Master pentest orchestration — full pipeline from target to report with confirmation gates
Master pentest orchestration — full pipeline from target to report with confirmation gates
npx skills add https://github.com/TheophilusChinomona/athena-pentest --skill pentest-orchestrator이 명령을 Claude Code에 복사하여 붙여넣어 스킬을 설치하세요
| name | pentest-orchestrator |
| description | Master pentest orchestration — full pipeline from target to report with confirmation gates |
| triggers | ["pentest","security test","security assessment","full scan","penetration test"] |
Orchestrates a complete penetration test engagement with user confirmations at each phase.
Scope Validation → Recon → Vuln Scan → Targeted Testing → Report
│ │ │ │ │
confirm confirm confirm confirm deliver
Create engagement directory:
mkdir -p /tmp/pentest/{target}/{recon,web,network,api,evidence,reports}
Initialize state file /tmp/pentest/{target}/engagement-state.json:
{
"engagement_id": "engagement-{timestamp}",
"target": "{target}",
"status": "initializing",
"phases_completed": [],
"current_phase": "recon",
"findings_count": {"critical":0,"high":0,"medium":0,"low":0}
}
Present to user: target IP, approach, estimated cost/time. Wait for confirmation before proceeding.
Delegates to pentest-recon skill. The agent should:
Wait for user confirmation before proceeding to scanning.
Delegates to pentest-web, pentest-network, pentest-api skills. Run in parallel where possible:
Wait for all scans to complete, aggregate findings, present severity breakdown.
Wait for user confirmation before exploitation.
For each finding, run targeted verification:
Delegates to pentest-report skill:
Update /tmp/pentest/{target}/engagement-state.json after each phase using jq:
jq '.status = "scanning" | .phases_completed += ["recon"]' state.json > tmp && mv tmp state.json
Run independent scans in parallel (background terminal commands or delegate_task):
After report delivery:
| Phase | Est. Tokens | Est. Cost |
|---|---|---|
| Recon | 50-100K | $0.03-0.06 |
| Vuln Scan | 100-200K | $0.06-0.12 |
| Web Testing | 100-300K | $0.06-0.18 |
| Exploitation | 50-150K | $0.03-0.09 |
| Reporting | 50-100K | $0.03-0.06 |
| Total | 400K-950K | $0.24-0.57 |
API security testing — REST, GraphQL, authentication, authorization, rate limiting, business logic
Network penetration testing — service enumeration, vulnerability scanning, credential auditing, Active Directory
Comprehensive reconnaissance — passive OSINT, subdomain enumeration, port scanning, technology fingerprinting
Generate professional penetration testing reports from findings
Web application penetration testing — XSS, SQLi, CSRF, SSRF, command injection, file upload, WAF bypass
Code security testing — SAST, SCA, secret detection, container scanning, IaC analysis