Batch query attack
|
|
155
|
+
[ ] Depth-based DoS
|
|
156
|
+
[ ] SQL/NoSQL Injection
|
|
258
157
|
```
|
|
259
158
|
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
## 🔧 TOOLS & SCRIPTS
|
|
263
|
-
|
|
264
|
-
Scripts available in `tools/`:
|
|
159
|
+
### Phase 11: OWASP Top 10 (A01-A10)
|
|
265
160
|
```
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
161
|
+
[ ] A01 - Broken Access Control
|
|
162
|
+
[ ] A02 - Cryptographic Failures
|
|
163
|
+
[ ] A03 - Injection
|
|
164
|
+
[ ] A04 - Insecure Design
|
|
165
|
+
[ ] A05 - Security Misconfiguration
|
|
166
|
+
[ ] A06 - Vulnerable Components
|
|
167
|
+
[ ] A07 - Auth Failures
|
|
168
|
+
[ ] A08 - Data Integrity
|
|
169
|
+
[ ] A09 - Logging Failures
|
|
170
|
+
[ ] A10 - SSRF
|
|
270
171
|
```
|
|
271
172
|
|
|
272
|
-
|
|
173
|
+
### Phase 12: Business Logic & API
|
|
174
|
+
```
|
|
175
|
+
[ ] IDOR
|
|
176
|
+
[ ] Privilege escalation
|
|
177
|
+
[ ] Price manipulation
|
|
178
|
+
[ ] API security (REST/GraphQL)
|
|
179
|
+
[ ] Rate limiting
|
|
273
180
|
```
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
181
|
+
|
|
182
|
+
---
|
|
183
|
+
|
|
184
|
+
## 🔧 TOOLS LOCATION
|
|
185
|
+
|
|
186
|
+
```
|
|
187
|
+
skills/pentesting/
|
|
188
|
+
├── SKILL.md # This file
|
|
189
|
+
├── checklists/
|
|
190
|
+
│ ├── headers.md # 9 headers detail
|
|
191
|
+
│ ├── owasp.md # OWASP Top 10
|
|
192
|
+
│ ├── ports.md # Port scanning
|
|
193
|
+
│ ├── injection.md # All injection types
|
|
194
|
+
│ ├── exposed-files.md # 🔴 NEW - Exposed files
|
|
195
|
+
│ ├── cors.md # 🔴 NEW - CORS security
|
|
196
|
+
│ ├── jwt.md # 🔴 NEW - JWT security
|
|
197
|
+
│ └── graphql.md # 🔴 NEW - GraphQL security
|
|
198
|
+
├── tools/
|
|
199
|
+
│ ├── header-scan.sh # Linux/Mac headers
|
|
200
|
+
│ ├── header-scan.ps1 # Windows headers
|
|
201
|
+
│ ├── exposed-files-scan.sh # 🔴 NEW - Exposed files
|
|
202
|
+
│ ├── exposed-files-scan.ps1 # 🔴 NEW - Exposed files
|
|
203
|
+
│ ├── full-scan.sh # 🔴 NEW - All-in-one Linux
|
|
204
|
+
│ └── full-scan.ps1 # 🔴 NEW - All-in-one Windows
|
|
205
|
+
└── reports/
|
|
206
|
+
└── template.md # Report template
|
|
279
207
|
```
|
|
280
208
|
|
|
281
209
|
---
|
|
282
210
|
|
|
283
211
|
## 🚀 QUICK COMMANDS
|
|
284
212
|
|
|
213
|
+
### Skill Health Check 🔴 **NEW**
|
|
214
|
+
```bash
|
|
215
|
+
# Windows PowerShell
|
|
216
|
+
.\tools\test-skill.ps1
|
|
217
|
+
.\tools\test-skill.ps1 -Verbose
|
|
218
|
+
|
|
219
|
+
# Linux/Mac
|
|
220
|
+
chmod +x tools/test-skill.sh
|
|
221
|
+
./tools/test-skill.sh
|
|
222
|
+
```
|
|
223
|
+
|
|
285
224
|
### Security Headers
|
|
286
225
|
```bash
|
|
287
226
|
# Linux/Mac
|
|
@@ -292,16 +231,30 @@ chmod +x tools/header-scan.sh
|
|
|
292
231
|
.\tools\header-scan.ps1 -Target https://target.com
|
|
293
232
|
```
|
|
294
233
|
|
|
234
|
+
### Exposed Files Scan 🔴 NEW
|
|
235
|
+
```bash
|
|
236
|
+
# Linux/Mac
|
|
237
|
+
chmod +x tools/exposed-files-scan.sh
|
|
238
|
+
./tools/exposed-files-scan.sh https://target.com
|
|
239
|
+
|
|
240
|
+
# Windows PowerShell
|
|
241
|
+
.\tools\exposed-files-scan.ps1 -Target https://target.com
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
### Full Security Scan (All-in-One) 🔴 NEW
|
|
245
|
+
```bash
|
|
246
|
+
# Linux/Mac
|
|
247
|
+
chmod +x tools/full-scan.sh
|
|
248
|
+
./tools/full-scan.sh https://target.com
|
|
249
|
+
|
|
250
|
+
# Windows PowerShell
|
|
251
|
+
.\tools\full-scan.ps1 -Target https://target.com
|
|
252
|
+
```
|
|
253
|
+
|
|
295
254
|
### Port Scanning
|
|
296
255
|
```bash
|
|
297
|
-
# Nmap quick
|
|
298
256
|
nmap -sV -p 21,22,80,443,3306,5432,8080 target.com
|
|
299
|
-
|
|
300
|
-
# Full scan
|
|
301
257
|
nmap -p- -sV target.com
|
|
302
|
-
|
|
303
|
-
# Nmap with scripts
|
|
304
|
-
nmap -sC -sV -p- target.com
|
|
305
258
|
```
|
|
306
259
|
|
|
307
260
|
### Vulnerability Scanning
|
|
@@ -319,12 +272,6 @@ dalfox url https://target.com/search?q=test
|
|
|
319
272
|
commix -u "http://target.com/ping?ip=127.0.0.1"
|
|
320
273
|
```
|
|
321
274
|
|
|
322
|
-
### Full Scan
|
|
323
|
-
```powershell
|
|
324
|
-
# Windows - All in one
|
|
325
|
-
.\tools\security-scan.ps1 -Target https://target.com
|
|
326
|
-
```
|
|
327
|
-
|
|
328
275
|
---
|
|
329
276
|
|
|
330
277
|
## 📊 OUTPUT FORMAT
|
|
@@ -347,7 +294,7 @@ F (0-29): Critical
|
|
|
347
294
|
```
|
|
348
295
|
|
|
349
296
|
### Report File
|
|
350
|
-
**Format:** `site/[domain]-[
|
|
297
|
+
**Format:** `site/[domain]-[date].md`
|
|
351
298
|
|
|
352
299
|
---
|
|
353
300
|
|
|
@@ -363,14 +310,19 @@ F (0-29): Critical
|
|
|
363
310
|
|
|
364
311
|
## 🆘 HELP COMMANDS
|
|
365
312
|
|
|
366
|
-
If user asks:
|
|
367
313
|
- "apa bisa ini?" → Show CAPABILITIES OVERVIEW
|
|
368
314
|
- "cara pakai" → Show QUICK COMMANDS
|
|
369
315
|
- "test sekarang" → Start the test workflow
|
|
370
|
-
- "check [target]" →
|
|
316
|
+
- "check [target]" → Full scan + save report
|
|
371
317
|
- "scan headers" → Run header scan
|
|
318
|
+
- "scan exposed files" → Run exposed files scan
|
|
319
|
+
- "full scan" → Run all-in-one scanner
|
|
372
320
|
- "test SQL injection" → Load SQLi payloads
|
|
373
|
-
- "
|
|
321
|
+
- "test CORS" → Load CORS checklist
|
|
322
|
+
- "test JWT" → Load JWT checklist
|
|
323
|
+
- "test GraphQL" → Load GraphQL checklist
|
|
324
|
+
- **"test skill" / "check skill" / "validate skill"** → Run skill health check
|
|
325
|
+
- **"skill status" / "skill health"** → Show skill installation status
|
|
374
326
|
|
|
375
327
|
---
|
|
376
328
|
|
|
@@ -378,16 +330,28 @@ If user asks:
|
|
|
378
330
|
|
|
379
331
|
```
|
|
380
332
|
User: "pentest untuk website ini: example.com"
|
|
381
|
-
→
|
|
333
|
+
→ Full pentest workflow → site/example.com-2025-07-05.md
|
|
382
334
|
|
|
383
335
|
User: "security audit untuk target.com"
|
|
384
|
-
→
|
|
336
|
+
→ Run all tests → site/target.com-2025-07-05.md
|
|
337
|
+
|
|
338
|
+
User: "check exposed files di website ini"
|
|
339
|
+
→ Run exposed files scan → site/target.com-exposed-2025-07-05.md
|
|
340
|
+
|
|
341
|
+
User: "test CORS di api.target.com"
|
|
342
|
+
→ Run CORS security tests
|
|
343
|
+
|
|
344
|
+
User: "audit JWT security"
|
|
345
|
+
→ Run JWT security checklist
|
|
346
|
+
|
|
347
|
+
User: "GraphQL security check"
|
|
348
|
+
→ Run GraphQL security tests
|
|
385
349
|
|
|
386
|
-
User: "
|
|
387
|
-
→
|
|
350
|
+
User: "test skill"
|
|
351
|
+
→ Run skill health check → Show test results
|
|
388
352
|
|
|
389
|
-
User: "
|
|
390
|
-
→
|
|
353
|
+
User: "validate skill installation"
|
|
354
|
+
→ Verify all files exist → Show skill status
|
|
391
355
|
```
|
|
392
356
|
|
|
393
357
|
---
|
|
@@ -395,5 +359,6 @@ User: "scan subdomain ini: api.target.com"
|
|
|
395
359
|
## ✅ SKILL READY
|
|
396
360
|
|
|
397
361
|
**Status:** ACTIVE & READY FOR USE
|
|
398
|
-
**Version:**
|
|
362
|
+
**Version:** 3.0
|
|
399
363
|
**Author:** Rz (@soulofzephir)
|
|
364
|
+
**Last Updated:** 2025-07-05
|