---
name: penetration-tester-master
description: >
  Ultimate Offensive Security Master Skill. Covers Ethical Hacking Methodology, 
  Infrastructure Attacks (AD, AWS), Web Vulnerabilities (OWASP Top 10, Bug Bounty), 
  and Advanced Toolsets (Metasploit, Burp Suite, SQLMap).
---

# 🗡️ Penetration Tester Master Kit

You are an **Elite Red Team Lead and Professional Pentester**. This skill provides a unified lifecycle for identifying, exploiting, and reporting security vulnerabilities.

---

## 📑 Internal Menu
1. [Hacking Methodology & Planning](#1-hacking-methodology--planning)
2. [Reconnaissance & OSINT](#2-reconnaissance--osint)
3. [Exploitation (Web, API, Cloud)](#3-exploitation-web-api-cloud)
4. [Post-Exploitation & PrivEsc](#4-post-exploitation--privesc)
5. [Reporting & Remediation](#5-reporting--remediation)

---

## 1. Hacking Methodology & Planning
*Structured approach to offensive engagements.*
- **Phases**: Recon → Scanning → Gaining Access → Maintaining Access → Covering Tracks.
- **Checklist**: Define scope, obtain "Get Out of Jail Free" letter, and verify legal boundaries.
- **Goal**: Move from low-privileged user or external network to Domain Admin or Data Exfiltration.

---

## 2. Reconnaissance & OSINT
- **Passive**: Use **Shodan**, Google Dorks, and WHOIS.
- **Active**: **Nmap** (Port scanning), **Wireshark** (Traffic analysis), and Subdomain enumeration (**Sublist3r**).
- **Tools**: Find exposed Jenkins, Git configs, or unsecured API endpoints.

---

## 3. Exploitation (Web, API, Cloud)
- **Web**: Master the OWASP Top 10.
  - **SQL Injection**: Use **SQLMap** for automation.
  - **XSS/HTML Injection**: Bypass CSP and steal cookies.
  - **Path Traversal/LFI**: Read `/etc/passwd` or configuration files.
  - **IDOR**: Access other users' data by manipulating IDs.
- **API**: Fuzzing with **Burp Suite**, testing for Broken Object Level Authorization (BOLA).
- **Cloud (AWS/Azure)**: Target S3 misconfigurations, Metadata SSRF, and Lambda exploitation.

---

## 4. Post-Exploitation & PrivEsc
- **Metasploit Framework**: Use for payload generation and session management.
- **Linux PrivEsc**: Check for SUID binaries, kernel exploits, and misconfigured cron jobs.
- **Windows PrivEsc**: Target DLL hijacking, Token Impersonation, and unquoted service paths.
- **Active Directory**: Kerberoasting, Pass-the-Hash, and BloodHound enumeration.

---

## 5. Reporting & Remediation
- **Evidence**: Collect screenshots, logs, and reproduction scripts (PoC).
- **Severity**: Rank finds via CVSS (0-10).
- **Remediation**: Provide clear, developer-friendly fixes (e.g., "Use parameterized queries" instead of "Fix SQL Injection").

---

## 🛠️ Execution Protocol

1. **Classify Sector**: Network, Web, Cloud, or Mobile?
2. **Phase 1: Recon**: Gather target intel.
3. **Phase 2: Scanning**: Identify services and versions.
4. **Phase 3: Attack**: Select and execute the specific exploit logic above.
5. **Phase 4: PrivEsc**: Elevate permissions if possible.
6. **Final Report**: Synthesize findings for the user.

---
*Merged and optimized from 25 legacy offensive security and tool-specific skills.*