ethical-hacking-agent-skills

pt-planning-recon

Defines penetration test scope and performs authorized reconnaissance using passive and active methods. Use when planning a test engagement, collecting target intelligence, building asset inventories, or preparing recon findings.

pt-gaining-access

Guides controlled exploitation of validated vulnerabilities to measure real-world impact. Use when the user requests proof-of-concept validation, privilege escalation testing, or attack path confirmation in an authorized environment.

pt-scanning

Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.

pt-fuzzing-web-api

Performs authorized fuzzing of web applications and APIs to discover input validation failures, parser bugs, and stability issues. Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs.

pt-analysis-reporting

Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.

pt-fuzzing-binary-protocol

Performs authorized fuzz testing of binary formats and network protocols to uncover parser vulnerabilities, memory safety defects, and denial-of-service conditions. Use when assessing protocol handlers, file parsers, and service robustness against malformed inputs.

pt-web-application-assessment

Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.

pt-lotl-techniques

Demonstrates Living-off-the-Land (LotL) techniques using native OS tools to simulate realistic threat actor behavior during authorized penetration tests. Use when proving attack feasibility without custom malware, testing detection coverage, and validating what a real adversary could achieve with only built-in system capabilities.

pt-maintaining-access

Evaluates whether an attacker could retain foothold and move laterally after initial compromise, within strict authorization limits. Use when testing persistence, session resilience, and detection/response effectiveness during a pen test.

pt-report-creation

Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.

pt-post-exploitation

Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.

pt-embedded-device-assessment

Performs authorized security assessment of embedded and IoT devices across hardware, firmware, interfaces, and update mechanisms. Use when testing device boot flows, debug interfaces, firmware integrity, and local/network attack surfaces.