@soulofzephir/pi-skill-pentesting 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/PUBLISH.md +97 -0
- package/README.md +255 -0
- package/package.json +39 -0
- package/skills/pentesting/SKILL.md +399 -0
- package/skills/pentesting/checklists/headers.md +286 -0
- package/skills/pentesting/checklists/injection.md +456 -0
- package/skills/pentesting/checklists/owasp.md +291 -0
- package/skills/pentesting/checklists/ports.md +323 -0
- package/skills/pentesting/reports/template.md +268 -0
- package/skills/pentesting/tools/generate-report.ps1 +327 -0
- package/skills/pentesting/tools/header-scan.ps1 +202 -0
- package/skills/pentesting/tools/header-scan.sh +173 -0
- package/skills/pentesting/tools/security-scan.ps1 +338 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2025 Rz
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/PUBLISH.md
ADDED
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
# 🚀 Publish Instructions
|
|
2
|
+
|
|
3
|
+
## Step 1: Create GitHub Repository
|
|
4
|
+
|
|
5
|
+
### Option A: Web Browser (Recommended)
|
|
6
|
+
|
|
7
|
+
1. Go to: **https://github.com/new**
|
|
8
|
+
2. Fill in:
|
|
9
|
+
- **Repository name:** `pi-skill-pentesting`
|
|
10
|
+
- **Description:** `Comprehensive pentesting & security check skill for Pi coding agent`
|
|
11
|
+
- **Visibility:** Public
|
|
12
|
+
- **⚠️ DO NOT** check "Add a README file" (we already have one)
|
|
13
|
+
3. Click **"Create repository"**
|
|
14
|
+
|
|
15
|
+
### Option B: If you have `gh` CLI installed
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
gh auth login
|
|
19
|
+
gh repo create pi-skill-pentesting --public --description "Pentesting skill for Pi"
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
## Step 2: Push to GitHub
|
|
25
|
+
|
|
26
|
+
After creating the repo on GitHub, run:
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
cd H:/belajar/test/pi-skill-pentesting
|
|
30
|
+
git push -u origin main
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## Step 3: Publish to npm
|
|
36
|
+
|
|
37
|
+
### First, login to npm:
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
npm login
|
|
41
|
+
# Enter your npm username, email, and password
|
|
42
|
+
# For 2FA: use OTP from your authenticator app
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Then publish:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
npm publish --access public
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
> **⚠️ Note:** First time publish may need verification. Check your email!
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## ✅ After Successful Publish
|
|
56
|
+
|
|
57
|
+
Your package will be live at:
|
|
58
|
+
- **GitHub:** https://github.com/soulofzephir/pi-skill-pentesting
|
|
59
|
+
- **npm:** https://www.npmjs.com/package/@soulofzephir/pi-skill-pentesting
|
|
60
|
+
|
|
61
|
+
---
|
|
62
|
+
|
|
63
|
+
## 📥 Installation (After Publish)
|
|
64
|
+
|
|
65
|
+
Anyone can now install with:
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
npm install -g @soulofzephir/pi-skill-pentesting
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
---
|
|
72
|
+
|
|
73
|
+
## 🔄 Version Updates
|
|
74
|
+
|
|
75
|
+
```bash
|
|
76
|
+
# 1. Edit version in package.json
|
|
77
|
+
# 2. Commit
|
|
78
|
+
git add .
|
|
79
|
+
git commit -m "v1.0.1"
|
|
80
|
+
git push origin main
|
|
81
|
+
git tag v1.0.1
|
|
82
|
+
git push origin v1.0.1
|
|
83
|
+
|
|
84
|
+
# 3. Publish
|
|
85
|
+
npm publish
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## 📋 Quick Summary
|
|
91
|
+
|
|
92
|
+
```
|
|
93
|
+
GitHub: https://github.com/soulofzephir/pi-skill-pentesting
|
|
94
|
+
npm: https://www.npmjs.com/package/@soulofzephir/pi-skill-pentesting
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
**Package ready to publish! 🎉**
|
package/README.md
ADDED
|
@@ -0,0 +1,255 @@
|
|
|
1
|
+
# 🛡️ Pi Skill - Pentesting & Security Check
|
|
2
|
+
|
|
3
|
+
> **Comprehensive security testing skill for Pi coding agent**
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/@soulofzephir/pi-skill-pentesting)
|
|
6
|
+
[](https://opensource.org/licenses/MIT)
|
|
7
|
+
[](https://github.com/soulofzephir/pi-skill-pentesting)
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## 👨💻 Author
|
|
12
|
+
|
|
13
|
+
### Rz | @soulofzephir
|
|
14
|
+
|
|
15
|
+
<a href="https://github.com/soulofzephir">
|
|
16
|
+
<img src="https://img.shields.io/badge/GitHub-soulofzephir-181717?style=for-the-badge&logo=github" alt="GitHub"/>
|
|
17
|
+
</a>
|
|
18
|
+
<a href="https://www.npmjs.com/~soulofzephir">
|
|
19
|
+
<img src="https://img.shields.io/badge/npm-soulofzephir-CB3837?style=for-the-badge&logo=npm" alt="npm"/>
|
|
20
|
+
</a>
|
|
21
|
+
|
|
22
|
+
Security enthusiast & automation lover. Building tools for ethical hacking and security assessment.
