Skip to main content
ClaudeWave
Skill282 repo starsupdated yesterday

pentest-config-hardening

# Pentest Config Hardening This Claude Code skill systematically audits web application security configuration against 12 WSTG framework items, testing HTTP security headers (HSTS, CSP, X-Frame-Options), TLS protocol versions and cipher strength, HTTP method handling, cloud storage misconfigurations, and cookie security attributes. Use it during authorized penetration tests to identify deployment hardening gaps and infrastructure exposure risks across security headers, certificate validity, CSP policy weaknesses, and common misconfigurations expected in professional penetration testing reports.

View sourceRepository: JoySafeter
Install in Claude Code
Copy
git clone --depth 1 https://github.com/jd-opensource/JoySafeter /tmp/pentest-config-hardening && cp -r /tmp/pentest-config-hardening/skills/pentest-config-hardening ~/.claude/skills/pentest-config-hardening
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# Pentest Config Hardening

## Purpose
Shannon checks only 2 of 14 WSTG-CONF items. The remaining 12 are "low-hanging fruit" findings expected in every professional pentest report — straightforward to test systematically.

## Prerequisites

### Authorization Requirements
- **Written authorization** with infrastructure testing scope
- **Target URL list** for all web-facing endpoints
- **CDN/WAF awareness** — some headers may be set by infrastructure, not application

### Environment Setup
- testssl.sh for comprehensive TLS analysis
- nmap with ssl-enum-ciphers script
- curl for manual header inspection
- nuclei with misconfig templates

## Core Workflow
1. **HTTP Security Headers**: Audit HSTS (+ preload), CSP policy analysis, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORP/COEP/COOP (WSTG-CONF-07/14).
2. **TLS Configuration**: Protocol versions (TLS 1.0/1.1 deprecation), cipher suite strength, certificate validity, HSTS preload status, certificate transparency.
3. **HTTP Method Handling**: OPTIONS enumeration, PUT/DELETE on static resources, TRACE for XST, method override headers (WSTG-CONF-06).
4. **Infrastructure Exposure**: Admin interfaces (WSTG-CONF-05), default credentials on management consoles, exposed monitoring endpoints (/metrics, /health, /debug).
5. **Cloud Storage Misconfig**: Public S3 buckets, Azure blob containers, GCP storage referenced in app code or responses (WSTG-CONF-11).
6. **CSP Bypass Analysis**: unsafe-inline, unsafe-eval, overly broad source lists, JSONP on allowed domains, missing base-uri (WSTG-CONF-12).
7. **Cookie Security**: Secure flag, HttpOnly flag, SameSite attribute, cookie scope, session cookie entropy.

## WSTG Coverage

| WSTG ID | Test Name | Status |
|---------|-----------|--------|
| WSTG-CONF-02 | Test Application Platform Configuration | ✅ |
| WSTG-CONF-03 | Test File Extensions Handling | ✅ |
| WSTG-CONF-04 | Review Old Backup and Unreferenced Files | ✅ |
| WSTG-CONF-05 | Enumerate Infrastructure and Admin Interfaces | ✅ |
| WSTG-CONF-06 | Test HTTP Methods | ✅ |
| WSTG-CONF-07 | Test HTTP Strict Transport Security | ✅ |
| WSTG-CONF-08 | Test RIA Cross Domain Policy | ✅ |
| WSTG-CONF-09 | Test File Permission | ✅ |
| WSTG-CONF-11 | Test Cloud Storage | ✅ |
| WSTG-CONF-12 | Test Content Security Policy | ✅ |
| WSTG-CONF-13 | Test for Subdomain Takeover | ✅ |
| WSTG-CONF-14 | Test Security Headers | ✅ |

## Tool Categories

| Category | Tools | Purpose |
|----------|-------|---------|
| TLS Testing | testssl.sh, nmap ssl-enum-ciphers | Protocol and cipher analysis |
| Header Audit | SecurityHeaders.com API, Mozilla Observatory | Security header grading |
| Method Testing | curl, nmap http-methods | HTTP method enumeration |
| CSP Analysis | CSP Evaluator, custom scripts | CSP bypass assessment |
| Cloud Storage | S3Scanner, cloud_enum | Public bucket detection |
| Subdomain | subjack, can-i-take-over-xyz | Subdomain takeover detection |

## References
- `references/tools.md` - Tool function signatures and parameters
- `references/workflows.md` - Attack pattern definitions and test vectors
More from this repository
appSkill
brainstormingSkill

You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.

executing-plansSkill

Use when you have a written implementation plan to execute in a separate session with review checkpoints

openclaw-security-checkerSkill

OpenClaw 安全检测工具,基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性

openclaw-threat-detectSkill

OpenClaw 攻击模式检测工具,识别数据外传、反弹Shell、文件泄露、Prompt注入、供应链投毒等高危行为,支持 MITRE ATT&CK 映射

pdfSkill

Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.

pentest-ai-llm-securitySkill

AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.

pentest-api-deepSkill

Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.