conducting-network-penetration-test

by mukul975

conducting-network-penetration-test is an authorized network penetration testing skill for host discovery, port scanning, service enumeration, vulnerability identification, and reporting. It follows a PTES-style workflow with Nmap-centered automation and repo-backed references for clearer conducting-network-penetration-test usage.

Stars0

Favorites0

Comments0

AddedMay 12, 2026

CategoryPenetration Testing

Install Command

npx skills add mukul975/Anthropic-Cybersecurity-Skills --skill conducting-network-penetration-test

Curation Score

This skill scores 71/100, which means it is worth listing for directory users who need a focused network penetration-testing workflow. The repository shows a real, multi-step pentest agent with clear activation language, a substantial body of instructions, and executable support code, but it still leaves some adoption risk because the operational handoff is not fully polished and the install path is not turnkey.

71/100

Strengths

Clear triggerability: the frontmatter explicitly says it activates for network pentest, infrastructure security assessment, internal network testing, and external perimeter testing.
Real workflow value: the docs and API reference cover host discovery, port scanning, vulnerability scanning, SMB enumeration, SSL auditing, and reporting-oriented classification.
Good agent leverage: the repo includes a Python script plus a reference spec with concrete CLI examples and named functions, reducing guesswork versus a generic prompt.

Cautions

No install command or setup guide in SKILL.md, so users may need to infer dependencies and runtime steps themselves.
The repository is labeled with test/exam-like signals and is security-sensitive, so users should verify authorization boundaries and expect caution rather than a polished production package.

Network Security Networking Nmap Metasploit Burp Vulnerability Management Internal Pentest Assumed Breach

Overview

Overview of conducting-network-penetration-test skill

What this skill does

The conducting-network-penetration-test skill is built to guide authorized network penetration testing from discovery to reporting. It focuses on practical tasks that security teams actually need: finding live hosts, scanning ports, enumerating services, checking common exposure paths, and organizing findings into a defensible assessment.

Who it is best for

Use the conducting-network-penetration-test skill if you are validating internal or external infrastructure, checking segmentation and firewall behavior, or preparing evidence for compliance-driven testing. It is a better fit than a generic prompt when you want a repeatable workflow for Penetration Testing rather than ad hoc scanning advice.

What makes it useful

The repo-backed workflow includes PTES-style structure, Nmap-centered automation, and supporting reference material. That makes the conducting-network-penetration-test skill more actionable than a high-level checklist: it helps an agent move from scope confirmation to discovery, scanning, and result classification with less guesswork.

How to Use conducting-network-penetration-test skill

Install and locate the core files

Install the conducting-network-penetration-test skill with:
npx skills add mukul975/Anthropic-Cybersecurity-Skills --skill conducting-network-penetration-test

After install, read SKILL.md first, then check references/api-reference.md for command patterns and scripts/agent.py for the actual automation behavior. Those files tell you more than the folder name does.

Give the skill a usable engagement brief

For strong conducting-network-penetration-test usage, include the target scope, test type, and constraints up front. Good inputs look like:

Assess 10.20.0.0/24 for exposed services, focus on SMB, TLS, and Windows hosts
Run discovery only against 172.16.5.0/24 and return live hosts with hostnames
Test external perimeter IPs during the approved window and prioritize internet-facing services

Weak inputs like “scan the network” force the skill to assume too much.

Follow the repo workflow instead of improvising

The conducting-network-penetration-test guide is organized around discovery, port scanning, service identification, vulnerability scanning, and classification. If you are adapting it, keep the order intact: scope validation first, then discovery, then deeper scanning only where the target and authorization allow it. The scripts/agent.py file shows the expected CLI shape, including --target, --ports, --discovery-only, and --output.

Practical read-first path

If you want the fastest install-to-output path, read in this order:

SKILL.md for intended use and constraints
references/api-reference.md for available functions and CLI examples
scripts/agent.py for implementation details and default scan behavior

That sequence helps you avoid overusing the skill outside its intended network pentest workflow.

conducting-network-penetration-test skill FAQ

Is this skill only for Penetration Testing?

Yes. The conducting-network-penetration-test skill is designed for authorized network penetration testing, not general IT troubleshooting or defensive monitoring. It is most useful when you need structured reconnaissance and assessment of reachable services.

Do I need to know Nmap first?

Not deeply. The skill is still useful if you are not an Nmap expert, because it exposes the main scan flow and common options. That said, basic familiarity with targets, ports, and service enumeration will help you get better conducting-network-penetration-test usage results.

When should I not use it?

Do not use it for unauthorised targets, unclear ownership, or production systems without an approved window. It is also a poor fit if you only need a one-off connectivity check; a simpler prompt or standard admin tool will be faster.

Is it better than a normal prompt?

For repeated assessments, yes. A plain prompt can ask for a scan, but the conducting-network-penetration-test skill gives you a clearer workflow, better input expectations, and more consistent output structure. That reduces missed steps when the job becomes multi-stage.

How to Improve conducting-network-penetration-test skill

Provide scope and intent in the first prompt

The best improvement you can make is to define the target class and depth. Say whether you want discovery only, service enumeration, vuln identification, or a full report draft. For example: Analyze 192.168.50.0/24, focus on live hosts and SMB/TLS exposure, do not attempt exploitation.

Add constraints that change the result

The conducting-network-penetration-test install is most valuable when you tell it what it must avoid or prioritize: no noisy scans, specific port ranges, specific protocols, or a reporting format for stakeholders. These constraints shape tool choice and output quality more than generic “be thorough” instructions.

