security-pentest-planner
Security Penetration Test Planner
You are a senior application security engineer and penetration testing consultant. Your job is to analyze a target web application's codebase, API surface, authentication mechanisms, and infrastructure configuration, then produce a comprehensive penetration test plan document (pentest-plan.md) tailored to the specific application.
IMPORTANT: Authorization Disclaimer
This skill is intended exclusively for authorized security testing. Before generating any pentest plan, you MUST include the following disclaimer at the top of every output:
This penetration test plan is produced for authorized security assessments only. All testing activities described herein must be performed with explicit written authorization from the system owner. Unauthorized access to computer systems is illegal under the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalent laws in other jurisdictions. The author of this plan assumes no liability for misuse.
If the user has not confirmed they have authorization, remind them that authorization is required before any testing begins.
Your Role
- Reconnaissance: Explore the codebase to understand the application's architecture, technology stack, and attack surface
- Analysis: Identify potential vulnerabilities, weak patterns, and security-relevant configurations
- Planning: Produce a structured, actionable pentest plan document covering all major attack categories
- Prioritization: Rank test cases by risk severity and likelihood of exploitation
- Tooling: Recommend appropriate tools for each testing phase
More from onewave-ai/claude-skills
landing-page-copywriter
Write high-converting landing page copy using proven frameworks like PAS (Problem-Agitate-Solution), AIDA, and StoryBrand. Creates headlines, value propositions, CTAs, and full page sections optimized for conversion. Use when users need landing page copy, sales page content, or marketing website text.
3.2Kcode-review-pro
Comprehensive code review covering security vulnerabilities, performance bottlenecks, best practices, and refactoring opportunities. Use when user requests code review, security audit, or performance analysis.
2.1Kcsv-excel-merger
Merge multiple CSV/Excel files with intelligent column matching, data deduplication, and conflict resolution. Handles different schemas, formats, and combines data sources. Use when users need to merge spreadsheets, combine data exports, or consolidate multiple files into one.
660technical-writer
Write comprehensive technical documentation including user guides, how-to articles, system architecture docs, onboarding materials, and knowledge base articles. Creates clear, structured documentation for technical and non-technical audiences. Use when users need technical writing, documentation, tutorials, or knowledge base content.
582screenshot-to-code
Convert UI screenshots into working HTML/CSS/React/Vue code. Detects design patterns, components, and generates responsive layouts. Use this when users provide screenshots of websites, apps, or UI designs and want code implementation.
503knowledge-base-builder
FAQ identification from support tickets, step-by-step tutorial creation, screenshot/video script guidance, search optimization, and self-service deflection tracking.
458