🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Web Security Penetration Test

by @liubo2025code

Automates web security penetration testing by performing reconnaissance, vulnerability scanning, exploitation, and generating detailed compliance reports.

TERMINAL
clawhub install web-security-pentest-skill-complete

πŸ“– About This Skill

Web Security Penetration Testing Skill

Overview

A comprehensive web security penetration testing skill for OpenClaw agents. This skill provides automated tools and techniques for identifying, exploiting, and reporting web application vulnerabilities.

Features

1. Reconnaissance & Discovery

  • Subdomain enumeration
  • Port scanning
  • Technology fingerprinting
  • Directory and file discovery
  • 2. Vulnerability Scanning

  • Automated vulnerability scanning
  • Common web vulnerabilities detection
  • API security testing
  • Authentication bypass testing
  • 3. Exploitation Tools

  • SQL injection testing
  • XSS (Cross-Site Scripting) testing
  • Command injection testing
  • File inclusion testing
  • 4. Reporting & Analysis

  • Automated report generation
  • Risk assessment
  • Remediation recommendations
  • Compliance checking
  • Prerequisites

    Required Tools

  • nmap - Network discovery and security auditing
  • nikto - Web server scanner
  • sqlmap - SQL injection tool
  • gobuster/dirbuster - Directory/file brute force
  • subfinder/amass - Subdomain enumeration
  • whatweb - Web technology fingerprinting
  • curl/wget - HTTP client tools
  • Python Libraries

  • requests - HTTP requests
  • beautifulsoup4 - HTML parsing
  • scapy - Packet manipulation
  • colorama - Colored terminal output
  • Installation

    1. Install Required Tools

    # Debian/Ubuntu
    sudo apt update
    sudo apt install -y nmap nikto sqlmap gobuster subfinder whatweb curl wget

    macOS

    brew install nmap nikto sqlmap gobuster subfinder whatweb curl wget

    Python libraries

    pip install requests beautifulsoup4 scapy colorama

    2. Install Skill

    # Clone or copy the skill to your OpenClaw skills directory
    cp -r web-security-pentest-skill ~/.openclaw/skills/
    

    Usage

    Basic Usage

    # Run full penetration test
    python scripts/full_pentest.py --target https://example.com

    Run specific test

    python scripts/sql_injection_test.py --url https://example.com/login

    Generate report

    python scripts/report_generator.py --input scan_results.json --output report.html

    Command Line Interface

    # Help menu
    python scripts/web_pentest.py --help

    Scan single target

    python scripts/web_pentest.py --target https://example.com --scan-type full

    Scan multiple targets

    python scripts/web_pentest.py --targets targets.txt --scan-type quick

    Custom output

    python scripts/web_pentest.py --target https://example.com --output json --verbose

    Scripts

    1. reconnaissance.py

  • Subdomain enumeration
  • Port scanning
  • Technology detection
  • Directory brute forcing
  • 2. vulnerability_scanner.py

  • Common vulnerability scanning
  • Security header checking
  • SSL/TLS configuration testing
  • API endpoint testing
  • 3. exploitation_tools.py

  • SQL injection testing
  • XSS payload testing
  • Command injection testing
  • File upload testing
  • 4. report_generator.py

  • HTML report generation
  • JSON/CSV export
  • Risk assessment
  • Remediation guidance
  • Configuration

    Configuration File (config.yaml)

    # Scanning configuration
    scanning:
      threads: 10
      timeout: 30
      user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

    Vulnerability detection

    vulnerabilities: sql_injection: true xss: true command_injection: true directory_traversal: true file_inclusion: true

    Reporting

    reporting: format: html include_poc: true risk_level: medium compliance: [pci_dss, gdpr]

    Target scope

    scope: include_subdomains: true max_depth: 3 excluded_paths: [/logout, /admin/delete]

    Examples

    Example 1: Full Penetration Test

    from scripts.web_pentest import WebPentest

    Initialize scanner

    scanner = WebPentest(target="https://example.com")

