AgentSkillsCN

external-pentesting

当您在此容器中开展外部渗透测试(侦察、扫描、漏洞分类)时,这一工具将大显身手。它会生成可复现的命令,并将所有输出统一保存至/pentest/(recon/、scans/、exploits/、reports/)。

SKILL.md
--- frontmatter
name: external-pentesting
description: Use when performing external pentesting (recon, scanning, vuln triage) in this container. Produces reproducible commands and writes all outputs under /pentest/ (recon/, scans/, exploits/, reports/).
license: MIT
metadata:
  owner: mayflowergmbh/kali-ai-redteam

External Pentesting Runbook (Headless)

Scope And Safety

  • Only test targets you are explicitly authorized to test.
  • Prefer read-only enumeration first; escalate to intrusive checks only when requested.
  • Keep a command log: write every executed command and key outputs to /pentest/reports/command-log.md.

Output Convention

  • Recon artifacts: /pentest/recon/
  • Scan outputs: /pentest/scans/
  • Exploits/PoCs: /pentest/exploits/
  • Final report: /pentest/reports/

Workflow

  1. Clarify scope: domains/IP ranges, exclusions, time budget, and allowed intensity.
  2. Recon:
    • Subdomains: subfinder (and/or amass) into /pentest/recon/subdomains.txt
    • Live hosts: httpx into /pentest/recon/live-http.txt
    • Ports: naabu or nmap into /pentest/recon/ports.txt
  3. Scanning:
    • Template scanning: nuclei against live targets into /pentest/scans/nuclei-*.txt
    • Web content discovery: ffuf / feroxbuster / dirsearch as needed
  4. Triage:
    • Collect evidence (request/response, versions, configs).
    • Prioritize by exploitability and blast radius.
  5. Report:
    • Summarize findings with repro steps and remediation.

Notes

  • Use jq/yq for parsing JSON/YAML outputs.
  • If Kubernetes context is involved, use the kubernetes MCP server and kubectl for read-only inventory unless explicitly asked to modify resources.