@soulofzephir/pi-skill-pentesting
v1.0.5
Published
Comprehensive pentesting & security check skill for Pi coding agent - headers, ports, SQLi, XSS, OWASP Top 10
Maintainers
Readme
🛡️ Pi Skill - Pentesting & Security Check
Comprehensive security testing skill for Pi coding agent
👨💻 Author
Rz | @soulofzephir
Security enthusiast & automation lover. Building tools for ethical hacking and security assessment.
"Empowering developers to secure their applications with comprehensive testing tools."
📋 Description
Comprehensive pentesting & security check skill for Pi coding agent. Provides:
| Category | Coverage | |----------|----------| | 🔒 Security Headers | 9 critical headers analysis | | 🔌 Port Scanning | 20+ common ports detection | | 💉 SQL Injection | Union, Blind, Time-based testing | | 🖥️ XSS Testing | Reflected, Stored, DOM-based | | ⚡ Command Injection | Linux & Windows payloads | | 📄 XXE Testing | XML injection detection | | 📋 OWASP Top 10 | Complete A01-A10 checklist | | 🔐 SSL/TLS Audit | Certificate & cipher analysis |
🚀 Installation
Option 1: npm (Recommended)
npm install -g @soulofzephir/pi-skill-pentestingOption 2: Manual
# Clone repository
git clone https://github.com/soulofzephir/pi-skill-pentesting.git
# Copy to Pi skills folder
cp -r skills/pentesting ~/.pi/agent/skills/Option 3: Git Submodule
# Add as submodule to your project
git submodule add https://github.com/soulofzephir/pi-skill-pentesting.git .pi/skills/pentesting🎯 Quick Usage
In Pi, simply type:
pentest https://example.comOr use specific commands:
/skill pentesting
security check https://example.com
test SQL injection di endpoint ini
scan headers untuk website saya
OWASP check📁 Package Structure
@ soulofzephir/pi-skill-pentesting/
├── package.json # NPM & Pi manifest
├── README.md # This file
├── LICENSE # MIT License
├── skills/
│ └── pentesting/
│ ├── SKILL.md # Main skill file
│ ├── checklists/
│ │ ├── headers.md # Security headers detail
│ │ ├── owasp.md # OWASP Top 10
│ │ ├── ports.md # Port scanning
│ │ └── injection.md # All injection types
│ ├── tools/
│ │ ├── header-scan.sh # Linux/Mac
│ │ ├── header-scan.ps1 # Windows
│ │ └── security-scan.ps1 # Windows All-in-One
│ └── reports/
│ └── template.md # Report template🔍 What This Skill Does
1️⃣ Security Headers Analysis
Checks 9 critical security headers:
- ✅ CSP (Content-Security-Policy)
- ✅ HSTS (Strict-Transport-Security)
- ✅ X-Content-Type-Options
- ✅ X-Frame-Options
- ✅ Referrer-Policy
- ✅ Permissions-Policy
- ✅ Cache-Control
- ✅ Server header
- ✅ X-Powered-By
2️⃣ Port Scanning
Detects open ports and high-risk services:
- Database ports (3306, 5432, 27017, 6379)
- Remote access (22, 3389)
- Web ports (80, 443, 8080)
- Dangerous exposed services (Docker 2375)
3️⃣ Injection Testing
Comprehensive payloads for:
- SQL Injection - Union, Blind, Time-based, Error-based
- XSS - Reflected, Stored, DOM, Polyglots
- Command Injection - Linux & Windows
- XXE - Basic, Blind, Billion Laughs
- LDAP Injection - Auth bypass
- SSTI - Jinja2, Twig, Handlebars
4️⃣ OWASP Top 10 Checklist
Complete testing for:
- A01: Broken Access Control
- A02: Cryptographic Failures
- A03: Injection
- A04: Insecure Design
- A05: Security Misconfiguration
- A06: Vulnerable Components
- A07: Authentication Failures
- A08: Software & Data Integrity
- A09: Security Logging
- A10: Server-Side Request Forgery (SSRF)
🛠️ Tools Included
Automated Scripts
| Script | Platform | Description |
|--------|----------|-------------|
| header-scan.sh | Linux/Mac | Security headers scanner |
| header-scan.ps1 | Windows | Security headers scanner |
| security-scan.ps1 | Windows | All-in-one scanner |
External Tools Recommended
Headers: securityheaders.com, observatory.mozilla.org
Vuln Scan: Nuclei, OWASP ZAP, Nikto
SSL/TLS: testssl.sh, ssllabs.com
SQLi: SQLMap
XSS: Dalfox, XSStrike
Cmd Inj: Commix
Ports: Nmap, RustScan📊 Output
Header Security Score (0-100)
A (90-100): Excellent
B (70-89): Good
C (50-69): Needs Improvement
D (30-49): Poor
F (0-29): CriticalVulnerability Severity
🔴 CRITICAL → Fix immediately
🟠 HIGH → Fix within 1 week
🟡 MEDIUM → Fix within 1 month
🟢 LOW/INFO → Fix when possible⚠️ Disclaimer
For authorized testing only!
- ✅ Test your own websites
- ✅ Test with written permission
- ❌ NEVER test without authorization - it's ILLEGAL
🤝 Contributing
Contributions welcome! Feel free to submit issues and pull requests.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Credits
Built with 💪 by Rz (@soulofzephir)
Special thanks to:
- Pi Coding Agent - The coding harness
- Agent Skills Standard - Skill specification
⭐ Show Your Support
If this skill helped you, give it a ⭐!
npm install -g @soulofzephir/pi-skill-pentestingMade with ❤️ by Rz | @soulofzephir | Report Issue
