pentest-exploit-validation

Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.

16 stars

Best use case

pentest-exploit-validation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.

Teams using pentest-exploit-validation should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/pentest-exploit-validation/SKILL.md --create-dirs "https://raw.githubusercontent.com/plurigrid/asi/main/plugins/asi/skills/pentest-exploit-validation/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/pentest-exploit-validation/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How pentest-exploit-validation Compares

Feature / Agentpentest-exploit-validationStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Pentest Exploit Validation

## Purpose
Validate vulnerability findings through proof-driven exploitation using Shannon's 4-level evidence system. Consumes the exploitation queue from white-box code review, attempts structured exploitation with bypass exhaustion, collects mandatory evidence per vulnerability type, and classifies each finding as EXPLOITED, POTENTIAL, or FALSE_POSITIVE.

## Prerequisites

### Authorization Requirements
- **Written authorization** with explicit scope for active exploitation testing
- **Exploitation queue JSON** from pentest-whitebox-code-review output
- **Test accounts** at multiple privilege levels for authz testing
- **Data exfiltration approval** — confirm acceptable proof-of-concept scope
- **Rollback plan** for any data-mutating exploits

### Environment Setup
- sqlmap for automated SQL injection exploitation
- Burp Suite Professional with Repeater, Intruder, and Turbo Intruder
- curl for manual HTTP request crafting
- Playwright for browser-based exploitation (XSS, CSRF)
- nuclei with custom templates for automated validation
- Isolated testing environment or explicit production testing approval

## Core Workflow
1. **Queue Intake**: Parse exploitation queue JSON, validate schema, prioritize by confidence score and impact severity. Group findings by vulnerability type for parallel exploitation.
2. **Injection Exploitation**: Confirm injectable parameter → fingerprint backend (DB type, OS) → enumerate databases/tables → demonstrate data exfiltration with minimal footprint.
3. **XSS Exploitation**: Graph traversal from source → processing → sanitization → sink. Craft context-appropriate payload, demonstrate session hijack or DOM manipulation.
4. **Auth Exploitation**: Attack authentication weaknesses → demonstrate account takeover via credential stuffing, token forgery, or session hijack.
5. **Authz Exploitation**: Horizontal access (cross-user data) → vertical escalation (admin functions) → workflow bypass (state manipulation).
6. **SSRF Exploitation**: Internal service access → cloud metadata retrieval (169.254.169.254) → internal network reconnaissance.
7. **Bypass Exhaustion**: For each finding, attempt 3 initial payloads → if blocked, escalate to 8-10 bypass variations → if still blocked, deploy automated tool variants.
8. **Impact Escalation**: Escalate from proof-of-concept to real impact demonstration — data exfiltration, session hijacking, or remote code execution.
9. **Evidence Collection**: Collect mandatory evidence per vulnerability type using per-type checklists.
10. **Classification**: Assign final classification — EXPLOITED, POTENTIAL, or FALSE_POSITIVE — based on 4-level proof system.

## 4-Level Proof System

| Level | Description | Classification |
|-------|-------------|---------------|
| L1 | Weakness identified in code but not confirmed exploitable | POTENTIAL |
| L2 | Partial bypass achieved but full exploitation not demonstrated | POTENTIAL |
| L3 | Vulnerability confirmed with reproducible evidence | EXPLOITED |
| L4 | Critical impact demonstrated (data exfil, RCE, account takeover) | EXPLOITED CRITICAL |

## Classification Criteria

| Classification | Criteria |
|---------------|----------|
| EXPLOITED | Reproducible proof with evidence: HTTP request/response, extracted data, or demonstrated impact |
| POTENTIAL | Code-level weakness confirmed but exploitation blocked by defense-in-depth or environment constraints |
| FALSE_POSITIVE | Taint analysis flagged but manual review confirms effective sanitization or unreachable code path |

## Tool Categories

| Category | Tools | Purpose |
|----------|-------|---------|
| SQL Injection | sqlmap, manual payloads | Automated and manual SQLi exploitation |
| Request Crafting | Burp Repeater, curl | Manual HTTP request manipulation |
| Fuzzing | Burp Intruder, Turbo Intruder | Payload variation and bypass testing |
| Browser Exploitation | Playwright | XSS demonstration, session hijack |
| Automation | nuclei, custom scripts | Template-based vulnerability validation |
| Evidence Capture | Burp Logger, screenshot tools | Request/response logging and proof |

## References
- `references/tools.md` - Tool function signatures and parameters
- `references/workflows.md` - Exploitation workflows, evidence checklists, and classification tree

Related Skills

skill-validation-gf3

16
from plurigrid/asi

Skill Validation GF(3) - SLAVE (-1)

performing-blind-ssrf-exploitation

16
from plurigrid/asi

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

performing-binary-exploitation-analysis

16
from plurigrid/asi

Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library. Covers checksec analysis, gadget discovery with ROPgadget, and exploit development for CTF and authorized security assessments.

merkle-proof-validation

16
from plurigrid/asi

Merkle Proof Validation Skill

implementing-continuous-security-validation-with-bas

16
from plurigrid/asi

Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating real-world attack techniques across the kill chain.

implementing-api-schema-validation-security

16
from plurigrid/asi

Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.

exploiting-zerologon-vulnerability-cve-2020-1472

16
from plurigrid/asi

Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.

exploiting-websocket-vulnerabilities

16
from plurigrid/asi

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.

exploiting-vulnerabilities-with-metasploit-framework

16
from plurigrid/asi

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules

exploiting-type-juggling-vulnerabilities

16
from plurigrid/asi

Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.

exploiting-template-injection-vulnerabilities

16
from plurigrid/asi

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.

exploiting-sql-injection-with-sqlmap

16
from plurigrid/asi

Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.