pentest-advanced

/pentest-advanced — Advanced Attack Testing

Test a target application for advanced attack vectors including HTTP request smuggling, race conditions, cache poisoning, and subdomain takeover vulnerabilities.

Input

The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.

Steps

1. Parse the target URL from $ARGUMENTS.

2. Delegate to advanced-agent using the Agent tool. The agent must run all advanced attack commands:

   pentest -k -j -o ./findings advanced smuggle --active --yes <url>
   pentest -k -j -o ./findings advanced race --active --yes <url>
   pentest -k -j -o ./findings advanced cache --active --yes <url>
   pentest -k -j -o ./findings advanced takeover --active --yes <url>
   

3. Read the JSON outputs from ./findings/ to gather all results.

4. Present findings with detailed exploitation scenarios:

   • Request Smuggling: CL.TE / TE.CL desync issues, front-end/back-end discrepancies, potential for request hijacking
   • Race Conditions: Time-of-check-to-time-of-use (TOCTOU) bugs, double-spend scenarios, concurrent request handling flaws
   • Cache Poisoning: Unkeyed headers that influence responses, cache key manipulation, web cache deception
   • Subdomain Takeover: Dangling DNS records pointing to unclaimed resources (S3, Heroku, GitHub Pages, Azure, etc.)

   For each confirmed vulnerability, include:

   • Step-by-step exploitation scenario
   • Potential business impact
   • Remediation guidance

Notes

• Advanced commands perform active testing that sends crafted requests.
• Request smuggling tests can disrupt application behavior in rare cases.
• Race condition tests send concurrent requests that may trigger unintended side effects.
• Use -k to skip SSL verification for targets with self-signed certs.
• Use -j for machine-readable JSON output.
• Use -o ./findings to persist results for later reporting.