Get the FREE Ultimate OpenClaw Setup Guide →

pentest-data-exfil-tester

npx machina-cli add skill 0x-Professor/Agent-Skills-Hub/pentest-data-exfil-tester --openclaw
Files (1)
SKILL.md
1.3 KB

Pentest Data Exfil Tester

Stage

  • PTES: 6
  • MITRE: TA0010 - Exfiltration

Objective

Measure blocked versus successful exfiltration pathways using synthetic records only.

Required Workflow

  1. Validate scope before any active action and reject out-of-scope targets.
  2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
  3. Write findings in canonical finding_schema format with reproducible PoC notes.
  4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
  5. Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-data-exfil-tester/scripts/data_exfil_tester.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

  • exfil-channels-tested.json
  • dlp-gaps.json
  • exfil-report.json

References

  • references/tools.md
  • skills/autonomous-pentester/shared/scope_schema.json
  • skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Source

git clone https://github.com/0x-Professor/Agent-Skills-Hub/blob/main/skills/pentest-data-exfil-tester/SKILL.mdView on GitHub

Overview

Pentest Data Exfil Tester measures blocked versus successful exfiltration paths using synthetic records only. It validates egress controls and DLP by running authorized checks across exfiltration channels and exports deterministic artifacts for downstream analysis.

How This Skill Works

It runs only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115 and MITRE ATT&CK. It uses a Python script to perform data exfiltration tests with a given scope and target, producing findings in a canonical finding_schema format and exporting exfil-channels-tested.json, dlp-gaps.json, and exfil-report.json.

When to Use It

  • Before a security assessment to verify enterprise egress controls block or allow exfiltration channels.
  • To validate DLP policies across email, web, and cloud storage channels.
  • During a PTES MITRE aligned audit with an approved scope.
  • In red team exercises to measure detection coverage while staying within authorization and using dry-run mode.
  • When validating changes after DLP policy or channel configuration updates.

Quick Start

  1. Step 1: Confirm scope and obtain written authorization.
  2. Step 2: Run the tester in dry run with the provided script and scope: python skills/pentest-data-exfil-tester/scripts/data_exfil_tester.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
  3. Step 3: Review the outputs exfil-channels-tested.json, dlp-gaps.json, exfil-report.json and capture PoC notes in the finding_schema format.

Best Practices

  • Obtain written authorization and define the scope before any action.
  • Align checks with PTES, OWASP WSTG, NIST 800-115, and MITRE ATT&CK.
  • Use the dry-run mode first and require explicit --i-have-authorization for live runs.
  • Export deterministic artifacts exfil-channels-tested.json, dlp-gaps.json, exfil-report.json for reproducibility.
  • Document PoC notes using the canonical finding_schema to ensure reproducibility.

Example Use Cases

  • Security operations teams validating egress controls on a new enterprise app.
  • DLP policy validation across email and cloud storage services.
  • Compliance audit verifying exfiltration controls against MITRE and PTES references.
  • Red team exercises measuring detection coverage for data exfiltration.
  • Internal security program producing canonical PoC findings for exfiltration tests.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers