Skills

web-pentest

Installation
SKILL.md

Web Pentest — Live Web Application Testing

Structured black-box / grey-box penetration testing of a live web application against an authorized target. Pairs with recon (which maps the surface) and complements owasp-audit (which reads the source). Use recon first; use this once you have a target list and credentials (or guest access).

Authorization Check

Before touching the target, confirm:

  1. Written authorization for this specific application (pentest engagement, bug bounty in-scope domain, CTF/lab, your own asset)
  2. The application is currently in scope and live (not deprecated, not under maintenance freeze)
  3. Test credentials provided (if grey-box), or guest access confirmed (if black-box)
  4. Out-of-scope items documented — production user data, payment flows, social engineering, DoS

If anything is unclear, ask before proceeding. Never assume authorization.

Methodology

Follows the OWASP Web Security Testing Guide (WSTG) structure. Each phase produces evidence; document everything as you go.

Phase 1: Configuration & deployment

Installs
55
Repository
briiirussell/cy…y-skills
GitHub Stars
274
First Seen
May 27, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
web-pentest — briiirussell/cybersecurity-skills