Install
openclaw skills install web-security-pentest-skill-completeWeb Security Penetration Test
Automates web security penetration testing by performing reconnaissance, vulnerability scanning, exploitation, and generating detailed compliance reports.
Audits
MaliciousWeb Security Penetration Testing Skill
Overview
A comprehensive web security penetration testing skill for OpenClaw agents. This skill provides automated tools and techniques for identifying, exploiting, and reporting web application vulnerabilities.
Features
1. Reconnaissance & Discovery
- Subdomain enumeration
- Port scanning
- Technology fingerprinting
- Directory and file discovery
2. Vulnerability Scanning
- Automated vulnerability scanning
- Common web vulnerabilities detection
- API security testing
- Authentication bypass testing
3. Exploitation Tools
- SQL injection testing
- XSS (Cross-Site Scripting) testing
- Command injection testing
- File inclusion testing
4. Reporting & Analysis
- Automated report generation
- Risk assessment
- Remediation recommendations
- Compliance checking
Prerequisites
Required Tools
- nmap - Network discovery and security auditing
- nikto - Web server scanner
- sqlmap - SQL injection tool
- gobuster/dirbuster - Directory/file brute force
- subfinder/amass - Subdomain enumeration
- whatweb - Web technology fingerprinting
- curl/wget - HTTP client tools
Python Libraries
- requests - HTTP requests
- beautifulsoup4 - HTML parsing
- scapy - Packet manipulation
- colorama - Colored terminal output
Installation
1. Install Required Tools
# Debian/Ubuntu
sudo apt update
sudo apt install -y nmap nikto sqlmap gobuster subfinder whatweb curl wget
# macOS
brew install nmap nikto sqlmap gobuster subfinder whatweb curl wget
# Python libraries
pip install requests beautifulsoup4 scapy colorama
2. Install Skill
# Clone or copy the skill to your OpenClaw skills directory
cp -r web-security-pentest-skill ~/.openclaw/skills/
Usage
Basic Usage
# Run full penetration test
python scripts/full_pentest.py --target https://example.com
# Run specific test
python scripts/sql_injection_test.py --url https://example.com/login
# Generate report
python scripts/report_generator.py --input scan_results.json --output report.html
Command Line Interface
# Help menu
python scripts/web_pentest.py --help
# Scan single target
python scripts/web_pentest.py --target https://example.com --scan-type full
# Scan multiple targets
python scripts/web_pentest.py --targets targets.txt --scan-type quick
# Custom output
python scripts/web_pentest.py --target https://example.com --output json --verbose
Scripts
1. reconnaissance.py
- Subdomain enumeration
- Port scanning
- Technology detection
- Directory brute forcing
2. vulnerability_scanner.py
- Common vulnerability scanning
- Security header checking
- SSL/TLS configuration testing
- API endpoint testing
3. exploitation_tools.py
- SQL injection testing
- XSS payload testing
- Command injection testing
- File upload testing
4. report_generator.py
- HTML report generation
- JSON/CSV export
- Risk assessment
- Remediation guidance
Configuration
Configuration File (config.yaml)
# Scanning configuration
scanning:
threads: 10
timeout: 30
user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
# Vulnerability detection
vulnerabilities:
sql_injection: true
xss: true
command_injection: true
directory_traversal: true
file_inclusion: true
# Reporting
reporting:
format: html
include_poc: true
risk_level: medium
compliance: [pci_dss, gdpr]
# Target scope
scope:
include_subdomains: true
max_depth: 3
excluded_paths: [/logout, /admin/delete]
Examples
Example 1: Full Penetration Test
from scripts.web_pentest import WebPentest
# Initialize scanner
scanner = WebPentest(target="https://example.com")
# Run reconnaissance
scanner.reconnaissance()
# Run vulnerability scan
scanner.vulnerability_scan()
# Test for specific vulnerabilities
scanner.test_sql_injection()
