create-vasvibe 2.4.0 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +170 -167
- package/bin/cli.mjs +9 -9
- package/package.json +45 -45
- package/src/git.mjs +47 -47
- package/src/index.mjs +228 -228
- package/src/prompts.mjs +113 -113
- package/src/scaffold.mjs +74 -74
- package/src/upgrade.mjs +121 -121
- package/src/utils.mjs +91 -91
- package/template/.agents/agents/analyst/agent.json +43 -43
- package/template/.agents/agents/backend/agent.json +44 -44
- package/template/.agents/agents/data-architect/agent.json +43 -43
- package/template/.agents/agents/devops/agent.json +44 -44
- package/template/.agents/agents/discovery/agent.json +43 -43
- package/template/.agents/agents/document/agent.json +43 -43
- package/template/.agents/agents/explorer/agent.json +43 -43
- package/template/.agents/agents/fixer/agent.json +44 -44
- package/template/.agents/agents/frontend/agent.json +44 -44
- package/template/.agents/agents/fullstack/agent.json +44 -44
- package/template/.agents/agents/initiator/agent.json +41 -41
- package/template/.agents/agents/logger/agent.json +43 -43
- package/template/.agents/agents/manual-tester/agent.json +44 -0
- package/template/.agents/agents/orchestrator/agent.json +44 -44
- package/template/.agents/agents/pm/agent.json +42 -42
- package/template/.agents/agents/qa/agent.json +44 -44
- package/template/.agents/agents/reliability/agent.json +44 -44
- package/template/.agents/agents/security/agent.json +44 -44
- package/template/.agents/agents/sysarch/agent.json +44 -44
- package/template/.agents/agents/tester/agent.json +44 -44
- package/template/.agents/agents/toolsmith/agent.json +44 -44
- package/template/.agents/agents/ux-designer/agent.json +43 -43
- package/template/.agents/skills/find-skills/SKILL.md +142 -142
- package/template/.agents/skills/fullstack/SKILL.md +89 -89
- package/template/.agents/skills/penetration-testing/SKILL.md +94 -94
- package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.agents/skills/pm/SKILL.md +170 -170
- package/template/.agents/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.agents/workflows/build-feature.md +21 -21
- package/template/.agents/workflows/build-prototype.md +32 -32
- package/template/.agents/workflows/daily-standup.md +16 -16
- package/template/.agents/workflows/deliver-feature.md +16 -16
- package/template/.agents/workflows/explorer.md +78 -78
- package/template/.agents/workflows/harden-release.md +21 -21
- package/template/.agents/workflows/logger.md +117 -117
- package/template/.agents/workflows/plan-feature.md +30 -30
- package/template/.agents/workflows/plan-project.md +25 -25
- package/template/.agents/workflows/release.md +18 -18
- package/template/.agents/workflows/security-audit.md +19 -19
- package/template/.agents/workflows/setup-workspace.md +21 -21
- package/template/.agents/workflows/start-fix.md +18 -18
- package/template/.agents/workflows/test-feature.md +17 -17
- package/template/.claude/agents/analyst.md +109 -109
- package/template/.claude/agents/backend.md +61 -61
- package/template/.claude/agents/data-architect.md +43 -43
- package/template/.claude/agents/devops.md +44 -43
- package/template/.claude/agents/discovery.md +51 -51
- package/template/.claude/agents/document.md +51 -51
- package/template/.claude/agents/explorer.md +138 -138
- package/template/.claude/agents/fixer.md +87 -86
- package/template/.claude/agents/frontend.md +65 -65
- package/template/.claude/agents/fullstack.md +91 -90
- package/template/.claude/agents/initiator.md +74 -74
- package/template/.claude/agents/logger.md +143 -143
- package/template/.claude/agents/manual-tester.md +108 -0
- package/template/.claude/agents/orchestrator.md +138 -137
- package/template/.claude/agents/pm.md +199 -199
- package/template/.claude/agents/qa.md +66 -65
- package/template/.claude/agents/reliability.md +48 -47
- package/template/.claude/agents/security.md +107 -106
- package/template/.claude/agents/sysarch.md +301 -301
- package/template/.claude/agents/tester.md +100 -100
- package/template/.claude/agents/toolsmith.md +77 -76
- package/template/.claude/agents/ux-designer.md +45 -45
- package/template/.claude/commands/build-feature.md +22 -22
- package/template/.claude/commands/build-prototype.md +33 -33
- package/template/.claude/commands/daily-standup.md +16 -16
- package/template/.claude/commands/deliver-feature.md +17 -17
- package/template/.claude/commands/harden-release.md +22 -22
