Awesome Pentest
Browse curated penetration testing resources and exploit databases. Use when planning security audits, researching vulns, or building toolkits.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 104 · 0 current installs · 0 all-time installs
bybytesagain4@xueyetianya
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description promises browsing curated penetration-testing resources and exploit databases, but the shipped code contains only local CLI utilities that create and manage logs under ~/.local/share/awesome-pentest. There is no network access or code to fetch external resources or query exploit DBs, so the declared purpose and actual capability are not aligned.
Instruction Scope
SKILL.md declares runtime: python3 and lists simple commands (help, run, info, status), yet the repo contains Bash scripts (scripts/script.sh) implementing a much larger command set (generate, search, export, etc.) that read/write files under the user's HOME. The SKILL.md includes a placeholder ([configured-endpoint]) and appears incomplete. The instructions are therefore vague and inconsistent with the code.
Install Mechanism
There is no install specification (instruction-only), so nothing is downloaded or installed by the skill itself. The only risk is the included code files that will be executed by the agent; no external installs or downloads are declared.
Credentials
The skill requests no environment variables, credentials, or config paths. The scripts only read/write under $HOME/.local/share/awesome-pentest, which is proportionate for a local CLI data store, though users should be aware of local file writes.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It will create a data directory and log files in the user's home, which is normal for a local CLI tool but is not a platform-level privilege escalation.
What to consider before installing
This skill is internally inconsistent and likely incomplete. Before installing: (1) Confirm the maintainer/source (homepage is missing); (2) Ask for clarification or a fixed SKILL.md — the header claims runtime: python3 but the scripts are Bash; either the runtime should be bash or the code should be Python. (3) If you expect network browsing/exploit DB access, request code that actually performs safe, auditable network calls (and declare any required API keys). (4) Note that the scripts will create and write logs under ~/.local/share/awesome-pentest — run in an isolated/sandboxed environment if you want to test. (5) If you do not trust the author, do not install on a sensitive system; review the scripts line-by-line or have someone you trust review them. These inconsistencies explain the 'suspicious' verdict rather than a clear 'benign' classification.Like a lobster shell, security has layers — review code before you run it.
Current versionv2.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Awesome Pentest
A collection of awesome penetration testing resources, tools and other shiny things
Inspired by enaqx/awesome-pentest (25,545+ GitHub stars).
Commands
help- Helprun- Runinfo- Infostatus- Status
Features
- Core functionality from enaqx/awesome-pentest
Usage
Run any command: awesome-pentest <command> [args]
Powered by BytesAgain | bytesagain.com | hello@bytesagain.com
Examples
awesome-pentest help
awesome-pentest run
When to Use
- for batch processing pentest operations
- as part of a larger automation pipeline
Output
Returns results to stdout. Redirect to a file with awesome-pentest run > output.txt.
Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…