scanner.test_xss()
scanner.test_command_injection()
# Generate report
scanner.generate_report(format="html", output="report.html")
Example 2: API Security Testing
from scripts.api_security_tester import APISecurityTester
# Initialize API tester
tester = APISecurityTester(api_url="https://api.example.com")
# Test authentication
tester.test_authentication()
# Test authorization
tester.test_authorization()
# Test input validation
tester.test_input_validation()
# Test rate limiting
tester.test_rate_limiting()
# Generate API security report
tester.generate_api_report()
Example 3: Custom Payload Testing
from scripts.payload_tester import PayloadTester
# Initialize payload tester
tester = PayloadTester(target_url="https://example.com/search")
# Test SQL injection payloads
sql_payloads = [
"' OR '1'='1",
"'; DROP TABLE users; --",
"1' AND SLEEP(5) --"
]
tester.test_sql_payloads(sql_payloads)
# Test XSS payloads
xss_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>"
]
tester.test_xss_payloads(xss_payloads)
# Test command injection payloads
cmd_payloads = [
"; ls -la",
"| cat /etc/passwd",
"`id`"
]
tester.test_command_payloads(cmd_payloads)
Vulnerability Database
SQL Injection
- Error-based SQLi
- Union-based SQLi
- Blind SQLi
- Time-based SQLi
- Out-of-band SQLi
Cross-Site Scripting (XSS)
- Reflected XSS
- Stored XSS
- DOM-based XSS
- Blind XSS
Command Injection
- OS command injection
- Code injection
- Template injection
- Expression language injection
File Inclusion
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Directory traversal
- Path traversal
Authentication Bypass
- SQL injection in login
- Session fixation
- Credential stuffing
- Brute force attacks
Authorization Issues
- Insecure Direct Object References (IDOR)
- Missing function level access control
- Privilege escalation
- Horizontal/vertical privilege escalation
Risk Assessment
Risk Levels
Critical (9.0-10.0)
- Remote code execution
- SQL injection with data extraction
- Authentication bypass
- Privilege escalation to admin
High (7.0-8.9)
- Cross-site scripting (stored)
- Directory traversal
- File upload vulnerability
- Information disclosure
Medium (4.0-6.9)
- Cross-site scripting (reflected)
- CSRF (Cross-Site Request Forgery)
- Insufficient session expiration
- Security misconfiguration
Low (0.1-3.9)
- Clickjacking
- Information leakage in headers
- Missing security headers
- Verbose error messages
Compliance Standards
PCI DSS (Payment Card Industry)
- Requirement 6: Develop and maintain secure systems
- Requirement 11: Regularly test security systems
GDPR (General Data Protection Regulation)
- Article 32: Security of processing
- Data protection by design and by default
OWASP Top 10
- A01: Broken Access Control
- A02: Cryptographic Failures
- A03: Injection
- A04: Insecure Design
- A05: Security Misconfiguration
- A06: Vulnerable and Outdated Components
- A07: Identification and Authentication Failures
- A08: Software and Data Integrity Failures
- A09: Security Logging and Monitoring Failures
- A10: Server-Side Request Forgery
ISO 27001
- A.12.6: Technical vulnerability management
- A.14.2: Security in development and support processes
Reporting
Report Types
Executive Summary
- High-level overview
- Business impact
- Risk assessment
- Recommendations
Technical Report
- Detailed findings
- Proof of concept
- Request/response details
- Screenshots
Developer Report
- Vulnerability details
- Code snippets
- Fix recommendations
- Testing methodology
Compliance Report
- Compliance status
- Gap analysis
- Remediation timeline
- Evidence collection
Report Templates
HTML Report
- Interactive dashboard
- Searchable findings
- Export functionality
- Responsive design
PDF Report
- Professional formatting
- Print-ready
- Watermark support
- Table of contents
JSON Report
- Machine-readable
- Integration friendly
- Version control friendly
- Automated processing
Markdown Report
- GitHub/GitLab friendly
