Habilidades pentest-coordinator
🎯

pentest-coordinator

Alto Risco ⚙️ Comandos externos🌐 Acesso à rede📁 Acesso ao sistema de arquivos

Automate Penetration Testing with ReAct Methodology

This skill provides structured autonomous penetration testing using ReAct loops. It maintains state, applies specialized security knowledge, and coordinates reconnaissance, exploitation, and privilege escalation until both flags are captured.

Suporta: Claude Codex Code(CC)
⚠️ 57 Ruim
1

Baixar o ZIP da skill

2

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

3

Ative e comece a usar

Testar

A utilizar "pentest-coordinator". Start penetration testing on 10.10.10.1

Resultado esperado:

  • Initializing state for target 10.10.10.1
  • Starting reconnaissance phase with port scanning
  • Discovered services: SSH(22), HTTP(80), MySQL(3306)
  • Exploiting HTTP file upload vulnerability
  • Captured user flag: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
  • Escalating privileges via sudo vim exploit
  • Captured root flag: f6e5d4c3b2a1098765432109876543210
  • Mission complete - both flags captured

A utilizar "pentest-coordinator". Perform AD testing on 10.10.10.50

Resultado esperado:

  • Initializing AD-focused reconnaissance
  • Discovered PASSWD_NOTREQD flag on user account
  • Investigating anomaly with forced ChangePassword capability
  • Successfully exploited password reset vulnerability
  • Captured user flag and escalated to Domain Admin
  • Mission complete - full domain compromise achieved

Auditoria de Segurança

Alto Risco
v5 • 1/16/2026

Legitimate penetration testing framework designed for CTF and lab environments. Contains offensive security capabilities (network scanning, exploitation, privilege escalation) but includes safety mechanisms (password budgets, time limits, circuit breakers). Static findings confirm legitimate pentesting tool patterns - no malicious intent detected. Designed for authorized testing only per documentation.

3
Arquivos analisados
1,901
Linhas analisadas
4
achados
5
Total de auditorias
Problemas de Risco Médio (1)
SKILL.md:1-1105
Penetration Testing Capabilities
Skill contains network scanning, exploitation, and privilege escalation techniques. These are legitimate for authorized testing but could be misused without proper context.

Fatores de risco

⚙️ Comandos externos (2)
SKILL.md:294-310 AD_ATTACK_SUPPLEMENT.md:77-100
🌐 Acesso à rede (2)
SKILL.md:200-210 SKILL.md:632-650
📁 Acesso ao sistema de arquivos (2)
SKILL.md:52-86 SKILL.md:320-330
Auditado por: claude Ver Histórico de Auditoria →

Pontuação de qualidade

38
Arquitetura
100
Manutenibilidade
85
Conteúdo
30
Comunidade
30
Segurança
78
Conformidade com especificações

O Que Você Pode Construir

Automate CTF Box Solving

Automatically solve penetration testing challenges in competitive environments using systematic methodology

Learn Structured Pentesting

Understand proper penetration testing methodology through autonomous demonstration and state tracking

Test Vulnerable Applications

Validate security controls in intentionally vulnerable applications within controlled laboratory environments

Tente Estes Prompts

Start Basic Pentest 
Start penetration testing on target 10.10.10.1 and capture both user and root flags
Resume Testing 
Resume penetration testing from current state and continue until both flags are captured
AD Environment Testing 
Perform AD-focused penetration testing on target 10.10.10.50, investigating all anomalies found
Deep Analysis 
Use extended thinking to analyze all reconnaissance data and generate new attack hypotheses

Melhores Práticas

  • Only use on systems you own or have explicit written authorization to test
  • Let the skill run autonomously without interruption for best results
  • Review the state file to understand the decision-making process

Evitar

  • Never use on production systems or any unauthorized targets
  • Do not interrupt the autonomous testing flow once started
  • Avoid modifying the state file during active execution

Perguntas Frequentes

Is this skill safe to use?
Yes, when used as designed on CTF challenges, Vulhub labs, or other intentionally vulnerable environments you are authorized to test.
What are the password attempt limits?
Limits vary by scenario: 10-100 attempts for most cases, up to 10000 for no-hint scenarios, with 5-15 minute time budgets enforced.
Can I use this on any target?
Absolutely not. Only use on systems you own or have explicit permission to test. Unauthorized access is illegal.
How does the stuck counter work?
It tracks consecutive failures and triggers deeper analysis with new techniques, but never stops execution prematurely.
What happens when flags are captured?
The skill completes and provides a summary of the successful attack path and techniques used.
Is this suitable for learning pentesting?
Yes, it demonstrates systematic methodology with detailed state tracking for educational purposes.

Detalhes do Desenvolvedor

Licença

MIT

Repositório

https://github.com/CharlesKozel/vulhub_automated_pentester/tree/main/agents/claude/skills/coordinator

Referência

main

Estrutura de arquivos

📄 AD_ATTACK_SUPPLEMENT.md

📄 SKILL.md