pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
Best use case
pentest-exploit-validation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
Teams using pentest-exploit-validation should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/pentest-exploit-validation/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How pentest-exploit-validation Compares
| Feature / Agent | pentest-exploit-validation | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Pentest Exploit Validation ## Purpose Validate vulnerability findings through proof-driven exploitation using Shannon's 4-level evidence system. Consumes the exploitation queue from white-box code review, attempts structured exploitation with bypass exhaustion, collects mandatory evidence per vulnerability type, and classifies each finding as EXPLOITED, POTENTIAL, or FALSE_POSITIVE. ## Prerequisites ### Authorization Requirements - **Written authorization** with explicit scope for active exploitation testing - **Exploitation queue JSON** from pentest-whitebox-code-review output - **Test accounts** at multiple privilege levels for authz testing - **Data exfiltration approval** — confirm acceptable proof-of-concept scope - **Rollback plan** for any data-mutating exploits ### Environment Setup - sqlmap for automated SQL injection exploitation - Burp Suite Professional with Repeater, Intruder, and Turbo Intruder - curl for manual HTTP request crafting - Playwright for browser-based exploitation (XSS, CSRF) - nuclei with custom templates for automated validation - Isolated testing environment or explicit production testing approval ## Core Workflow 1. **Queue Intake**: Parse exploitation queue JSON, validate schema, prioritize by confidence score and impact severity. Group findings by vulnerability type for parallel exploitation. 2. **Injection Exploitation**: Confirm injectable parameter → fingerprint backend (DB type, OS) → enumerate databases/tables → demonstrate data exfiltration with minimal footprint. 3. **XSS Exploitation**: Graph traversal from source → processing → sanitization → sink. Craft context-appropriate payload, demonstrate session hijack or DOM manipulation. 4. **Auth Exploitation**: Attack authentication weaknesses → demonstrate account takeover via credential stuffing, token forgery, or session hijack. 5. **Authz Exploitation**: Horizontal access (cross-user data) → vertical escalation (admin functions) → workflow bypass (state manipulation). 6. **SSRF Exploitation**: Internal service access → cloud metadata retrieval (169.254.169.254) → internal network reconnaissance. 7. **Bypass Exhaustion**: For each finding, attempt 3 initial payloads → if blocked, escalate to 8-10 bypass variations → if still blocked, deploy automated tool variants. 8. **Impact Escalation**: Escalate from proof-of-concept to real impact demonstration — data exfiltration, session hijacking, or remote code execution. 9. **Evidence Collection**: Collect mandatory evidence per vulnerability type using per-type checklists. 10. **Classification**: Assign final classification — EXPLOITED, POTENTIAL, or FALSE_POSITIVE — based on 4-level proof system. ## 4-Level Proof System | Level | Description | Classification | |-------|-------------|---------------| | L1 | Weakness identified in code but not confirmed exploitable | POTENTIAL | | L2 | Partial bypass achieved but full exploitation not demonstrated | POTENTIAL | | L3 | Vulnerability confirmed with reproducible evidence | EXPLOITED | | L4 | Critical impact demonstrated (data exfil, RCE, account takeover) | EXPLOITED CRITICAL | ## Classification Criteria | Classification | Criteria | |---------------|----------| | EXPLOITED | Reproducible proof with evidence: HTTP request/response, extracted data, or demonstrated impact | | POTENTIAL | Code-level weakness confirmed but exploitation blocked by defense-in-depth or environment constraints | | FALSE_POSITIVE | Taint analysis flagged but manual review confirms effective sanitization or unreachable code path | ## Tool Categories | Category | Tools | Purpose | |----------|-------|---------| | SQL Injection | sqlmap, manual payloads | Automated and manual SQLi exploitation | | Request Crafting | Burp Repeater, curl | Manual HTTP request manipulation | | Fuzzing | Burp Intruder, Turbo Intruder | Payload variation and bypass testing | | Browser Exploitation | Playwright | XSS demonstration, session hijack | | Automation | nuclei, custom scripts | Template-based vulnerability validation | | Evidence Capture | Burp Logger, screenshot tools | Request/response logging and proof | ## References - `references/tools.md` - Tool function signatures and parameters - `references/workflows.md` - Exploitation workflows, evidence checklists, and classification tree
Related Skills
skill-validation-gf3
Skill Validation GF(3) - SLAVE (-1)
performing-blind-ssrf-exploitation
Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.
performing-binary-exploitation-analysis
Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library. Covers checksec analysis, gadget discovery with ROPgadget, and exploit development for CTF and authorized security assessments.
merkle-proof-validation
Merkle Proof Validation Skill
implementing-continuous-security-validation-with-bas
Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating real-world attack techniques across the kill chain.
implementing-api-schema-validation-security
Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.
exploiting-zerologon-vulnerability-cve-2020-1472
Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.
exploiting-websocket-vulnerabilities
Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.
exploiting-vulnerabilities-with-metasploit-framework
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules
exploiting-type-juggling-vulnerabilities
Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.
exploiting-template-injection-vulnerabilities
Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.
exploiting-sql-injection-with-sqlmap
Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.