    Run reconnaissance

    scanner.reconnaissance()

    Run vulnerability scan

    scanner.vulnerability_scan()

    Test for specific vulnerabilities

    scanner.test_sql_injection() scanner.test_xss() scanner.test_command_injection()

    Generate report

    scanner.generate_report(format="html", output="report.html")

    Example 2: API Security Testing

    from scripts.api_security_tester import APISecurityTester

    Initialize API tester

    tester = APISecurityTester(api_url="https://api.example.com")

    Test authentication

    tester.test_authentication()

    Test authorization

    tester.test_authorization()

    Test input validation

    tester.test_input_validation()

    Test rate limiting

    tester.test_rate_limiting()

    Generate API security report

    tester.generate_api_report()

    Example 3: Custom Payload Testing

    from scripts.payload_tester import PayloadTester

    Initialize payload tester

    tester = PayloadTester(target_url="https://example.com/search")

    Test SQL injection payloads

    sql_payloads = [ "' OR '1'='1", "'; DROP TABLE users; --", "1' AND SLEEP(5) --" ] tester.test_sql_payloads(sql_payloads)

    Test XSS payloads

    xss_payloads = [ "", "", "" ] tester.test_xss_payloads(xss_payloads)

    Test command injection payloads

    cmd_payloads = [ "; ls -la", "| cat /etc/passwd", "id" ] tester.test_command_payloads(cmd_payloads)

    Vulnerability Database

    SQL Injection

  • Error-based SQLi
  • Union-based SQLi
  • Blind SQLi
  • Time-based SQLi
  • Out-of-band SQLi
  • Cross-Site Scripting (XSS)

  • Reflected XSS
  • Stored XSS
  • DOM-based XSS
  • Blind XSS
  • Command Injection

  • OS command injection
  • Code injection
  • Template injection
  • Expression language injection
  • File Inclusion

  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Directory traversal
  • Path traversal
  • Authentication Bypass

  • SQL injection in login
  • Session fixation
  • Credential stuffing
  • Brute force attacks
  • Authorization Issues

  • Insecure Direct Object References (IDOR)
  • Missing function level access control
  • Privilege escalation
  • Horizontal/vertical privilege escalation
  • Risk Assessment

    Risk Levels

    #### Critical (9.0-10.0)

  • Remote code execution
  • SQL injection with data extraction
  • Authentication bypass
  • Privilege escalation to admin
  • #### High (7.0-8.9)

  • Cross-site scripting (stored)
  • Directory traversal
  • File upload vulnerability
  • Information disclosure
  • #### Medium (4.0-6.9)

  • Cross-site scripting (reflected)
  • CSRF (Cross-Site Request Forgery)
  • Insufficient session expiration
  • Security misconfiguration
  • #### Low (0.1-3.9)

  • Clickjacking
  • Information leakage in headers
  • Missing security headers
  • Verbose error messages
  • Compliance Standards

    PCI DSS (Payment Card Industry)

  • Requirement 6: Develop and maintain secure systems
  • Requirement 11: Regularly test security systems
  • GDPR (General Data Protection Regulation)

  • Article 32: Security of processing
  • Data protection by design and by default
  • OWASP Top 10

  • A01: Broken Access Control
  • A02: Cryptographic Failures
  • A03: Injection
  • A04: Insecure Design
  • A05: Security Misconfiguration
  • A06: Vulnerable and Outdated Components
  • A07: Identification and Authentication Failures
  • A08: Software and Data Integrity Failures
  • A09: Security Logging and Monitoring Failures
  • A10: Server-Side Request Forgery
  • ISO 27001

  • A.12.6: Technical vulnerability management
  • A.14.2: Security in development and support processes
  • Reporting

    Report Types

    #### Executive Summary

  • High-level overview
  • Business impact
  • Risk assessment
  • Recommendations
  • #### Technical Report

  • Detailed findings
  • Proof of concept
  • Request/response details
  • Screenshots
  • #### Developer Report