- package/template/.claude/commands/manual-test.md +19 -0
- package/template/.claude/commands/plan-feature.md +31 -31
- package/template/.claude/commands/plan-project.md +26 -26
- package/template/.claude/commands/release.md +19 -19
- package/template/.claude/commands/security-audit.md +20 -20
- package/template/.claude/commands/setup-workspace.md +22 -22
- package/template/.claude/commands/start-fix.md +19 -19
- package/template/.claude/commands/test-feature.md +18 -18
- package/template/.claude/skills/find-skills/SKILL.md +142 -142
- package/template/.claude/skills/penetration-testing/SKILL.md +94 -94
- package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.claude/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/.github/prompts/analyst.prompt.md +104 -104
- package/template/.github/prompts/backend.prompt.md +44 -44
- package/template/.github/prompts/data-architect.prompt.md +38 -38
- package/template/.github/prompts/devops.prompt.md +32 -32
- package/template/.github/prompts/discovery.prompt.md +39 -39
- package/template/.github/prompts/document.prompt.md +14 -14
- package/template/.github/prompts/explorer.prompt.md +133 -133
- package/template/.github/prompts/fixer.prompt.md +82 -81
- package/template/.github/prompts/frontend.prompt.md +60 -60
- package/template/.github/prompts/fullstack.prompt.md +86 -86
- package/template/.github/prompts/initiator.prompt.md +55 -55
- package/template/.github/prompts/logger.prompt.md +138 -138
- package/template/.github/prompts/manual-tester.prompt.md +103 -0
- package/template/.github/prompts/orchestrator.prompt.md +133 -133
- package/template/.github/prompts/pm.prompt.md +186 -186
- package/template/.github/prompts/qa.prompt.md +57 -57
- package/template/.github/prompts/reliability.prompt.md +44 -44
- package/template/.github/prompts/security.prompt.md +41 -41
- package/template/.github/prompts/sysarch.prompt.md +351 -351
- package/template/.github/prompts/tester.prompt.md +107 -107
- package/template/.github/prompts/toolsmith.prompt.md +46 -46
- package/template/.github/prompts/ux-designer.prompt.md +41 -41
- package/template/.opencode/agents/analyst.md +108 -108
- package/template/.opencode/agents/backend.md +61 -61
- package/template/.opencode/agents/data-architect.md +43 -43
- package/template/.opencode/agents/devops.md +44 -44
- package/template/.opencode/agents/discovery.md +51 -51
- package/template/.opencode/agents/document.md +51 -51
- package/template/.opencode/agents/explorer.md +137 -137
- package/template/.opencode/agents/fixer.md +86 -85
- package/template/.opencode/agents/frontend.md +64 -64
- package/template/.opencode/agents/fullstack.md +90 -89
- package/template/.opencode/agents/initiator.md +74 -74
- package/template/.opencode/agents/logger.md +142 -142
- package/template/.opencode/agents/manual-tester.md +107 -0
- package/template/.opencode/agents/orchestrator.md +137 -133
- package/template/.opencode/agents/pm.md +199 -199
- package/template/.opencode/agents/qa.md +66 -65
- package/template/.opencode/agents/reliability.md +48 -48
- package/template/.opencode/agents/security.md +107 -107
- package/template/.opencode/agents/sysarch.md +301 -301
- package/template/.opencode/agents/tester.md +100 -100
- package/template/.opencode/agents/toolsmith.md +77 -77
- package/template/.opencode/agents/ux-designer.md +45 -45
- package/template/.opencode/commands/build-feature.md +21 -21
- package/template/.opencode/commands/build-prototype.md +32 -32
- package/template/.opencode/commands/daily-standup.md +16 -16
- package/template/.opencode/commands/deliver-feature.md +16 -16
- package/template/.opencode/commands/harden-release.md +21 -21
- package/template/.opencode/commands/manual-test.md +18 -0
- package/template/.opencode/commands/plan-feature.md +30 -30
- package/template/.opencode/commands/plan-project.md +25 -25
- package/template/.opencode/commands/release.md +18 -18
- package/template/.opencode/commands/security-audit.md +19 -19
- package/template/.opencode/commands/setup-workspace.md +21 -21
- package/template/.opencode/commands/start-fix.md +18 -18
- package/template/.opencode/commands/test-feature.md +17 -17
- package/template/.opencode/skills/penetration-testing/SKILL.md +94 -94
- package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -328
- package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -135
- package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +658 -658
