pentest-config-hardening
Installation
SKILL.md
Pentest Config Hardening
Purpose
Shannon checks only 2 of 14 WSTG-CONF items. The remaining 12 are "low-hanging fruit" findings expected in every professional pentest report — straightforward to test systematically.
Prerequisites
Authorization Requirements
- Written authorization with infrastructure testing scope
- Target URL list for all web-facing endpoints
- CDN/WAF awareness — some headers may be set by infrastructure, not application
Environment Setup
- testssl.sh for comprehensive TLS analysis
- nmap with ssl-enum-ciphers script
- curl for manual header inspection
- nuclei with misconfig templates