myaidev-method 0.2.18 → 0.2.22

package/src/templates/claude/commands/sc:security-report.md

@@ -0,0 +1,756 @@
+---
+name: security-report
+description: Professional security assessment report generation with executive and technical sections
+version: 1.0.0
+category: security
+agent: penetration-tester
+---
+
+# Security Report Generation Command
+
+Generate comprehensive, professional security assessment reports following industry standards for penetration testing and security auditing.
+
+## Report Types
+
+1. **Executive Summary** - C-level, non-technical stakeholders
+2. **Technical Report** - IT/Security teams, detailed findings
+3. **Remediation Plan** - Prioritized action items with timelines
+4. **Compliance Report** - Regulatory framework validation (PCI-DSS, HIPAA, etc.)
+5. **Quick Assessment** - Rapid security posture overview
+
+## Command Workflow
+
+### Step 1: Gather Assessment Data
+
+```bash
+# Collect all assessment artifacts
+ls -la reports/osint-*.md
+ls -la reports/scan-*.md
+ls -la reports/exploitation-*.md
+ls -la reports/audit-*.md
+
+# Review engagement details
+cat .security-authorization.json
+
+# Compile findings from all phases
+grep -r "CRITICAL\|HIGH\|MEDIUM" reports/*.md
+```
+
+### Step 2: Generate Executive Summary Report
+
+```markdown
+# PENETRATION TEST EXECUTIVE SUMMARY
+
+**Client:** [CLIENT_NAME]
+**Engagement ID:** [ENGAGEMENT_ID]
+**Assessment Period:** [START_DATE] - [END_DATE]
+**Report Date:** [CURRENT_DATE]
+**Classification:** CONFIDENTIAL
+
+---
+
+## Executive Overview
+
+This document provides an executive summary of the penetration testing assessment conducted for [CLIENT_NAME] between [DATES]. The assessment evaluated the security posture of [SCOPE] to identify vulnerabilities that could be exploited by malicious actors.
+
+### Engagement Objectives
+
+- Identify security vulnerabilities in [SCOPE]
+- Assess risk to confidential and sensitive data
+- Evaluate effectiveness of security controls
+- Provide prioritized remediation recommendations
+- Validate compliance with [FRAMEWORK] requirements
+
+### Testing Methodology
+
+The assessment followed the Penetration Testing Execution Standard (PTES) methodology:
+
+1. **Pre-Engagement** - Scope definition and authorization
+2. **Intelligence Gathering** - OSINT and reconnaissance
+3. **Threat Modeling** - Attack surface analysis
+4. **Vulnerability Analysis** - Active scanning and enumeration
+5. **Exploitation** - Proof-of-concept attacks
+6. **Post-Exploitation** - Impact assessment
+7. **Reporting** - Findings and recommendations
+
+### Authorization
+
+- **Authorized By:** [NAME, TITLE]
+- **Authorization Document:** [DOCUMENT_REFERENCE]
+- **Testing Level:** [EXPLOITATION/ACTIVE/PASSIVE]
+- **Engagement Type:** [BLACK BOX / GRAY BOX / WHITE BOX]
+
+---
+
+## Key Findings Summary
+
+### Overall Risk Rating: [CRITICAL / HIGH / MEDIUM / LOW]
+
+| Severity | Count | % of Total |
+|----------|-------|------------|
+| 🔴 Critical | [N] | [X]% |
+| 🟠 High | [N] | [X]% |
+| 🟡 Medium | [N] | [X]% |
+| 🟢 Low | [N] | [X]% |
+| 🔵 Info | [N] | [X]% |
+| **Total** | **[N]** | **100%** |
+
+### Critical Business Risks Identified
+
+**1. [CRITICAL_RISK_1]**
+- **Business Impact:** [REVENUE_LOSS / DATA_BREACH / COMPLIANCE]
+- **Affected Systems:** [SYSTEMS]
+- **Likelihood:** [HIGH / MEDIUM / LOW]
+- **Financial Impact:** [ESTIMATED_COST]
+
+**2. [CRITICAL_RISK_2]**
+- **Business Impact:** [DESCRIPTION]
+- **Affected Systems:** [SYSTEMS]
+- **Likelihood:** [RATING]
+- **Financial Impact:** [ESTIMATED_COST]
+
+### Security Posture Assessment
+
+**Overall Security Score: [X]/100**
+
+| Category | Score | Status |
+|----------|-------|--------|
+| Network Security | [X]/100 | [NEEDS IMPROVEMENT] |
+| Application Security | [X]/100 | [ADEQUATE] |
+| Access Control | [X]/100 | [WEAK] |
+| Data Protection | [X]/100 | [STRONG] |
+| Monitoring & Logging | [X]/100 | [NEEDS IMPROVEMENT] |
+
+---
+
+## Critical Findings Detail
+
+### Finding 1: [CRITICAL_VULNERABILITY_NAME]
+
+**Risk Rating:** 🔴 CRITICAL (CVSS 9.8)
+
+**Description:**
+[Non-technical explanation of the vulnerability and how it could be exploited]
+
+**Business Impact:**
+- Potential for complete system compromise
+- Unauthorized access to [SENSITIVE_DATA]
+- Regulatory compliance violations ([GDPR/HIPAA/PCI-DSS])
+- Estimated financial impact: $[AMOUNT]
+- Reputation damage risk: [HIGH/MEDIUM/LOW]
+
+**Proof of Concept:**
+During testing, our team successfully:
+1. [ATTACK_STEP_1]
+2. [ATTACK_STEP_2]
+3. [ACHIEVED_COMPROMISE]
+
+**Evidence:**
+- Systems affected: [COUNT] production servers
+- Data accessible: [TYPE_OF_DATA]
+- Attack complexity: [LOW - easily exploitable]
+
+**Recommendation:**
+Immediate action required within 24-48 hours:
+1. [IMMEDIATE_FIX]
+2. [COMPENSATING_CONTROL]
+3. [VERIFICATION_STEP]
+
+**Remediation Timeline:** IMMEDIATE (0-7 days)
+**Remediation Cost:** $[ESTIMATED_COST]
+**Remediation Complexity:** [LOW/MEDIUM/HIGH]
+
+---
+
+### Finding 2: [CRITICAL_VULNERABILITY_NAME]
+
+[Same detailed structure as Finding 1]
+
+---
+
+## Recommendations Roadmap
+
+### Immediate Actions (0-7 days) - CRITICAL
+
+**Priority 1:**
+- [ ] Patch [VULNERABILITY] on [SYSTEMS]
+- [ ] Disable [UNNECESSARY_SERVICE]
+- [ ] Implement [EMERGENCY_CONTROL]
+- [ ] Review access controls for [CRITICAL_SYSTEMS]
+
+**Estimated Cost:** $[AMOUNT]
+**Resources Required:** [X] FTE weeks
+**Risk if Not Addressed:** [SEVERE_IMPACT]
+
+### Short-term Actions (1-4 weeks) - HIGH PRIORITY
+
+**Priority 2:**
+- [ ] Deploy Web Application Firewall (WAF)
+- [ ] Implement multi-factor authentication (MFA)
+- [ ] Update security policies
+- [ ] Conduct security awareness training
+
+**Estimated Cost:** $[AMOUNT]
+**Resources Required:** [X] FTE weeks
+**Risk Reduction:** [PERCENTAGE]%
+
+### Medium-term Actions (1-3 months) - MEDIUM PRIORITY
+
+**Priority 3:**
+- [ ] Deploy intrusion detection system (IDS/IPS)
