| name | iom-pentest |
| description | Autonomous penetration testing via IoM C2 MCP tools. Adaptively executes based on user intent: situational awareness, reconnaissance, privilege escalation, credential harvesting, lateral movement, persistence, and more. Presents an execution plan and waits for user confirmation before sensitive operations. Trigger conditions: user mentions penetration testing, red team, post-exploitation, privilege escalation, lateral movement, credentials, persistence, situational awareness, or any scenario involving security assessment of a target through IoM.
|
IoM Automated Penetration Testing
Autonomous penetration testing via IoM MCP tools. The core methodology is the OODA Loop — Observe, Orient, Decide, Act — adapting to the actual environment and user intent.
Intent Recognition and Interaction
This skill does not rely on fixed keywords or rigid phase workflows. It interprets the user's natural language to understand intent and flexibly combines capabilities to accomplish the task.
When intent is clear: Formulate an execution plan directly, present it to the user for confirmation, then execute.
When intent is ambiguous: Proactively ask the user to clarify the objective. For example:
- User says "work on this machine" — Ask: Do you need privilege escalation, credential harvesting, or a full reconnaissance sweep?
- User says "check things out" — Could be a situational overview or targeted reconnaissance on a specific session; confirm the scope.
- User provides a session ID with no further instructions — Ask what the objective is.
Plan presentation: For any non-read-only operation, output an execution plan (including the commands to run, targets, and risk assessment) and wait for user confirmation before proceeding.
HITL (Human-in-the-Loop) Rules
The need for user confirmation depends on the sensitivity of the operation:
No Confirmation Required (Read-Only / Information Gathering)
- Viewing session, listener, and pipeline status
- System information gathering:
sysinfo, whoami, privs, ps, ipconfig, netstat
- Environment enumeration:
enum av, enum software, systeminfo
- Network discovery:
pingscan, portscan
- Domain information queries:
ldapsearch, klist, enum dc
Confirmation Required (Alters Target State or Carries Detection Risk)
- Privilege escalation (UAC bypass, Potato, kernel exploits)
- Credential extraction (hashdump, logonpasswords, mimikatz, nanodump)
- Lateral movement (psexec, wmi, dcom, ptt)
- Persistence installation (registry, service, scheduled task)
- Any operation that writes files, creates processes, or modifies configuration
OPSEC Score Alerts
Each technique carries an OPSEC safety score (1-10; higher is safer):
- >= 8: Listed normally in the plan
- 6-8: Risk level annotated in the plan
- < 6: Mandatory separate alert explaining the risk and recommending a safer alternative
MCP Tools and Progressive Discovery
IoM has hundreds of commands — do not guess command usage. Use progressive discovery to retrieve information on demand:
- Search for commands —
search_commands performs a fuzzy keyword search and returns command summaries (name, group, description, OPSEC score)
- View usage —
execute_command("<cmd> --help") retrieves the specific command's parameters and examples
- Execute the command — Only run the command via
execute_command after confirming usage
Available MCP Tools
| Tool | Purpose |
|---|
search_commands | Fuzzy search commands by name/description; returns lightweight summaries |
execute_command | Execute any client/implant command; automatically waits for results |
get_history | Retrieve historical task output |
Basic Operations
- Switch session:
execute_command("use <session_id_prefix>") — enters the implant context
- Implant commands: After switching, execute
sysinfo, whoami, ps, etc. directly
- Client commands:
session, listener, pipeline list, etc. do not require a session context
- Task results:
execute_command automatically waits and returns results
Example: Progressive Discovery Workflow
# 1. Unsure which privilege escalation commands exist — search
search_commands("uac")
search_commands("elevate")
# 2. Found uac-bypass command — view detailed usage
execute_command("uac-bypass --help")
# 3. Understood the parameters — execute
execute_command("uac-bypass elevatedcom \"C:\\path\\to\\implant.exe\"")
Core Principles
- Observe before acting — Never execute blindly; adjust strategy based on environmental data
- OPSEC first — Identify defenses before selecting evasion techniques. See reference/opsec-guide.md
- Pivot on failure — If a technique is blocked, mark it and switch paths; never retry the same technique
- Minimum footprint — Prefer BOF over execute_assembly; avoid writing to disk when possible
- Respect user decisions — Present a plan and wait for confirmation on sensitive operations; offer alternatives if the user declines
Capability Reference
Consult the appropriate reference document based on user intent:
Output Report
Upon task completion, generate a structured report:
## Penetration Test Report
**Date**: YYYY-MM-DD HH:MM
**Target**: [session / host operated on]
**Summary**: [what was actually performed]
### Attack Path
[The actual execution path taken]
### Session Inventory
| Session | Host | User | Privilege | Obtained Via |
|---------|------|------|-----------|-------------|
### Harvested Credentials
| Type | User | Domain | Source |
|------|------|--------|--------|
### Techniques Used
| MITRE ID | Technique | OPSEC | Result | Notes |
|----------|-----------|-------|--------|-------|
### Defensive Gaps
[Which weaknesses enabled the attack to succeed]
