playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / penetration-test-planner

penetration-test-planner skill

/skills/04-security-advanced/penetration-test-planner

This skill helps you plan and automate penetration test planner tasks with production-ready guidance and validation per industry best practices.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill penetration-test-planner

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.2 KB
---
name: "penetration-test-planner"
description: |
  Plan penetration test planner operations. Auto-activating skill for Security Advanced.
  Triggers on: penetration test planner, penetration test planner
  Part of the Security Advanced skill category. Use when writing or running tests. Trigger with phrases like "penetration test planner", "penetration planner", "penetration".
allowed-tools: "Read, Write, Edit, Bash(cmd:*), Grep"
version: 1.0.0
license: MIT
author: "Jeremy Longshore <[email protected]>"
---

# Penetration Test Planner

## Overview

This skill provides automated assistance for penetration test planner tasks within the Security Advanced domain.

## When to Use

This skill activates automatically when you:
- Mention "penetration test planner" in your request
- Ask about penetration test planner patterns or best practices
- Need help with advanced security skills covering penetration testing, compliance frameworks, threat modeling, and enterprise security.

## Instructions

1. Provides step-by-step guidance for penetration test planner
2. Follows industry best practices and patterns
3. Generates production-ready code and configurations
4. Validates outputs against common standards

## Examples

**Example: Basic Usage**
Request: "Help me with penetration test planner"
Result: Provides step-by-step guidance and generates appropriate configurations


## Prerequisites

- Relevant development environment configured
- Access to necessary tools and services
- Basic understanding of security advanced concepts


## Output

- Generated configurations and code
- Best practice recommendations
- Validation results


## Error Handling

| Error | Cause | Solution |
|-------|-------|----------|
| Configuration invalid | Missing required fields | