external-pentesting

Category: 数据与AI | Uploader: mayflower | Downloads: 0 | Version: v1.0（Latest）

Use when performing external pentesting (recon, scanning, vuln triage) in this container. Produces reproducible commands and writes all outputs under /pentest/ (recon/, scans/, exploits/, reports/).

Changelog: Source: GitHub https://github.com/mayflower/kali-ai-redteam

Directory Structure

Current level: .claude/skills/external-pentesting/

📄 SKILL.md 1.6 KB

SKILL.md

---
name: external-pentesting
description: Use when performing external pentesting (recon, scanning, vuln triage) in this container. Produces reproducible commands and writes all outputs under /pentest/ (recon/, scans/, exploits/, reports/).
license: MIT
metadata:
  owner: mayflowergmbh/kali-ai-redteam
---

# External Pentesting Runbook (Headless)

## Scope And Safety

- Only test targets you are explicitly authorized to test.
- Prefer read-only enumeration first; escalate to intrusive checks only when requested.
- Keep a command log: write every executed command and key outputs to `/pentest/reports/command-log.md`.

## Output Convention

- Recon artifacts: `/pentest/recon/`
- Scan outputs: `/pentest/scans/`
- Exploits/PoCs: `/pentest/exploits/`
- Final report: `/pentest/reports/`

## Workflow

1. Clarify scope: domains/IP ranges, exclusions, time budget, and allowed intensity.
2. Recon:
   - Subdomains: `subfinder` (and/or `amass`) into `/pentest/recon/subdomains.txt`
   - Live hosts: `httpx` into `/pentest/recon/live-http.txt`
   - Ports: `naabu` or `nmap` into `/pentest/recon/ports.txt`
3. Scanning:
   - Template scanning: `nuclei` against live targets into `/pentest/scans/nuclei-*.txt`
   - Web content discovery: `ffuf` / `feroxbuster` / `dirsearch` as needed
4. Triage:
   - Collect evidence (request/response, versions, configs).
   - Prioritize by exploitability and blast radius.
5. Report:
   - Summarize findings with repro steps and remediation.

## Notes

- Use `jq`/`yq` for parsing JSON/YAML outputs.
- If Kubernetes context is involved, use the `kubernetes` MCP server and `kubectl` for read-only inventory unless explicitly asked to modify resources.

Comments 0

Latest | Hot

Please login before commenting.

No comments yet. Be the first one!

external-pentesting

Directory Structure

SKILL.md

Report

Notice