|
|
23
|
+
|
|
24
|
+
> *"Empowering developers to secure their applications with comprehensive testing tools."*
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## 📋 Description
|
|
29
|
+
|
|
30
|
+
Comprehensive pentesting & security check skill for [Pi coding agent](https://pi.dev). Provides:
|
|
31
|
+
|
|
32
|
+
| Category | Coverage |
|
|
33
|
+
|----------|----------|
|
|
34
|
+
| 🔒 **Security Headers** | 9 critical headers analysis |
|
|
35
|
+
| 🔌 **Port Scanning** | 20+ common ports detection |
|
|
36
|
+
| 💉 **SQL Injection** | Union, Blind, Time-based testing |
|
|
37
|
+
| 🖥️ **XSS Testing** | Reflected, Stored, DOM-based |
|
|
38
|
+
| ⚡ **Command Injection** | Linux & Windows payloads |
|
|
39
|
+
| 📄 **XXE Testing** | XML injection detection |
|
|
40
|
+
| 📋 **OWASP Top 10** | Complete A01-A10 checklist |
|
|
41
|
+
| 🔐 **SSL/TLS Audit** | Certificate & cipher analysis |
|
|
42
|
+
|
|
43
|
+
---
|
|
44
|
+
|
|
45
|
+
## 🚀 Installation
|
|
46
|
+
|
|
47
|
+
### Option 1: npm (Recommended)
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
npm install -g @soulofzephir/pi-skill-pentesting
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
### Option 2: Manual
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
# Clone repository
|
|
57
|
+
git clone https://github.com/soulofzephir/pi-skill-pentesting.git
|
|
58
|
+
|
|
59
|
+
# Copy to Pi skills folder
|
|
60
|
+
cp -r skills/pentesting ~/.pi/agent/skills/
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### Option 3: Git Submodule
|
|
64
|
+
|
|
65
|
+
```bash
|
|
66
|
+
# Add as submodule to your project
|
|
67
|
+
git submodule add https://github.com/soulofzephir/pi-skill-pentesting.git .pi/skills/pentesting
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
|
|
72
|
+
## 🎯 Quick Usage
|
|
73
|
+
|
|
74
|
+
### In Pi, simply type:
|
|
75
|
+
|
|
76
|
+
```
|
|
77
|
+
pentest https://example.com
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
### Or use specific commands:
|
|
81
|
+
|
|
82
|
+
```
|
|
83
|
+
/skill pentesting
|
|
84
|
+
security check https://example.com
|
|
85
|
+
test SQL injection di endpoint ini
|
|
86
|
+
scan headers untuk website saya
|
|
87
|
+
OWASP check
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
---
|
|
91
|
+
|
|
92
|
+
## 📁 Package Structure
|
|
93
|
+
|
|
94
|
+
```
|
|
95
|
+
@ soulofzephir/pi-skill-pentesting/
|
|
96
|
+
├── package.json # NPM & Pi manifest
|
|
97
|
+
├── README.md # This file
|
|
98
|
+
├── LICENSE # MIT License
|
|
99
|
+
├── skills/
|
|
100
|
+
│ └── pentesting/
|
|
101
|
+
│ ├── SKILL.md # Main skill file
|
|
102
|
+
│ ├── checklists/
|
|
103
|
+
│ │ ├── headers.md # Security headers detail
|
|
104
|
+
│ │ ├── owasp.md # OWASP Top 10
|
|
105
|
+
│ │ ├── ports.md # Port scanning
|
|
106
|
+
│ │ └── injection.md # All injection types
|
|
107
|
+
│ ├── tools/
|
|
108
|
+
│ │ ├── header-scan.sh # Linux/Mac
|
|
109
|
+
│ │ ├── header-scan.ps1 # Windows
|
|
110
|
+
│ │ └── security-scan.ps1 # Windows All-in-One
|
|
111
|
+
│ └── reports/
|
|
112
|
+
│ └── template.md # Report template
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
---
|
|
116
|
+
|
|
117
|
+
## 🔍 What This Skill Does
|
|
118
|
+
|
|
119
|
+
### 1️⃣ Security Headers Analysis
|
|
120
|
+
Checks 9 critical security headers:
|
|
121
|
+
- ✅ CSP (Content-Security-Policy)
|
|
122
|
+