- package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -414
- package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +30 -30
- package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1775 -1775
- package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1778 -1778
- package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +105 -105
- package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -162
- package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -56
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -53
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -51
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -54
- package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -50
- package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -74
- package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -262
- package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -1148
- package/template/AGENT_PERSONAS.md +595 -551
- package/template/GIT_STRUCTURE_GUIDE.md +270 -270
- package/template/PROJECT_README.example.md +81 -81
- package/template/QUICK-START.md +134 -131
- package/template/README.md +1942 -1919
- package/template/_gitignore +138 -138
- package/template/agent/workflows/_shared/change-management.md +70 -70
- package/template/agent/workflows/_shared/git-branch-management.md +25 -25
- package/template/agent/workflows/_shared/phases.md +88 -88
- package/template/agent/workflows/_shared/state-management.md +87 -87
- package/template/agent/workflows/_shared/work-depth.md +46 -46
- package/template/agent/workflows/analyst.md +104 -104
- package/template/agent/workflows/backend.md +61 -61
- package/template/agent/workflows/data-architect.md +43 -43
- package/template/agent/workflows/devops.md +44 -44
- package/template/agent/workflows/discovery.md +51 -51
- package/template/agent/workflows/document.md +51 -51
- package/template/agent/workflows/explorer.md +133 -133
- package/template/agent/workflows/fixer.md +82 -81
- package/template/agent/workflows/frontend.md +60 -60
- package/template/agent/workflows/fullstack.md +86 -86
- package/template/agent/workflows/initiator.md +74 -74
- package/template/agent/workflows/logger.md +138 -138
- package/template/agent/workflows/manual-tester.md +103 -0
- package/template/agent/workflows/orchestrator.md +133 -133
- package/template/agent/workflows/pm.md +199 -199
- package/template/agent/workflows/qa.md +66 -66
- package/template/agent/workflows/reliability.md +48 -48
- package/template/agent/workflows/security.md +107 -107
- package/template/agent/workflows/sysarch.md +301 -301
- package/template/agent/workflows/tester.md +100 -100
- package/template/agent/workflows/toolsmith.md +77 -77
- package/template/agent/workflows/ux-designer.md +45 -45
- package/template/codes/.gitkeep +1 -1
- package/template/project_overview_example.md +54 -54
- package/template/schemas/adr.template.md +36 -36
- package/template/schemas/changelog.template.md +34 -34
- package/template/schemas/data-model.template.md +57 -57
- package/template/schemas/design-system.template.md +63 -63
- package/template/schemas/dev_log.template.md +20 -20
- package/template/schemas/product-ci.template.yml +50 -50
- package/template/schemas/requirements.template.md +64 -64
- package/template/schemas/security-standards.template.md +58 -58
- package/template/schemas/security_report.template.md +89 -89
- package/template/schemas/specification.template.md +71 -71
- package/template/schemas/style_guide.template.md +29 -29
- package/template/schemas/task_list.template.md +28 -28
- package/template/schemas/workspace-manifest.template.json +24 -24
- package/template/schemas/workspace-registry.json +95 -95
- package/template/skills-lock.json +11 -11
- package/template/specifications/.gitkeep +3 -3
- package/template/state/knowledge_base/.gitkeep +1 -1
- package/template/state/knowledge_base/requirements/.gitkeep +1 -1
- package/template/tests/.gitkeep +1 -1
- package/template/.claude/settings.local.json +0 -44
|
@@ -1,94 +1,94 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: penetration-testing
|
|
3
|
-
description: >
|
|
4
|
-
Ethical hacking and security testing methodologies using penetration testing
|
|
5
|
-
tools, exploit frameworks, and manual security validation. Use when assessing
|
|
6
|
-
application security posture and identifying exploitable vulnerabilities.