+- [ ] Implement security information and event management (SIEM)
+- [ ] Conduct code security review
+- [ ] Establish vulnerability management program
+
+**Estimated Cost:** $[AMOUNT]
+**Expected ROI:** [DESCRIPTION]
+
+### Long-term Strategic Initiatives (3-12 months)
+
+**Priority 4:**
+- [ ] Develop security operations center (SOC)
+- [ ] Implement zero trust architecture
+- [ ] Conduct regular penetration testing (quarterly)
+- [ ] Achieve [COMPLIANCE_FRAMEWORK] certification
+
+**Estimated Cost:** $[AMOUNT]
+**Strategic Value:** [DESCRIPTION]
+
+---
+
+## Compliance Assessment
+
+### [PCI-DSS / HIPAA / GDPR / SOC 2] Compliance
+
+**Overall Compliance:** [XX]% compliant
+
+| Requirement | Status | Gaps Identified |
+|-------------|--------|-----------------|
+| [REQ_1] | ✅ Compliant | None |
+| [REQ_2] | ⚠️ Partial | [GAPS] |
+| [REQ_3] | ❌ Non-Compliant | [CRITICAL_GAPS] |
+
+**Compliance Risks:**
+- [REGULATORY_RISK_1]
+- [REGULATORY_RISK_2]
+- Estimated fine exposure: $[AMOUNT]
+
+---
+
+## Return on Investment (ROI) Analysis
+
+### Investment Required
+
+| Category | Cost | Timeline |
+|----------|------|----------|
+| Immediate Remediation | $[AMOUNT] | 0-7 days |
+| Short-term Improvements | $[AMOUNT] | 1-4 weeks |
+| Medium-term Programs | $[AMOUNT] | 1-3 months |
+| **Total Investment** | **$[TOTAL]** | **3 months** |
+
+### Risk Reduction Value
+
+| Risk Category | Current Exposure | Post-Remediation | Reduction |
+|---------------|------------------|------------------|-----------|
+| Data Breach | $[AMOUNT] | $[AMOUNT] | [XX]% |
+| Compliance Fines | $[AMOUNT] | $[AMOUNT] | [XX]% |
+| Reputation Damage | $[AMOUNT] | $[AMOUNT] | [XX]% |
+| **Total Risk Reduction** | **$[TOTAL]** | **$[TOTAL]** | **[XX]%** |
+
+**Net ROI:** $[RISK_REDUCTION] - $[INVESTMENT] = **$[NET_VALUE]**
+
+---
+
+## Conclusion
+
+[CLIENT_NAME]'s current security posture presents [CRITICAL/SIGNIFICANT/MODERATE] risks that require immediate attention. While [POSITIVE_ASPECTS], the identified vulnerabilities could result in [BUSINESS_IMPACT].
+
+**Our assessment indicates:**
+
+✅ **Strengths:**
+- [SECURITY_STRENGTH_1]
+- [SECURITY_STRENGTH_2]
+- [SECURITY_STRENGTH_3]
+
+⚠️ **Weaknesses:**
+- [SECURITY_WEAKNESS_1]
+- [SECURITY_WEAKNESS_2]
+- [SECURITY_WEAKNESS_3]
+
+**Recommended Next Steps:**
+
+1. **Immediate (This Week):**
+   - Convene emergency security response team
+   - Address critical vulnerabilities
+   - Implement temporary compensating controls
+
+2. **Short-term (This Month):**
+   - Execute remediation roadmap
+   - Deploy recommended security controls
+   - Validate remediation effectiveness
+
+3. **Long-term (This Quarter):**
+   - Establish ongoing security program
+   - Implement continuous monitoring
+   - Schedule follow-up assessment
+
+By following the prioritized remediation roadmap, [CLIENT_NAME] can significantly reduce security risk and strengthen overall security posture within [TIMELINE].