  • Vulnerability details
  • Code snippets
  • Fix recommendations
  • Testing methodology
  • #### Compliance Report

  • Compliance status
  • Gap analysis
  • Remediation timeline
  • Evidence collection
  • Report Templates

    #### HTML Report

  • Interactive dashboard
  • Searchable findings
  • Export functionality
  • Responsive design
  • #### PDF Report

  • Professional formatting
  • Print-ready
  • Watermark support
  • Table of contents
  • #### JSON Report

  • Machine-readable
  • Integration friendly
  • Version control friendly
  • Automated processing
  • #### Markdown Report

  • GitHub/GitLab friendly
  • Version control friendly
  • Easy to edit
  • Lightweight
  • Integration

    CI/CD Integration

    # GitHub Actions
    name: Security Scan
    on: [push, pull_request]
    jobs:
      security-scan:
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v2
          - name: Run Security Scan
            run: |
              pip install -r requirements.txt
              python scripts/web_pentest.py --target ${{ secrets.TARGET_URL }} --scan-type quick
    

    Slack Integration

    from scripts.slack_notifier import SlackNotifier

    Initialize Slack notifier

    slack = SlackNotifier(webhook_url="SLACK_WEBHOOK_URL")

    Send scan results

    slack.send_scan_results(scan_results)

    Send critical alerts

    slack.send_critical_alert(vulnerability)

    Send daily summary

    slack.send_daily_summary()

    Jira Integration

    from scripts.jira_integration import JiraIntegration

    Initialize Jira integration

    jira = JiraIntegration( url="JIRA_URL", username="JIRA_USERNAME", api_key="JIRA_API_KEY" )

    Create vulnerability ticket

    jira.create_vulnerability_ticket( project="SEC", summary="SQL Injection Vulnerability", description=vulnerability_details, priority="High" )

    Update ticket status

    jira.update_ticket_status(ticket_id="SEC-123", status="In Progress")

    Best Practices

    Scanning Best Practices

    1. Get Authorization - Always obtain written permission before testing 2. Define Scope - Clearly define what is in scope and out of scope 3. Use Test Environment - Test in staging/development environments first 4. Schedule Tests - Schedule tests during maintenance windows 5. Monitor Impact - Monitor system performance during tests

    Reporting Best Practices

    1. Clear Findings - Clearly describe each finding 2. Provide Evidence - Include screenshots and proof of concept 3. Risk Assessment - Assess business impact and risk level 4. Remediation Steps - Provide clear remediation steps 5. Follow-up - Schedule follow-up verification

    Ethical Considerations

    1. Confidentiality - Keep findings confidential 2. Responsible Disclosure - Follow responsible disclosure practices 3. Data Protection - Do not access or exfiltrate sensitive data 4. Legal Compliance - Comply with all applicable laws and regulations

    Troubleshooting

    Common Issues

    #### Issue 1: Connection Timeout

    # Increase timeout
    python scripts/web_pentest.py --target https://example.com --timeout 60

    Use proxy

    python scripts/web_pentest.py --target https://example.com --proxy http://proxy:8080

    #### Issue 2: Rate Limiting

    # Reduce threads
    python scripts/web_pentest.py --target https://example.com --threads 5

    Add delays

    python scripts/web_pentest.py --target https://example.com --delay 2

    #### Issue 3: False Positives

    # Tune detection
    python scripts/web_pentest.py --target https://example.com --confidence 0.8

    Exclude paths

    python scripts/web_pentest.py --target https://example.com --exclude /static/, /images/

    Debug Mode

    # Enable debug mode
    python scripts/web_pentest.py --target https://example.com --debug

    Verbose output

    python scripts/web_pentest.py --target https://example.com --verbose

    Log to file

    python scripts/web_pentest.py --target https://example.com --log-file scan.log

    Updates and Maintenance

    Version History

    #### v1.0.0 (2024-01-01)

  • Initial release
  • Basic reconnaissance and scanning
  • SQL injection and XSS testing
  • HTML report generation
  • #### v1.1.0 (2024-02-01)

