What does pentest-toolkit output look like?

All scripts return structured JSON suitable for agent consumption, including endpoints, data models, patterns, and test scenarios.

Do I need source code access to use discovery scripts?

No—discover_structure.py surfaces API structure without source code and produces JSON you can feed into other tools.

Is this safe for production or only in labs?

Use only in authorized engagements and controlled environments; the toolkit is designed to automate pentesting workflows while requiring proper permissions.

pentest-toolkit

npx machina-cli add skill nibzard/skills-kit/pentest-toolkit --openclaw

Files (1)

SKILL.md

11.6 KB

AI-Powered Security Testing Toolkit

A comprehensive penetration testing skill designed specifically for AI agents. This toolkit provides specialized scripts that perform intelligent security assessments and return structured JSON output for agent consumption. All scripts are designed for automated execution without human interaction.

🚀 AI Agent Scripts

All scripts are located in the scripts/ directory and return structured JSON output.

Discovery Scripts

`discover_structure.py`

Purpose: Blindly discovers API structure, data models, and business logic without source code access.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py <TARGET_URL>

Returns JSON:

{
  "base_url": "string",
  "discovered_endpoints": [...],
  "data_models": {...},
  "business_entities": [...],
  "authentication_patterns": {...},
  "technologies": [...],
  "vulnerability_indicators": [...]
}

Key Features:

Automatic endpoint enumeration
Data model inference from responses
Business entity identification
Authentication pattern mapping
Technology stack detection

`enumerate_endpoints.py`

Purpose: Fast endpoint enumeration for quick attack surface mapping.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/enumerate_endpoints.py <TARGET_URL>

Returns JSON:

{
  "endpoints": [
    {
      "url": "string",
      "method": "string",
      "status_code": "number",
      "content_type": "string",
      "parameters": [...]
    }
  ],
  "total_found": "number"
}

`scan_ports.py`

Purpose: Network port scanning for service discovery.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/scan_ports.py <TARGET_IP>

Returns JSON:

{
  "target": "string",
  "open_ports": [
    {
      "port": "number",
      "service": "string",
      "version": "string"
    }
  ],
  "scan_time": "string"
}

Analysis Scripts

`analyze_responses.py`

Purpose: Extracts security-relevant patterns and relationships from HTTP responses.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/analyze_responses.py <RESPONSES_FILE>

Input: JSON file with HTTP responses Returns JSON:

{
  "patterns": {
    "data_relationships": [...],
    "business_logic_flaws": [...],
    "authentication_bypasses": [...]
  },
  "recommendations": [...]
}

Key Features:

Pattern recognition in response structures
Data relationship mapping
Business logic vulnerability identification
Security control gaps detection

Test Generation Scripts

`generate_context_tests.py`

Purpose: Creates targeted security tests based on discovered application structure and patterns.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/generate_context_tests.py <STRUCTURE_FILE> <PATTERNS_FILE>

Returns JSON:

{
  "test_scenarios": [
    {
      "id": "string",
      "name": "string",
      "category": "string",
      "risk_level": "HIGH|MEDIUM|LOW",
      "target_endpoints": ["string"],
      "test_cases": [...]
    }
  ]
}

Key Features:

Context-aware test generation
Business logic focused testing
Application-specific payloads
Risk-based test prioritization

Vulnerability Testing Scripts

`test_sql_injection.py`

Purpose: Comprehensive SQL injection testing with multiple techniques.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/test_sql_injection.py <TARGET_URL>

Returns JSON:

{
  "vulnerabilities": [
    {
      "type": "SQL_INJECTION",
      "location": "string",
      "payload": "string",
      "evidence": "string",
      "severity": "CRITICAL|HIGH|MEDIUM|LOW"
    }
  ],
  "tested_endpoints": ["string"]
}

Techniques:

Union-based injection
Boolean-based blind injection
Time-based blind injection
Error-based injection