- ✅ HSTS (Strict-Transport-Security)
|
|
123
|
+
- ✅ X-Content-Type-Options
|
|
124
|
+
- ✅ X-Frame-Options
|
|
125
|
+
- ✅ Referrer-Policy
|
|
126
|
+
- ✅ Permissions-Policy
|
|
127
|
+
- ✅ Cache-Control
|
|
128
|
+
- ✅ Server header
|
|
129
|
+
- ✅ X-Powered-By
|
|
130
|
+
|
|
131
|
+
### 2️⃣ Port Scanning
|
|
132
|
+
Detects open ports and high-risk services:
|
|
133
|
+
- Database ports (3306, 5432, 27017, 6379)
|
|
134
|
+
- Remote access (22, 3389)
|
|
135
|
+
- Web ports (80, 443, 8080)
|
|
136
|
+
- Dangerous exposed services (Docker 2375)
|
|
137
|
+
|
|
138
|
+
### 3️⃣ Injection Testing
|
|
139
|
+
Comprehensive payloads for:
|
|
140
|
+
- **SQL Injection** - Union, Blind, Time-based, Error-based
|
|
141
|
+
- **XSS** - Reflected, Stored, DOM, Polyglots
|
|
142
|
+
- **Command Injection** - Linux & Windows
|
|
143
|
+
- **XXE** - Basic, Blind, Billion Laughs
|
|
144
|
+
- **LDAP Injection** - Auth bypass
|
|
145
|
+
- **SSTI** - Jinja2, Twig, Handlebars
|
|
146
|
+
|
|
147
|
+
### 4️⃣ OWASP Top 10 Checklist
|
|
148
|
+
Complete testing for:
|
|
149
|
+
- A01: Broken Access Control
|
|
150
|
+
- A02: Cryptographic Failures
|
|
151
|
+
- A03: Injection
|
|
152
|
+
- A04: Insecure Design
|
|
153
|
+
- A05: Security Misconfiguration
|
|
154
|
+
- A06: Vulnerable Components
|
|
155
|
+
- A07: Authentication Failures
|
|
156
|
+
- A08: Software & Data Integrity
|
|
157
|
+
- A09: Security Logging
|
|
158
|
+
- A10: Server-Side Request Forgery (SSRF)
|
|
159
|
+
|
|
160
|
+
---
|
|
161
|
+
|
|
162
|
+
## 🛠️ Tools Included
|
|
163
|
+
|
|
164
|
+
### Automated Scripts
|
|
165
|
+
|
|
166
|
+
| Script | Platform | Description |
|
|
167
|
+
|--------|----------|-------------|
|
|
168
|
+
| `header-scan.sh` | Linux/Mac | Security headers scanner |
|
|
169
|
+
| `header-scan.ps1` | Windows | Security headers scanner |
|
|
170
|
+
| `security-scan.ps1` | Windows | **All-in-one scanner** |
|
|
171
|
+
|
|
172
|
+
### External Tools Recommended
|
|
173
|
+
|
|
174
|
+
```
|
|
175
|
+
Headers: securityheaders.com, observatory.mozilla.org
|
|
176
|
+
Vuln Scan: Nuclei, OWASP ZAP, Nikto
|
|
177
|
+
SSL/TLS: testssl.sh, ssllabs.com
|
|
178
|
+
SQLi: SQLMap
|
|
179
|
+
XSS: Dalfox, XSStrike
|
|
180
|
+
Cmd Inj: Commix
|
|
181
|
+
Ports: Nmap, RustScan
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
---
|
|
185
|
+
|
|
186
|
+
## 📊 Output
|
|
187
|
+
|
|
188
|
+
### Header Security Score (0-100)
|
|
189
|
+
```
|
|
190
|
+
A (90-100): Excellent
|
|
191
|
+
B (70-89): Good
|
|
192
|
+
C (50-69): Needs Improvement
|
|
193
|
+
D (30-49): Poor
|
|
194
|
+
F (0-29): Critical
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
### Vulnerability Severity
|
|
198
|
+
```
|
|
199
|
+
🔴 CRITICAL → Fix immediately
|
|
200
|
+
🟠 HIGH → Fix within 1 week
|
|
201
|
+
🟡 MEDIUM → Fix within 1 month
|
|
202
|
+
🟢 LOW/INFO → Fix when possible
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
---
|
|
206
|
+
|
|
207
|
+
## ⚠️ Disclaimer
|
|
208
|
+
|
|
209
|
+
> **For authorized testing only!**
|
|
210
|
+
>
|
|
211
|
+
> - ✅ Test your own websites
|
|
212
|
+
> - ✅ Test with written permission
|
|
213
|
+
> - ❌ **NEVER** test without authorization - it's ILLEGAL
|
|
214
|
+
|
|
215
|
+
---
|
|
216
|
+
|
|
217
|
+
## 🤝 Contributing
|
|
218
|
+
|
|
219
|
+
Contributions welcome! Feel free to submit issues and pull requests.