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
# Penetration Testing
|
|
10
|
-
|
|
11
|
-
## Table of Contents
|
|
12
|
-
|
|
13
|
-
- [Overview](#overview)
|
|
14
|
-
- [When to Use](#when-to-use)
|
|
15
|
-
- [Quick Start](#quick-start)
|
|
16
|
-
- [Reference Guides](#reference-guides)
|
|
17
|
-
- [Best Practices](#best-practices)
|
|
18
|
-
|
|
19
|
-
## Overview
|
|
20
|
-
|
|
21
|
-
Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
|
|
22
|
-
|
|
23
|
-
## When to Use
|
|
24
|
-
|
|
25
|
-
- Pre-production security validation
|
|
26
|
-
- Annual security assessments
|
|
27
|
-
- Compliance requirements (PCI-DSS, ISO 27001)
|
|
28
|
-
- Post-incident security review
|
|
29
|
-
- Third-party security audits
|
|
30
|
-
- Red team exercises
|
|
31
|
-
|
|
32
|
-
## Quick Start
|
|
33
|
-
|
|
34
|
-
Minimal working example:
|
|
35
|
-
|
|
36
|
-
```python
|
|
37
|
-
# pentest_framework.py
|
|
38
|
-
import requests
|
|
39
|
-
import socket
|
|
40
|
-
import subprocess
|
|
41
|
-
import json
|
|
42
|
-
from typing import List, Dict
|
|
43
|
-
from dataclasses import dataclass, asdict
|
|
44
|
-
from datetime import datetime
|
|
45
|
-
|
|
46
|
-
@dataclass
|
|
47
|
-
class Finding:
|
|
48
|
-
severity: str
|
|
49
|
-
category: str
|
|
50
|
-
target: str
|
|
51
|
-
vulnerability: str
|
|
52
|
-
evidence: str
|
|
53
|
-
remediation: str
|
|
54
|
-
cvss_score: float
|
|
55
|
-
|
|
56
|
-
class PenetrationTester:
|
|
57
|
-
def __init__(self, target: str):
|
|
58
|
-
self.target = target
|
|
59
|
-
self.findings: List[Finding] = []
|
|
60
|
-
|
|
61
|
-
def test_sql_injection(self, url: str) -> None:
|
|
62
|
-
// ... (see reference guides for full implementation)
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
## Reference Guides
|
|
66
|
-
|
|
67
|
-
Detailed implementations in the `references/` directory:
|
|
68
|
-
|
|
69
|
-
| Guide | Contents |
|
|
70
|
-
|---|---|
|
|
71
|
-
| [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
|
|
72
|
-
| [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
|
|
73
|
-
|
|
74
|
-
## Best Practices
|
|
75
|
-
|
|
76
|
-
### ✅ DO
|
|
77
|
-
|
|
78
|
-
- Get written authorization
|
|
79
|
-
- Define clear scope
|
|
80
|
-
- Use controlled environments
|
|
81
|
-
- Document all findings
|
|
82
|
-
- Follow responsible disclosure
|
|
83
|
-
- Provide remediation guidance
|
|
84
|
-
- Verify fixes after patching
|
|
85
|
-
- Maintain chain of custody
|
|
86
|
-
|
|
87
|
-
### ❌ DON'T
|
|
88
|
-
|
|
89
|
-
- Test production without approval
|
|
90
|
-
- Cause service disruption
|
|
91
|
-
- Exfiltrate sensitive data
|
|
92
|
-
- Share findings publicly
|
|
93
|
-
- Exceed authorized scope
|
|
94
|
-
- Use destructive payloads
|
|
1
|
+
---
|
|
2
|
+
name: penetration-testing
|
|
3
|
+
description: >
|
|
4
|
+
Ethical hacking and security testing methodologies using penetration testing
|
|
5
|
+
tools, exploit frameworks, and manual security validation. Use when assessing
|
|
6
|
+
application security posture and identifying exploitable vulnerabilities.