+
+---
+
+## Appendices
+
+### Appendix A: Testing Methodology
+[Detailed PTES methodology explanation]
+
+### Appendix B: Tools Used
+[List of security testing tools and versions]
+
+### Appendix C: Scope and Limitations
+[Detailed scope, out-of-scope items, limitations]
+
+### Appendix D: References
+- OWASP Top 10 2021
+- NIST Cybersecurity Framework
+- CIS Controls v8
+- PTES Technical Guidelines
+
+---
+
+**Report Classification:** CONFIDENTIAL - AUTHORIZED PERSONNEL ONLY
+
+**Prepared By:**
+[SECURITY_TEAM]
+[COMPANY]
+[CONTACT_INFO]
+
+**Reviewed By:**
+[SENIOR_SECURITY_CONSULTANT]
+[TITLE]
+
+**Distribution:**
+- [CLIENT_CTO]
+- [CLIENT_CISO]
+- [CLIENT_SECURITY_TEAM]
+
+---
+
+*This report contains sensitive security information. Unauthorized distribution or disclosure may increase security risks.*
+```
+
+### Step 3: Generate Technical Report
+
+```markdown
+# PENETRATION TEST TECHNICAL REPORT
+
+**Client:** [CLIENT_NAME]
+**Engagement ID:** [ENGAGEMENT_ID]
+**Assessment Period:** [START_DATE] - [END_DATE]
+**Report Date:** [CURRENT_DATE]
+**Classification:** CONFIDENTIAL
+
+---
+
+## Table of Contents
+
+1. Executive Summary
+2. Scope and Methodology
+3. Technical Findings
+4. Vulnerability Details
+5. Evidence and Proof of Concept
+6. Remediation Guidance
+7. References and Tools
+8. Appendices
+
+---
+
+## 1. Executive Summary
+
+[Link to executive summary report or include condensed version]
+
+---
+
+## 2. Scope and Methodology
+
+### 2.1 Scope Definition
+
+**In-Scope Targets:**
+- Network Range: [IP_RANGES]
+- Domain Names: [DOMAINS]
+- Applications: [WEB_APPS]
+- Total Assets: [COUNT]
+
+**Out-of-Scope:**
+- Production databases: [LIST]
+- Third-party services: [LIST]
+- Geographic locations: [LIST]
+
+### 2.2 Testing Methodology
+
+**Framework:** Penetration Testing Execution Standard (PTES)
+
+**Testing Phases:**
+
+1. **Pre-Engagement (Day 0)**
+   - Scoping and authorization
+   - Rules of engagement
+   - Communication protocols
+
+2. **Intelligence Gathering (Days 1-2)**
+   - OSINT reconnaissance
+   - DNS enumeration
+   - Subdomain discovery
+   - Email harvesting
+
+3. **Vulnerability Analysis (Days 3-4)**
+   - Network scanning
+   - Port and service enumeration
+   - Vulnerability scanning
+   - Web application assessment
+
+4. **Exploitation (Days 5-7)**
+   - Proof-of-concept exploits
+   - Privilege escalation
+   - Lateral movement testing
+   - Data access validation
+
+5. **Post-Exploitation (Days 8-9)**
+   - Persistence testing
+   - Data exfiltration PoC
+   - Impact assessment
+   - Evidence collection
+
+6. **Reporting (Days 10-12)**
+   - Finding documentation
+   - Report generation
+   - Presentation preparation
+
+### 2.3 Testing Tools
+
+**Reconnaissance:**
+- theHarvester, Shodan, Recon-ng, Amass, Subfinder
+
+**Scanning:**
+- Nmap, Masscan, Nikto, OpenVAS, Nuclei
+
+**Exploitation:**
+- Metasploit Framework, SQLMap, Burp Suite Professional, OWASP ZAP
+
+**Post-Exploitation:**
+- Meterpreter, PowerShell Empire, Mimikatz
+
+**Analysis:**
+- Wireshark, tcpdump, Hashcat, John the Ripper
+
+---
+
+## 3. Technical Findings Summary
+
+### 3.1 Finding Distribution
+
+**By Severity:**
+```
+Critical: ████████████ 12
+High:     ████████     8
+Medium:   ██████       6
+Low:      ███          3
+Info:     █████        5
+```
+
+**By Category:**
+| Category | Critical | High | Medium | Low | Total |
+|----------|----------|------|--------|-----|-------|
+| Network | 3 | 2 | 1 | 0 | 6 |
+| Web App | 6 | 4 | 3 | 2 | 15 |
+| Access Control | 2 | 1 | 1 | 0 | 4 |
+| Cryptography | 1 | 1 | 1 | 1 | 4 |
+| Configuration | 0 | 0 | 0 | 0 | 5 |
+
+### 3.2 Attack Path Summary
+
+**Critical Attack Chains Identified:**
+
+1. **External to Internal Access:**
+   ```
+   External Recon → Web App SQLi → Database Access →
+   Credential Theft → SSH Access → Internal Network →
+   Domain Admin
+   ```
+
+2. **Privilege Escalation:**
+   ```
+   Low-Priv User → Kernel Exploit → Root Access →
+   Lateral Movement → Domain Controller
+   ```
+
+---
+
+## 4. Vulnerability Details
+
+### 4.1 Critical Findings
+
+#### FINDING-001: SQL Injection in Authentication System
+
+**Vulnerability ID:** FIND-001-SQLI
+**CVSS v3.1 Score:** 9.8 (Critical)
+**Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+
+**Affected Systems:**
+- https://app.example.com/login.php
+- Database server: 192.168.1.50
+
+**Vulnerability Description:**
+The authentication system is vulnerable to SQL injection through the username parameter. The application fails to properly sanitize user input before constructing SQL queries, allowing an attacker to bypass authentication and extract sensitive data from the backend database.