- Version control friendly
- Easy to edit
- Lightweight
Integration
CI/CD Integration
# GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run Security Scan
run: |
pip install -r requirements.txt
python scripts/web_pentest.py --target ${{ secrets.TARGET_URL }} --scan-type quick
Slack Integration
from scripts.slack_notifier import SlackNotifier
# Initialize Slack notifier
slack = SlackNotifier(webhook_url="SLACK_WEBHOOK_URL")
# Send scan results
slack.send_scan_results(scan_results)
# Send critical alerts
slack.send_critical_alert(vulnerability)
# Send daily summary
slack.send_daily_summary()
Jira Integration
from scripts.jira_integration import JiraIntegration
# Initialize Jira integration
jira = JiraIntegration(
url="JIRA_URL",
username="JIRA_USERNAME",
api_key="JIRA_API_KEY"
)
# Create vulnerability ticket
jira.create_vulnerability_ticket(
project="SEC",
summary="SQL Injection Vulnerability",
description=vulnerability_details,
priority="High"
)
# Update ticket status
jira.update_ticket_status(ticket_id="SEC-123", status="In Progress")
Best Practices
Scanning Best Practices
- Get Authorization - Always obtain written permission before testing
- Define Scope - Clearly define what is in scope and out of scope
- Use Test Environment - Test in staging/development environments first
- Schedule Tests - Schedule tests during maintenance windows
- Monitor Impact - Monitor system performance during tests
Reporting Best Practices
- Clear Findings - Clearly describe each finding
- Provide Evidence - Include screenshots and proof of concept
- Risk Assessment - Assess business impact and risk level
- Remediation Steps - Provide clear remediation steps
- Follow-up - Schedule follow-up verification
Ethical Considerations
- Confidentiality - Keep findings confidential
- Responsible Disclosure - Follow responsible disclosure practices
- Data Protection - Do not access or exfiltrate sensitive data
- Legal Compliance - Comply with all applicable laws and regulations
Troubleshooting
Common Issues
Issue 1: Connection Timeout
# Increase timeout
python scripts/web_pentest.py --target https://example.com --timeout 60
# Use proxy
python scripts/web_pentest.py --target https://example.com --proxy http://proxy:8080
Issue 2: Rate Limiting
# Reduce threads
python scripts/web_pentest.py --target https://example.com --threads 5
# Add delays
python scripts/web_pentest.py --target https://example.com --delay 2
Issue 3: False Positives
# Tune detection
python scripts/web_pentest.py --target https://example.com --confidence 0.8
# Exclude paths
python scripts/web_pentest.py --target https://example.com --exclude /static/, /images/
Debug Mode
# Enable debug mode
python scripts/web_pentest.py --target https://example.com --debug
# Verbose output
python scripts/web_pentest.py --target https://example.com --verbose
# Log to file
python scripts/web_pentest.py --target https://example.com --log-file scan.log
Updates and Maintenance
Version History
v1.0.0 (2024-01-01)
- Initial release
- Basic reconnaissance and scanning
- SQL injection and XSS testing
- HTML report generation
v1.1.0 (2024-02-01)
- Added API security testing
- Enhanced reporting
- CI/CD integration
- Slack notifications
v1.2.0 (2024-03-01)
- Added compliance checking
- Jira integration
- Performance improvements
- Bug fixes
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
Support
- Documentation: docs.security-pentest.com
- Issues: GitHub Issues
- Community: Discord Community
- Email: support@security-pentest.com
License
This skill is licensed under the MIT License. See LICENSE file for details.
Disclaimer
This tool is for educational and authorized testing purposes only. The developers are not responsible for any misuse or damage caused by this tool. Always obtain proper authorization before testing any system.
Author: Security Research Team
Version: 1.0.0
Last Updated: 2024-01-01
Website: https://security-pentest.com