`test_xss.py`

Purpose: Cross-site scripting vulnerability detection.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/test_xss.py <TARGET_URL>

Returns JSON:

{
  "xss_vulnerabilities": [
    {
      "type": "REFLECTED|STORED|DOM",
      "location": "string",
      "payload": "string",
      "context": "string",
      "severity": "HIGH|MEDIUM|LOW"
    }
  ]
}

`comprehensive_test.py`

Purpose: Runs all vulnerability tests in a coordinated manner.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/comprehensive_test.py <TARGET_URL>

Returns JSON:

{
  "assessment_summary": {
    "target": "string",
    "start_time": "string",
    "end_time": "string",
    "total_vulnerabilities": "number"
  },
  "vulnerabilities_by_category": {...}
}

Report Generation Scripts

`generate_report.py`

Purpose: Generates security reports from test results.

Usage:

uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/generate_report.py <RESULTS_FILE>

Outputs:

security_report.md - Human-readable report
security_report.json - Machine-readable findings

🎯 AI Agent Workflows

Standard Security Assessment

# Step 1: Discover application structure
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py https://target.com > structure.json

# Step 2: Analyze responses for patterns
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/analyze_responses.py structure.json > patterns.json

# Step 3: Generate targeted tests
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/generate_context_tests.py structure.json patterns.json > tests.json

# Step 4: Execute vulnerability tests
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/comprehensive_test.py https://target.com > vuln_results.json

# Step 5: Generate final report
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/generate_report.py vuln_results.json

API Security Testing

# Focus on API endpoints
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py https://api.target.com > api_structure.json

# Test for API-specific vulnerabilities
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/test_sql_injection.py https://api.target.com/users
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/test_xss.py https://api.target.com/search

# Analyze API responses
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/analyze_responses.py api_responses.json

Business Logic Testing

# Discover business entities and relationships
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py https://app.target.com > app_structure.json

# Generate business logic tests
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/generate_context_tests.py app_structure.json patterns.json > business_tests.json

# Execute with focus on authorization and workflow abuse

📚 Knowledge Base

Pattern Libraries

Located in patterns/ directory:

`business_logic.json`

Contains vulnerability patterns for:

Authorization bypasses
State manipulation
Workflow circumvention
Race conditions
Resource abuse

`data_relationships.json`

Contains patterns for:

Insecure direct object references
Foreign key manipulation
Junction table abuse
Hierarchical relationship attacks

Using Patterns with Agents

# Load business logic patterns
with open('patterns/business_logic.json', 'r') as f:
    business_patterns = json.load(f)

# Generate tests based on discovered structure + patterns
# This creates context-aware tests for the specific application

🔧 Script Execution Requirements

Critical: UV Usage

All scripts MUST use uv run python for proper dependency management:

# Correct
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py https://target.com

# Incorrect - will fail
python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py https://target.com

Input/Output Format

All scripts follow these conventions:

Input: Command-line arguments or JSON files
Output: Structured JSON to stdout
No prompts: All scripts run non-interactively
Error handling: Structured error messages in JSON

Error Format

{
  "success": false,
  "error_type": "NETWORK_ERROR|VALIDATION_ERROR|SECURITY_ERROR",
  "message": "string",
  "context": {}
}

🎯 Agent Integration Examples

Claude Skill Integration

# Claude will automatically discover and use these scripts
skill: "pentest-toolkit"

# Claude can execute:
uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py {{TARGET_URL}}

Custom Agent Workflow

def security_assessment(target):
    # Discover structure
    structure = execute_script("discover_structure.py", target)

    # Analyze patterns
    patterns = execute_script("analyze_responses.py", "structure.json")

    # Generate tests
    tests = execute_script("generate_context_tests.py", "structure.json", "patterns.json")

    # Execute tests
    results = execute_script("comprehensive_test.py", target)

    # Generate report
    report = execute_script("generate_report.py", "results.json")

    return {
        "structure": structure,
        "vulnerabilities": results,
        "report": report
    }