+
+**Technical Details:**
+```http
+POST /login.php HTTP/1.1
+Host: app.example.com
+Content-Type: application/x-www-form-urlencoded
+
+username=admin' OR '1'='1'-- &password=anything
+```
+
+**Exploitation Steps:**
+```bash
+# 1. Identify injection point
+curl -X POST https://app.example.com/login.php \
+  -d "username=admin'&password=test"
+# Error: You have an error in your SQL syntax
+
+# 2. Bypass authentication
+curl -X POST https://app.example.com/login.php \
+  -d "username=admin' OR '1'='1'-- &password=anything"
+# Result: Authentication successful
+
+# 3. Extract database information
+sqlmap -u "https://app.example.com/login.php" \
+  --data="username=admin&password=test" \
+  --dbs
+# Result: 5 databases discovered
+
+# 4. Extract user credentials
+sqlmap -u "https://app.example.com/login.php" \
+  --data="username=admin&password=test" \
+  -D production_db -T users --dump --limit 3
+# Result: 3 admin credentials extracted
+```
+
+**Proof of Concept:**
+![Screenshot: SQLi authentication bypass](evidence/finding-001-sqli-auth.png)
+![Screenshot: Database enumeration](evidence/finding-001-sqli-dbs.png)
+
+**Impact:**
+- **Confidentiality:** HIGH - Full database access
+- **Integrity:** HIGH - Data modification possible
+- **Availability:** MEDIUM - Database DoS possible
+
+**Business Impact:**
+- Unauthorized access to 150,000+ customer records
+- PCI-DSS compliance violation
+- Regulatory fines: estimated $500,000+
+- Reputation damage
+- Legal liability
+
+**Remediation:**
+```php
+// VULNERABLE CODE:
+$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
+
+// SECURE CODE:
+$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
+$stmt->execute([$username, $hashed_password]);
+```
+
+**Recommended Actions:**
+1. **Immediate (0-24h):**
+   - Deploy Web Application Firewall (WAF) with SQLi rules
+   - Add input validation for username field
+   - Monitor database access logs
+
+2. **Short-term (1-7 days):**
+   - Migrate to parameterized queries (prepared statements)
+   - Implement output encoding
+   - Conduct code review of all database queries
+   - Reset all user passwords
+
+3. **Long-term (1-4 weeks):**
+   - Implement security code review process
+   - Deploy static application security testing (SAST)
+   - Conduct developer security training
+   - Implement database activity monitoring
+
+**References:**
+- OWASP Top 10 2021: A03 - Injection
+- CWE-89: SQL Injection
+- MITRE ATT&CK: T1190 - Exploit Public-Facing Application
+
+---
+
+#### FINDING-002: [Next Critical Finding]
+
+[Same detailed structure for each critical/high finding]
+
+---
+
+## 5. Evidence and Proof of Concept
+
+### 5.1 Network Diagrams
+
+[Network topology showing attack paths]
+
+### 5.2 Screenshots
+
+**Evidence Index:**
+1. `evidence/finding-001-sqli-auth.png` - SQL injection authentication bypass
+2. `evidence/finding-001-sqli-dbs.png` - Database enumeration
+3. `evidence/finding-002-rce-shell.png` - Remote code execution
+4. `evidence/finding-003-privesc.png` - Privilege escalation to root
+
+### 5.3 Command Logs
+
+**Complete exploitation logs available in:**
+- `logs/exploitation-[TARGET]-[DATE].log`
+- `logs/nmap-scan-results.txt`
+- `logs/metasploit-sessions.log`
+
+---
+
+## 6. Remediation Guidance
+
+### 6.1 Prioritization Matrix
+
+| Finding ID | Severity | Exploitability | Impact | Priority | Timeline |
+|------------|----------|----------------|--------|----------|----------|