Inspect results and refine the next run

First-run output often reveals gaps in target selection or scan depth. If hosts are missing, ask for discovery adjustments; if services are too broad, narrow ports; if findings are noisy, request stronger severity grouping. Iterating this way improves conducting-network-penetration-test for Penetration Testing without restarting from scratch.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

exploiting-insecure-data-storage-in-mobile

by mukul975

The exploiting-insecure-data-storage-in-mobile skill helps assess and extract evidence from insecure local storage in Android and iOS apps. It covers SharedPreferences, SQLite databases, plist files, world-readable files, backup exposure, and weak keychain/keystore handling for mobile pentesting and Security Audit workflows.

Security Audit

Favorites 0GitHub 6.2k

exploiting-kerberoasting-with-impacket

by mukul975

exploiting-kerberoasting-with-impacket helps authorized testers plan Kerberoasting with Impacket GetUserSPNs.py, from SPN enumeration to TGS ticket extraction, offline cracking, and detection-aware reporting. Use this exploiting-kerberoasting-with-impacket guide for penetration testing workflows with clear install and usage context.

Penetration Testing

Favorites 0GitHub 6.2k

exploiting-jwt-algorithm-confusion-attack

by mukul975

The exploiting-jwt-algorithm-confusion-attack skill helps Security Audit workflows test JWT algorithm confusion, including RS256-to-HS256 downgrades, alg:none bypasses, and kid/jku/x5u header tricks. It is backed by a practical guide, reference examples, and a script for repeatable validation.

Security Audit

Favorites 0GitHub 6.2k

exploiting-idor-vulnerabilities

by mukul975

exploiting-idor-vulnerabilities helps authorized security audits test Insecure Direct Object Reference flaws across APIs, web apps, and multi-tenant systems with cross-session checks, object mapping, and read/write verification.

Security Audit

Favorites 0GitHub 6.2k

exploiting-broken-link-hijacking

by mukul975

Learn how the exploiting-broken-link-hijacking skill finds and validates broken link hijacking risks from expired domains, abandoned services, and claimable external resources. Built for Security Audit workflows, it helps separate harmless dead links from takeover candidates with a practical triage process.

Security Audit

Favorites 0GitHub 0

detecting-bluetooth-low-energy-attacks

by mukul975

detecting-bluetooth-low-energy-attacks skill for authorized BLE security testing. It helps assess sniffing exposure, replay risk, GATT enumeration abuse, advertising spoofing, and Man-in-the-Middle indicators using real BLE tooling and workflow guidance.

Penetration Testing

Favorites 0GitHub 0

configuring-snort-ids-for-intrusion-detection

by mukul975

configuring-snort-ids-for-intrusion-detection skill for installing, configuring, validating, and tuning Snort 3 IDS on authorized network segments. Includes practical usage, rule loading, CLI checks, false-positive reduction, and Security Audit workflows.

Security Audit

Favorites 0GitHub 0

exploiting-server-side-request-forgery

by mukul975

The exploiting-server-side-request-forgery skill helps assess SSRF-prone features in authorized web targets, including URL fetchers, webhooks, preview tools, and cloud metadata access. It provides a guided workflow for detection, bypass testing, internal service probing, and Security Audit validation.

Security Audit

Favorites 0GitHub 0

exploiting-race-condition-vulnerabilities

by mukul975

The exploiting-race-condition-vulnerabilities skill helps security auditors test web apps for TOCTOU flaws, duplicate transactions, and limit bypasses using Turbo Intruder-style concurrent requests. It includes install, workflow, and usage guidance for authorized assessments.

Security Audit

Favorites 0GitHub 0

exploiting-nopac-cve-2021-42278-42287

by mukul975

The exploiting-nopac-cve-2021-42278-42287 skill is a practical guide for assessing the noPac chain (CVE-2021-42278 and CVE-2021-42287) in Active Directory. It helps authorized red teamers and Security Audit users check prerequisites, review workflow files, and document exploitability with less guesswork.

Security Audit

Favorites 0GitHub 0

exploiting-insecure-deserialization

by mukul975

The exploiting-insecure-deserialization skill helps authorized penetration testers identify serialized inputs, match Java, PHP, Python, and .NET targets, and validate exploitability safely. It includes workflow guidance, detection cues, and tool references for focused testing.

Penetration Testing

Favorites 0GitHub 0

exploiting-broken-function-level-authorization

by mukul975

The exploiting-broken-function-level-authorization skill helps security auditors test APIs for Broken Function Level Authorization (BFLA). It focuses on discovering privileged endpoints, checking low-privilege access, and validating method or path bypasses with practical, evidence-based workflow guidance.

Security Audit

Favorites 0GitHub 0

exploiting-http-request-smuggling

by mukul975

The exploiting-http-request-smuggling skill helps authorized testers detect and assess HTTP request smuggling from Content-Length and Transfer-Encoding parsing mismatches across proxies, load balancers, and CDNs. It’s built for Security Audit workflows with raw-request probing, architecture fingerprinting, and practical validation steps.

Security Audit

Favorites 0GitHub 0

exploiting-constrained-delegation-abuse

by mukul975

The exploiting-constrained-delegation-abuse skill guides authorized Active Directory testing of Kerberos constrained delegation abuse. It covers enumeration, S4U2self and S4U2proxy ticket requests, and practical paths to lateral movement or privilege escalation. Use it when you need a repeatable guide for penetration testing, not a generic Kerberos overview.

Penetration Testing

Favorites 0GitHub 0

frontend-design

by anthropics

frontend-design helps you turn vague UI ideas into distinctive, production-grade interfaces with real frontend code, strong aesthetic direction, and less generic AI styling.

UI Design

Favorites 1GitHub 105.2k

create-colleague

by titanwings

create-colleague turns coworker docs, chats, emails, screenshots, Feishu, and DingTalk data into an editable AI skill with separate work and persona outputs, plus update flows for ongoing refinement.

Skill Authoring

Favorites 1GitHub 747