pentest_skill
- Python
42
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill transilienceai/communitytools --skill pentest- SKILL.md7.7 KB
Overview
This skill is a penetration testing orchestrator that coordinates specialized attack agents, produces structured reconnaissance, and generates final deliverables. It focuses on engagement planning, safe delegation to executor agents, and clean report packaging. Use it to plan assessments, run coordinated tests, and produce machine-readable and DOCX reports.
How this skill works
The skill gathers scope and creates an engagement workspace, then runs reconnaissance tools per asset type and assembles inventory files. It prepares a mandatory test plan for user approval, then deploys approved executor agents in parallel to perform vulnerability testing. Findings are aggregated, deduplicated, severity-scored, and exported into a final report structure with DOCX output and an appendix of evidence.
When to use it
- Planning a penetration test or bug bounty engagement
- Coordinating multiple specialized attack agents (SQLi, XSS, SSRF, etc.)
- Producing standardized reconnaissance and final report deliverables
- Creating reproducible, machine-readable test artifacts (.json, .docx)
- When you need strict workspace and reporting hygiene for auditors or clients
Best practices
- Always define scope, testing windows, and explicit restrictions before reconnaissance
- Do not proceed past planning without explicit user approval of the test plan
- Delegate execution to specialized agents; the orchestrator never runs attacks directly
- Keep all intermediate files under processed/ and final deliverables under report/ only
- Require working PoC evidence and NDJSON activity logs from each executor for traceability
Example use cases
- Coordinate a web app assessment: run web recon, deploy XSS and SQLi agents, aggregate findings
- Run a cloud security review: discover S3 buckets, deploy cloud-specific agents, and document misconfigurations
- Plan a bug bounty sprint: generate an attack index and map executors to prioritized targets
- Produce a client-ready pen test report: transform intermediate artifacts into a DOCX deliverable with appendix evidence
- Perform iterative testing: spawn new executors for discoveries while tracking approvals and logs
FAQ
No. The orchestrator only coordinates and delegates execution to specialized agents; it must not run attacks itself.
What final deliverables are produced?
A DOCX penetration test report (required), an optional PDF, a machine-readable pentest-report.json, and an appendix of evidence organized by finding.