What kind of vulnerabilities does it detect?

The skill is designed to identify common web vulnerabilities including those listed in the OWASP Top 10, such as SQL injection, Cross-Site Scripting (XSS), and CSRF.

Are remediation steps included in the report?

Absolutely. The skill generates a detailed report that includes the identified flaw, its risk rating, and specific steps to fix the vulnerability.

Does this skill require authorization?

Yes. It is a best practice to always ensure you have explicit, written authorization before performing any penetration testing or vulnerability scanning on a target system.

Can it scan specific API endpoints?

Yes, the skill can be targeted at specific API endpoints to identify issues like authentication bypass, authorization flaws, and insecure data exposure.

Web Penetration Tester

Name: Web Penetration Tester
Author: jeremylongshore

byjeremylongshore

•

884

Security & Testing

Automates web application security audits and vulnerability scanning to identify OWASP Top 10 threats and provide remediation guidance.

About

The Web Penetration Tester skill empowers Claude to perform automated security assessments of web applications and APIs, effectively identifying critical vulnerabilities such as SQL injection, XSS, and broken authentication. By leveraging specialized scanning plugins, it streamlines the security auditing process, generates comprehensive reports with risk ratings, and suggests practical exploitation techniques for proof-of-concept testing, making it an essential tool for developers and security engineers aiming to fortify their software against cyber threats.

Key Features

Detailed remediation recommendations for identified flaws
Comprehensive security reporting with risk ratings
Automated OWASP Top 10 vulnerability scanning
884 GitHub stars
Targeted API endpoint security assessment
Exploitation technique suggestions for vulnerability validation

Use Cases

Performing a full penetration test on a web application before deployment
Assessing the security posture of specific REST or GraphQL API endpoints
Generating audit-ready reports for security compliance and remediation tracking

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills penetration-tester

For use in Claude.ai and ChatGPT

Download Skill

GitHub