ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pentest Workbench

v1.0.0

Comprehensive offensive security workflow for bug bounty, vulnerability assessment, penetration testing, and exploitation. Use when performing security testi...

1· 12·0 current·0 all-time
by@mamuaminu
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the provided content: recon, vuln analysis, exploit dev, and privesc guidance. However the skill's metadata lists no required binaries while the SKILL.md and scripts clearly assume many external tools are present (nmap, msfvenom, sqlmap, netcat, etc.). Also the package has no homepage or known source — provenance is unknown and should be considered.
!
Instruction Scope
SKILL.md explicitly instructs active network scanning, fuzzing, exploitation, privilege escalation, and persistence techniques. Those actions are coherent for a pentest skill, but they are inherently destructive and broad: the top guidance relies on user-supplied scope yet the skill also lists many trigger phrases (e.g., 'exploit this', 'run a pentest') that could encourage use outside authorized scope. The included scripts (nmap scans writing to /tmp, a fuzzing socket tool) will perform network activity if run. There are no instructions that read unrelated local secrets, but there are explicit instructions for extracting credentials (Mimikatz/LaZagne) and modifying target systems — expected for the purpose but high-risk if misapplied.
Install Mechanism
No install spec is present (instruction-only + two small scripts). No network download/install steps are embedded. The absence of an install phase reduces supply‑chain risk, but bundled scripts will run local binaries when executed.
Credentials
The skill declares no required environment variables or credentials, which aligns with the provided artifacts. The content references attacker-controlled LHOST/LPORT values and credentials/tools that pentesters commonly use, but those are not requested from the host environment by the skill itself. No unrelated secrets or system config paths are requested by the skill manifest.
Persistence & Privilege
always:false and no special privileges or modifications of other skills/system settings are requested. The SKILL.md discusses persistence techniques for targets (scheduled tasks, SSH keys), which is appropriate for a pentest reference but unrelated to the skill's own installation or privileges.
Assessment
This skill is an offensive-security reference and includes scripts that will actively scan and fuzz network targets and detailed exploit/privesc recipes. That is coherent with its stated purpose but high-risk if used on systems you do not own or without authorization. Before installing or invoking: 1) Confirm legal authorization and a defined scope for testing. 2) Review/limit agent/network permissions — running the skill will call tools like nmap and may contact remote hosts. 3) Ensure required tools (nmap, msfvenom, sqlmap, python) are installed on the host — the manifest does not declare them. 4) Consider running scripts manually in a controlled lab, and avoid allowing autonomous agent invocation against production networks. 5) Note the package source is unknown (no homepage); if provenance matters, obtain a vetted copy from a known repository or author.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e48nej4mzh84r6py7s0h7sh85a2v0
12downloads
1stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@mamuaminu
latest
Download

Pentest Workbench

Quick Start

  1. Define scope — target, rules of engagement, goals
  2. Recon — passive OSINT, network enumeration
  3. Identify — find vulnerabilities, misconfigs, weak points
  4. Exploit — leverage findings with appropriate technique
  5. Document — record steps, evidence, impact, remediation

Core Workflow

Phase 1: Recon & Enumeration

  • Network OSINT: Use nmap, masscan, rustscan for port discovery
  • Passive OSINT: Subdomain enum, WHOIS, Shodan, Censys, Google dorking
  • Web recon: Dirbuster, ffuf, Burp Suite crawler
  • For vulnerable targets: Netcat manual command probing first

Tools from linked repos:

  • netstalking-osint — automated OSINT recon workflows
  • Pentest-Tools (40+ categories) — scanner/framework discovery, network_enum

Phase 2: Vulnerability Analysis

  • Web: WPScan for WordPress, sqlmap for SQLi, Burp for auth bypass
  • Network: nmap NSE scripts, Metasploit, searchsploit
  • Binary: IDA/Ghidra for RE, checksec for mitigations
  • Config reviews: weak permissions, default creds, exposed secrets

Phase 3: Exploitation

Buffer Overflow (vulnserver pattern):

  1. Send oversized input to identify crash point
  2. Control EIP with offset measurement
  3. Find stable jump (JMP ESP / call esp)
  4. Generate shellcode (msfvenom / custom)
  5. Execute with proper alignment

Web:

  • SQLi → sqlmap or manual union/boolean
  • XSS → Beef/XSS Hunter
  • RCE → reverse shell via pentest-tools

Privesc (GTFOBins):

# Check sudo/suid binaries
sudo -l
find / -perm -4000 2>/dev/null

# Shell escape from restricted editor
:!/bin/bash

AD Attacks (Pentest-Tools):

  • Kerberoasting, AS-REP roasting, SMB relay
  • BloodHound/Sharphound enum → Golden/DFSRM

Phase 4: Post-Exploitation

  • Cowrie honeypot: analyze attacker sessions for TTPs
  • Privilege escalation: kernel exploits, sudo abuse, service misconfigs
  • Persistence: scheduled tasks, services, SSH keys
  • Lateral movement: PsExec, WMI, SMB, Pass-the-Hash

Phase 5: Documentation

  • Steps reproducible by another tester
  • Evidence: screenshots, packet captures, log output
  • Impact: CVSS score, business risk
  • Remediation: specific, actionable fixes

Key References

  • Binary exploitation: See references/buffer-overflow.md (vulnserver anatomy, exploit dev)
  • Privesc: See references/privesc.md (GTFOBins/LOLBAS, Linux/Windows escalation)
  • Tool inventory: See references/tools-inventory.md (all linked tools catalogued)
  • pwn.college: CTF exercises for memory corruption, ROP, kernel fundamentals

Exploit Dev (vulnserver)

Vulnserver runs on port 9999. Vulnerable commands:

CommandTrigger FunctionBuffer SizeOverflow Offset
TRUNFunction32000~2003 (EIP at ~2007)
GMONFunction32000Similar to TRUN
KSTETFunction260~64
GTERFunction1140~144
LTERFunction32000Via transformation
HTERFunction41000Hex-encoded

Key insight: essfunc.dll EssentialFunc10-14 also use strcpy into small buffers (140, 60, 2000, 2000, 1000).

Exploit strategy:

  1. Find offset with pattern_create / mona.py
  2. Confirm EIP control
  3. Locate or craft a ROP chain if ASLR/DEP present
  4. Generate alphanumeric shellcode if bad chars restrict ASCII
  5. Use egghunter if space is small

Tool Quick Ref

ToolPurposeKey Command
nmapPort enumnmap -sCV -p- -T4 target
Burp SuiteWeb testingProxy, Repeater, Intruder
sqlmapSQL injectionsqlmap -r req.txt --batch
msfvenomShellcode genmsfvenom -p linux/x64/shell_tcp LHOST=x R
CrackMapExecAD attackscme smb target -u user -p pass
Evil-WinRMRemote shellevil-winrm -i target -u user -p pass

Mindset

  • Methodical > flashy — good recon beats brute force
  • Always document as you go — screenshot everything
  • Understand the payload — not just "it works"
  • Think like defender — what would stop this attack?

Comments

Loading comments...