Batch Testing Multiple Targets

def batch_assessment(targets):
    results = {}

    for target in targets:
        # Run full assessment
        assessment = security_assessment(target)
        results[target] = assessment

        # Learn from patterns for faster testing
        update_knowledge_base(assessment)

    return results

⚡ Performance Considerations

Caching

Structure discovery results can be cached
Pattern analysis is reusable across similar applications
Test generation is fast once patterns are understood

Parallel Execution

Multiple endpoints can be tested in parallel
Different vulnerability types can be tested simultaneously
Batch processing supported for multiple targets

Rate Limiting

Use conservative request rates when testing targets
Respect published rate limit headers and robots.txt as appropriate
Avoid denial-of-service conditions

🛡️ Security & Compliance

Authorization Testing Only

Only test systems you own or have explicit authorization to assess
Focus on discovery and validation, avoiding destructive payloads

Output Handling

Results may contain response data; handle and store securely
Avoid logging credentials or secrets; redact where necessary

Legal Compliance

Designed for authorized security testing only
Includes responsible usage validation
Supports compliance reporting

📊 Success Metrics

When scripts run successfully, agents should expect:

Structured JSON output with consistent schemas
Actionable findings with risk levels and remediation
Performance metrics for optimization
Error details for troubleshooting

🔗 Related Files

reference.md - Detailed API documentation
examples.md - Practical usage examples
templates/ - Reusable test templates and workflows

Source

git clone https://github.com/nibzard/skills-kit/blob/main/skills/pentest-toolkit/skills/pentest-toolkit/SKILL.mdView on GitHub

Overview

An AI-driven penetration testing toolkit that automates discovery, analysis, and test generation. It provides scripts to map API structure, enumerate endpoints, scan networks, analyze HTTP responses, and craft context-aware security tests, all delivering structured JSON for agent consumption.

How This Skill Works

Scripts live in the scripts/ directory and emit structured JSON that agents can consume. Discovery scripts automatically map API structure, endpoints, and data models without source access; analysis scripts extract security patterns from HTTP responses; and test-generation scripts create context-aware test scenarios from discovered data, enabling automated workflows.

When to Use It

You need to map an API surface without source code access to understand endpoints, data models, and authentication patterns.
You require fast endpoint enumeration to gauge the attack surface for a pentest.
You want to identify open ports and services on a target network for reconnaissance.
You need to extract security-relevant patterns from HTTP responses to spot flaws.
You want to generate context-aware security tests based on discovered structure and patterns.

Quick Start

Step 1: uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/discover_structure.py <TARGET_URL>
Step 2: uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/enumerate_endpoints.py <TARGET_URL> and uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/scan_ports.py <TARGET_IP>
Step 3: uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/analyze_responses.py <RESPONSES_FILE> && uv run python ${CLAUDE_PLUGIN_ROOT}/skills/pentest-toolkit/scripts/generate_context_tests.py <STRUCTURE_FILE> <PATTERNS_FILE>

Best Practices

Run discover_structure.py first to establish the base map of endpoints, data models, and technologies.
Use enumerate_endpoints.py and scan_ports.py to quickly reveal attack surface and services.
Feed outputs into analyze_responses.py to extract patterns and relationships.
Use generate_context_tests.py to produce risk-aware test scenarios and payloads.
Validate JSON outputs and document findings for remediation and compliance.

Example Use Cases

Mapping a REST API to identify all endpoints, data models, and auth patterns for a security assessment.
Enumerating endpoints of a microservices architecture to surface hidden attack surfaces.
Scanning a target network to discover open ports and running services with version data.
Analyzing captured HTTP responses to detect data relationships and business-logic flaws.
Generating context-aware SQL injection and other vulnerability tests tailored to the app structure.

Frequently Asked Questions

Add this skill to your agents