|
|
220
|
+
|
|
221
|
+
1. Fork the repository
|
|
222
|
+
2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
|
|
223
|
+
3. Commit your changes (`git commit -m 'Add AmazingFeature'`)
|
|
224
|
+
4. Push to the branch (`git push origin feature/AmazingFeature`)
|
|
225
|
+
5. Open a Pull Request
|
|
226
|
+
|
|
227
|
+
---
|
|
228
|
+
|
|
229
|
+
## 📝 License
|
|
230
|
+
|
|
231
|
+
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
|
232
|
+
|
|
233
|
+
---
|
|
234
|
+
|
|
235
|
+
## 🙏 Credits
|
|
236
|
+
|
|
237
|
+
Built with 💪 by **[Rz (@soulofzephir)](https://github.com/soulofzephir)**
|
|
238
|
+
|
|
239
|
+
Special thanks to:
|
|
240
|
+
- [Pi Coding Agent](https://pi.dev) - The coding harness
|
|
241
|
+
- [Agent Skills Standard](https://agentskills.io) - Skill specification
|
|
242
|
+
|
|
243
|
+
---
|
|
244
|
+
|
|
245
|
+
## ⭐ Show Your Support
|
|
246
|
+
|
|
247
|
+
If this skill helped you, give it a ⭐!
|
|
248
|
+
|
|
249
|
+
```bash
|
|
250
|
+
npm install -g @soulofzephir/pi-skill-pentesting
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
---
|
|
254
|
+
|
|
255
|
+
**Made with ❤️ by Rz | [@soulofzephir](https://github.com/soulofzephir) | [Report Issue](https://github.com/soulofzephir/pi-skill-pentesting/issues)**
|
package/package.json
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@soulofzephir/pi-skill-pentesting",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Comprehensive pentesting & security check skill for Pi coding agent - headers, ports, SQLi, XSS, OWASP Top 10",
|
|
5
|
+
"keywords": [
|
|
6
|
+
"pi",
|
|
7
|
+
"pi-package",
|
|
8
|
+
"pi-skill",
|
|
9
|
+
"pentesting",
|
|
10
|
+
"security",
|
|
11
|
+
"security-audit",
|
|
12
|
+
"vulnerability-scan",
|
|
13
|
+
"ethical-hacking"
|
|
14
|
+
],
|
|
15
|
+
"homepage": "https://github.com/soulofzephir/pi-skill-pentesting",
|
|
16
|
+
"bugs": {
|
|
17
|
+
"url": "https://github.com/soulofzephir/pi-skill-pentesting/issues"
|
|
18
|
+
},
|
|
19
|
+
"license": "MIT",
|
|
20
|
+
"author": {
|
|
21
|
+
"name": "Rz",
|
|
22
|
+
"url": "https://github.com/soulofzephir"
|
|
23
|
+
},
|
|
24
|
+
"contributors": [],
|
|
25
|
+
"repository": {
|
|
26
|
+
"type": "git",
|
|
27
|
+
"url": "https://github.com/soulofzephir/pi-skill-pentesting.git"
|
|
28
|
+
},
|
|
29
|
+
"pi": {
|
|
30
|
+
"skills": "./skills",
|
|
31
|
+
"description": "Pentesting & Security Check Skill for Pi"
|
|
32
|
+
},
|
|
33
|
+
"scripts": {
|
|
34
|
+
"install": "echo 'Skill installed! Restart Pi to use: /skill pentesting'"
|
|
35
|
+
},
|
|
36
|
+
"engines": {
|
|
37
|
+
"node": ">=18.0.0"
|
|
38
|
+
}
|
|
39
|
+
}
|