Stats
Actions
Tags
Phase 4 of the pentest pipeline — attempt reproducible PoCs for candidate vulnerabilities. Invoked by pentest-orchestrator; skipped when scope.exploit is false.
How this skill is triggered — by the user, by Claude, or both
Slash command
/shannon-for-claude-code:exploitationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
For each candidate in `findings-candidates.json`, attempt a real, reproducible
For each candidate in findings-candidates.json, attempt a real, reproducible
PoC against url (curl and/or browser). Only run after the orchestrator's
authorization gate confirmed exploitation.
04-exploit-<class>.md and append to findings-confirmed.json:{
"confirmed": [
{
"id": "inj-001", "class": "injection", "severity": "high",
"confidence": "high", "endpoint": "POST /search", "param": "q",
"poc": "curl -s 'https://target/search' --data \"q=' OR 1=1--\"",
"evidence": "Response leaked 1000 rows / DB error revealing schema.",
"remediation": "Use parameterized queries."
}
]
}
Rules:
findings-confirmed.json.pentest-workspace/<run-id>/.npx claudepluginhub gamblerix2/shannonforclaudecodeProvides a checklist for code reviews covering functionality, security, performance, maintainability, tests, and quality. Use for pull requests, audits, team standards, and developer training.