  • Added API security testing
  • Enhanced reporting
  • CI/CD integration
  • Slack notifications
  • #### v1.2.0 (2024-03-01)

  • Added compliance checking
  • Jira integration
  • Performance improvements
  • Bug fixes
  • Contributing

    1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests 5. Submit a pull request

    Support

  • Documentation: docs.security-pentest.com
  • Issues: GitHub Issues
  • Community: Discord Community
  • Email: support@security-pentest.com
  • License

    This skill is licensed under the MIT License. See LICENSE file for details.

    Disclaimer

    This tool is for educational and authorized testing purposes only. The developers are not responsible for any misuse or damage caused by this tool. Always obtain proper authorization before testing any system.


    Author: Security Research Team Version: 1.0.0 Last Updated: 2024-01-01 Website: https://security-pentest.com

    πŸ’‘ Examples

    Example 1: Full Penetration Test

    from scripts.web_pentest import WebPentest

    Initialize scanner

    scanner = WebPentest(target="https://example.com")

    Run reconnaissance

    scanner.reconnaissance()

    Run vulnerability scan

    scanner.vulnerability_scan()

    Test for specific vulnerabilities

    scanner.test_sql_injection() scanner.test_xss() scanner.test_command_injection()

    Generate report

    scanner.generate_report(format="html", output="report.html")

    Example 2: API Security Testing

    from scripts.api_security_tester import APISecurityTester

    Initialize API tester

    tester = APISecurityTester(api_url="https://api.example.com")

    Test authentication

    tester.test_authentication()

    Test authorization

    tester.test_authorization()

    Test input validation

    tester.test_input_validation()

    Test rate limiting

    tester.test_rate_limiting()

    Generate API security report

    tester.generate_api_report()

    Example 3: Custom Payload Testing

    from scripts.payload_tester import PayloadTester

    Initialize payload tester

    tester = PayloadTester(target_url="https://example.com/search")

    Test SQL injection payloads

    sql_payloads = [ "' OR '1'='1", "'; DROP TABLE users; --", "1' AND SLEEP(5) --" ] tester.test_sql_payloads(sql_payloads)

    Test XSS payloads

    xss_payloads = [ "", "", "" ] tester.test_xss_payloads(xss_payloads)

    Test command injection payloads

    cmd_payloads = [ "; ls -la", "| cat /etc/passwd", "id" ] tester.test_command_payloads(cmd_payloads)

    βš™οΈ Configuration

    Configuration File (config.yaml)

    # Scanning configuration
    scanning:
      threads: 10
      timeout: 30
      user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"

    Vulnerability detection

    vulnerabilities: sql_injection: true xss: true command_injection: true directory_traversal: true file_inclusion: true

    Reporting

    reporting: format: html include_poc: true risk_level: medium compliance: [pci_dss, gdpr]

    Target scope

    scope: include_subdomains: true max_depth: 3 excluded_paths: [/logout, /admin/delete]

    πŸ“‹ Tips & Best Practices

    Scanning Best Practices

    1. Get Authorization - Always obtain written permission before testing 2. Define Scope - Clearly define what is in scope and out of scope 3. Use Test Environment - Test in staging/development environments first 4. Schedule Tests - Schedule tests during maintenance windows 5. Monitor Impact - Monitor system performance during tests

    Reporting Best Practices

    1. Clear Findings - Clearly describe each finding 2. Provide Evidence - Include screenshots and proof of concept 3. Risk Assessment - Assess business impact and risk level 4. Remediation Steps - Provide clear remediation steps 5. Follow-up - Schedule follow-up verification

    Ethical Considerations

    1. Confidentiality - Keep findings confidential 2. Responsible Disclosure - Follow responsible disclosure practices 3. Data Protection - Do not access or exfiltrate sensitive data 4. Legal Compliance - Comply with all applicable laws and regulations