+| FIND-001 | Critical | Easy | High | P0 | 0-24h |
+| FIND-002 | Critical | Medium | High | P0 | 0-48h |
+| FIND-003 | High | Easy | Medium | P1 | 1-7d |
+| FIND-004 | High | Hard | High | P1 | 1-7d |
+
+### 6.2 General Recommendations
+
+**Network Security:**
+- Implement network segmentation
+- Deploy next-generation firewall (NGFW)
+- Enable intrusion prevention system (IPS)
+- Conduct regular vulnerability scanning
+
+**Application Security:**
+- Implement security development lifecycle (SDL)
+- Deploy web application firewall (WAF)
+- Conduct regular penetration testing
+- Implement security code review
+
+**Access Control:**
+- Implement multi-factor authentication (MFA)
+- Enforce principle of least privilege
+- Regular access reviews
+- Implement privileged access management (PAM)
+
+**Monitoring & Detection:**
+- Deploy SIEM solution
+- Enable comprehensive logging
+- Implement anomaly detection
+- Establish security operations center (SOC)
+
+---
+
+## 7. References and Tools
+
+### 7.1 Industry Standards
+- OWASP Top 10 2021
+- NIST SP 800-115: Technical Guide to Information Security Testing
+- PTES Technical Guidelines
+- MITRE ATT&CK Framework
+
+### 7.2 Tools and Versions
+- Kali Linux 2025.1
+- Nmap 7.94
+- Metasploit Framework 6.3
+- Burp Suite Professional 2024.1
+- SQLMap 1.7.12
+
+---
+
+## 8. Appendices
+
+### Appendix A: Complete Scan Results
+[Full nmap, vulnerability scan results]
+
+### Appendix B: Exploitation Timeline
+[Detailed timeline of all exploitation activities]
+
+### Appendix C: CVSS Calculations
+[Detailed CVSS scoring for each vulnerability]
+
+### Appendix D: Compliance Mapping
+[Mapping findings to compliance requirements]
+
+---
+
+**Report Classification:** CONFIDENTIAL - TECHNICAL AUDIENCE ONLY
+
+**Prepared By:** [PENETRATION_TESTING_TEAM]
+**Technical Review:** [SENIOR_PENETRATION_TESTER]
+**Quality Assurance:** [QA_REVIEWER]
+
+---
+
+*This technical report contains detailed vulnerability information and should be protected accordingly.*
+```
+
+## Usage Examples
+
+**Generate Executive Report:**
+```
+User: "/sc:security-report --executive --engagement ENG-2025-001"
+
+Response:
+1. Load engagement data from .security-authorization.json
+2. Compile findings from all assessment phases
+3. Calculate risk scores and business impact
+4. Generate executive summary report
+5. Save to: reports/executive-summary-ENG-2025-001-[DATE].md
+```
+
+**Generate Technical Report:**
+```
+User: "/sc:security-report --technical --engagement ENG-2025-001"
+
+Response:
+1. Gather all technical findings
+2. Compile exploitation evidence
+3. Generate detailed vulnerability descriptions
+4. Include proof-of-concept details
+5. Add remediation guidance
+6. Save to: reports/technical-report-ENG-2025-001-[DATE].md
+```
+
+**Generate Quick Assessment:**
+```
+User: "/sc:security-report --quick"
+
+Response:
+1. Summarize critical findings only
+2. High-level risk assessment
+3. Priority recommendations
+4. 2-3 page report
+5. Save to: reports/quick-assessment-[DATE].md
+```
+
+## Output
+
+Report files saved to:
+```
+reports/
+├── executive-summary-[ENGAGEMENT_ID]-[DATE].md
+├── technical-report-[ENGAGEMENT_ID]-[DATE].md
+├── remediation-plan-[ENGAGEMENT_ID]-[DATE].md
+└── compliance-report-[ENGAGEMENT_ID]-[DATE].md
+```
+
+---
+
+**Agent:** penetration-tester
+**Version:** 1.0.0
+**Report Standards:** PTES, OWASP, NIST SP 800-115