npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@soulofzephir/pi-skill-pentesting

v1.0.5

Published

Comprehensive pentesting & security check skill for Pi coding agent - headers, ports, SQLi, XSS, OWASP Top 10

Readme

🛡️ Pi Skill - Pentesting & Security Check

Comprehensive security testing skill for Pi coding agent

npm version License: MIT GitHub stars


👨‍💻 Author

Rz | @soulofzephir

Security enthusiast & automation lover. Building tools for ethical hacking and security assessment.

"Empowering developers to secure their applications with comprehensive testing tools."


📋 Description

Comprehensive pentesting & security check skill for Pi coding agent. Provides:

| Category | Coverage | |----------|----------| | 🔒 Security Headers | 9 critical headers analysis | | 🔌 Port Scanning | 20+ common ports detection | | 💉 SQL Injection | Union, Blind, Time-based testing | | 🖥️ XSS Testing | Reflected, Stored, DOM-based | | ⚡ Command Injection | Linux & Windows payloads | | 📄 XXE Testing | XML injection detection | | 📋 OWASP Top 10 | Complete A01-A10 checklist | | 🔐 SSL/TLS Audit | Certificate & cipher analysis |


🚀 Installation

Option 1: npm (Recommended)

npm install -g @soulofzephir/pi-skill-pentesting

Option 2: Manual

# Clone repository
git clone https://github.com/soulofzephir/pi-skill-pentesting.git

# Copy to Pi skills folder
cp -r skills/pentesting ~/.pi/agent/skills/

Option 3: Git Submodule

# Add as submodule to your project
git submodule add https://github.com/soulofzephir/pi-skill-pentesting.git .pi/skills/pentesting

🎯 Quick Usage

In Pi, simply type:

pentest https://example.com

Or use specific commands:

/skill pentesting
security check https://example.com
test SQL injection di endpoint ini
scan headers untuk website saya
OWASP check

📁 Package Structure

@ soulofzephir/pi-skill-pentesting/
├── package.json              # NPM & Pi manifest
├── README.md                 # This file
├── LICENSE                   # MIT License
├── skills/
│   └── pentesting/
│       ├── SKILL.md          # Main skill file
│       ├── checklists/
│       │   ├── headers.md    # Security headers detail
│       │   ├── owasp.md      # OWASP Top 10
│       │   ├── ports.md      # Port scanning
│       │   └── injection.md  # All injection types
│       ├── tools/
│       │   ├── header-scan.sh       # Linux/Mac
│       │   ├── header-scan.ps1       # Windows
│       │   └── security-scan.ps1    # Windows All-in-One
│       └── reports/
│           └── template.md   # Report template

🔍 What This Skill Does

1️⃣ Security Headers Analysis

Checks 9 critical security headers:

  • ✅ CSP (Content-Security-Policy)
  • ✅ HSTS (Strict-Transport-Security)
  • ✅ X-Content-Type-Options
  • ✅ X-Frame-Options
  • ✅ Referrer-Policy
  • ✅ Permissions-Policy
  • ✅ Cache-Control
  • ✅ Server header
  • ✅ X-Powered-By

2️⃣ Port Scanning

Detects open ports and high-risk services:

  • Database ports (3306, 5432, 27017, 6379)
  • Remote access (22, 3389)
  • Web ports (80, 443, 8080)
  • Dangerous exposed services (Docker 2375)

3️⃣ Injection Testing

Comprehensive payloads for:

  • SQL Injection - Union, Blind, Time-based, Error-based
  • XSS - Reflected, Stored, DOM, Polyglots
  • Command Injection - Linux & Windows
  • XXE - Basic, Blind, Billion Laughs
  • LDAP Injection - Auth bypass
  • SSTI - Jinja2, Twig, Handlebars

4️⃣ OWASP Top 10 Checklist

Complete testing for:

  • A01: Broken Access Control
  • A02: Cryptographic Failures
  • A03: Injection
  • A04: Insecure Design
  • A05: Security Misconfiguration
  • A06: Vulnerable Components
  • A07: Authentication Failures
  • A08: Software & Data Integrity
  • A09: Security Logging
  • A10: Server-Side Request Forgery (SSRF)

🛠️ Tools Included

Automated Scripts

| Script | Platform | Description | |--------|----------|-------------| | header-scan.sh | Linux/Mac | Security headers scanner | | header-scan.ps1 | Windows | Security headers scanner | | security-scan.ps1 | Windows | All-in-one scanner |

External Tools Recommended

Headers:    securityheaders.com, observatory.mozilla.org
Vuln Scan:  Nuclei, OWASP ZAP, Nikto
SSL/TLS:    testssl.sh, ssllabs.com
SQLi:       SQLMap
XSS:        Dalfox, XSStrike
Cmd Inj:    Commix
Ports:      Nmap, RustScan

📊 Output

Header Security Score (0-100)

A (90-100): Excellent
B (70-89):  Good
C (50-69):  Needs Improvement
D (30-49):  Poor
F (0-29):   Critical

Vulnerability Severity

🔴 CRITICAL   → Fix immediately
🟠 HIGH       → Fix within 1 week
🟡 MEDIUM     → Fix within 1 month
🟢 LOW/INFO   → Fix when possible

⚠️ Disclaimer

For authorized testing only!

  • ✅ Test your own websites
  • ✅ Test with written permission
  • NEVER test without authorization - it's ILLEGAL

🤝 Contributing

Contributions welcome! Feel free to submit issues and pull requests.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.


🙏 Credits

Built with 💪 by Rz (@soulofzephir)

Special thanks to:


⭐ Show Your Support

If this skill helped you, give it a ⭐!

npm install -g @soulofzephir/pi-skill-pentesting

Made with ❤️ by Rz | @soulofzephir | Report Issue