Files
wehub-resource-sync bb5c75ce05
Component Security Validation / Security Audit (push) Has been cancelled
Deploy to Cloudflare Pages / deploy (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:38:58 +08:00

1.8 KiB


allowed-tools: Read, Bash, Grep, Glob argument-hint: [target] | --web-app | --api | --auth | --full-scan description: Perform penetration testing and vulnerability assessment on application

Penetration Test

Perform penetration testing and vulnerability assessment: $ARGUMENTS

Application Context

  • Running services: !netstat -tlnp 2>/dev/null | grep LISTEN | head -10 || lsof -i -P | grep LISTEN | head -10
  • Web framework: @package.json or @requirements.txt (detect framework and version)
  • API endpoints: !grep -r "route\|endpoint\|@app\\.route\|@RequestMapping" src/ 2>/dev/null | wc -l
  • Authentication: !grep -r "auth\|login\|jwt\|session" src/ 2>/dev/null | wc -l

Task

Conduct systematic penetration testing following ethical hacking methodologies:

Test Target: Use $ARGUMENTS to focus on web application, API, authentication, or comprehensive testing

Testing Phases:

  1. Reconnaissance - Service discovery, technology fingerprinting, attack surface mapping
  2. Vulnerability Assessment - OWASP Top 10, injection flaws, broken authentication
  3. Exploitation Testing - XSS, CSRF, SQL injection, privilege escalation attempts
  4. Authentication Testing - Brute force, session management, authorization bypasses
  5. API Security Testing - Input validation, rate limiting, authentication bypass
  6. Infrastructure Testing - Network security, container security, configuration issues

Testing Methodology:

  • Follow OWASP Testing Guide and NIST guidelines
  • Use both automated tools and manual testing techniques
  • Document all findings with proof-of-concept examples
  • Provide remediation recommendations for each vulnerability
  • Maintain ethical boundaries and avoid data damage

Output: Comprehensive penetration test report with executive summary, detailed findings, risk ratings, and remediation roadmap.