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Penetration Testing
|
|
10
|
+
|
|
11
|
+
## Table of Contents
|
|
12
|
+
|
|
13
|
+
- [Overview](#overview)
|
|
14
|
+
- [When to Use](#when-to-use)
|
|
15
|
+
- [Quick Start](#quick-start)
|
|
16
|
+
- [Reference Guides](#reference-guides)
|
|
17
|
+
- [Best Practices](#best-practices)
|
|
18
|
+
|
|
19
|
+
## Overview
|
|
20
|
+
|
|
21
|
+
Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
|
|
22
|
+
|
|
23
|
+
## When to Use
|
|
24
|
+
|
|
25
|
+
- Pre-production security validation
|
|
26
|
+
- Annual security assessments
|
|
27
|
+
- Compliance requirements (PCI-DSS, ISO 27001)
|
|
28
|
+
- Post-incident security review
|
|
29
|
+
- Third-party security audits
|
|
30
|
+
- Red team exercises
|
|
31
|
+
|
|
32
|
+
## Quick Start
|
|
33
|
+
|
|
34
|
+
Minimal working example:
|
|
35
|
+
|
|
36
|
+
```python
|
|
37
|
+
# pentest_framework.py
|
|
38
|
+
import requests
|
|
39
|
+
import socket
|
|
40
|
+
import subprocess
|
|
41
|
+
import json
|
|
42
|
+
from typing import List, Dict
|
|
43
|
+
from dataclasses import dataclass, asdict
|
|
44
|
+
from datetime import datetime
|
|
45
|
+
|
|
46
|
+
@dataclass
|
|
47
|
+
class Finding:
|
|
48
|
+
severity: str
|
|
49
|
+
category: str
|
|
50
|
+
target: str
|
|
51
|
+
vulnerability: str
|
|
52
|
+
evidence: str
|
|
53
|
+
remediation: str
|
|
54
|
+
cvss_score: float
|
|
55
|
+
|
|
56
|
+
class PenetrationTester:
|
|
57
|
+
def __init__(self, target: str):
|
|
58
|
+
self.target = target
|
|
59
|
+
self.findings: List[Finding] = []
|
|
60
|
+
|
|
61
|
+
def test_sql_injection(self, url: str) -> None:
|
|
62
|
+
// ... (see reference guides for full implementation)
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## Reference Guides
|
|
66
|
+
|
|
67
|
+
Detailed implementations in the `references/` directory:
|
|
68
|
+
|
|
69
|
+
| Guide | Contents |
|
|
70
|
+
|---|---|
|
|
71
|
+
| [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
|
|
72
|
+
| [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
|
|
73
|
+
|
|
74
|
+
## Best Practices
|
|
75
|
+
|
|
76
|
+
### ✅ DO
|
|
77
|
+
|
|
78
|
+
- Get written authorization
|
|
79
|
+
- Define clear scope
|
|
80
|
+
- Use controlled environments
|
|
81
|
+
- Document all findings
|
|
82
|
+
- Follow responsible disclosure
|
|
83
|
+
- Provide remediation guidance
|
|
84
|
+
- Verify fixes after patching
|
|
85
|
+
- Maintain chain of custody
|
|
86
|
+
|
|
87
|
+
### ❌ DON'T
|
|
88
|
+
|
|
89
|
+
- Test production without approval
|
|
90
|
+
- Cause service disruption
|
|
91
|
+
- Exfiltrate sensitive data
|
|
92
|
+
- Share findings publicly
|
|
93
|
+
- Exceed authorized scope
|
|
94
|
+
- Use destructive payloads
|