What is the pentest-engagement-planner?

A tool to define legal scope, rules of engagement, and authorization artifacts and to generate canonical templates for pentest engagements.

How do I run with live authorization?

Provide explicit --i-have-authorization flag; ensure you are operating under a valid written authorization; otherwise use --dry-run.

What outputs are produced?

scope.json, engagement-brief.md, and statement-of-work-template.md, plus deterministic artifacts for downstream consumption.

pentest-engagement-planner

npx machina-cli add skill 0x-Professor/Agent-Skills-Hub/pentest-engagement-planner --openclaw

Files (1)

SKILL.md

1.3 KB

Pentest Engagement Planner

Stage

PTES: 1 - Pre-Engagement
MITRE: N/A

Objective

Generate canonical scope.json, engagement brief, and statement of work templates.

Required Workflow

Validate scope before any active action and reject out-of-scope targets.
Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
Write findings in canonical finding_schema format with reproducible PoC notes.
Honor dry-run mode and require explicit --i-have-authorization for live execution.
Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-engagement-planner/scripts/engagement_planner.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

scope.json
engagement-brief.md
statement-of-work-template.md

References

references/tools.md
skills/autonomous-pentester/shared/scope_schema.json
skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Source

git clone https://github.com/0x-Professor/Agent-Skills-Hub/blob/main/skills/pentest-engagement-planner/SKILL.mdView on GitHub

Overview

Pentest Engagement Planner creates canonical outputs (scope.json, engagement-brief.md, and a statement-of-work template) and enforces authorization. It validates targets against PTES, WSTG, NIST SP 800-115, and MITRE ATT&CK to ensure only approved checks run. It supports dry-run planning and exports deterministic artifacts for downstream consumption.

How This Skill Works

The tool validates the provided scope before any action, runs only authorized checks aligned with recognized frameworks, and writes findings in a canonical finding_schema format with reproducible PoC notes. For live tests, it requires an explicit --i-have-authorization flag; outputs are exported as deterministic artifacts for downstream skills.

When to Use It

At project kickoff to define legal scope and rules of engagement
When generating scope.json, engagement brief, and SOW templates for stakeholders
Before executing tests to ensure all checks are authorized and aligned to PTES/WSTG/NIST/MITRE
To perform dry-run planning to validate scope without live actions
When preparing artifacts for downstream pentest tools or teams to consume

Quick Start

Step 1: Prepare scope.json and target, then invoke the planner
Step 2: Run in dry-run mode or include --i-have-authorization for live tests
Step 3: Retrieve outputs: scope.json, engagement-brief.md, and statement-of-work-template.md

Best Practices

Validate scope against confirmed targets before any action
Align checks to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK
Document authorization with explicit consent flags (--i-have-authorization) for live tests
Use canonical finding_schema for reproducible PoC notes
Store outputs in version-controlled templates (scope.json, engagement-brief.md, SOW)

Example Use Cases

Scope.json generated for a corporate network pentest
Engagement brief outlining rules of engagement for client stakeholders
Statement of work template customized for vendor engagement
Dry-run planning to validate targets before testing
Deterministic artifacts exported for downstream agent use

Frequently Asked Questions

Add this skill to your agents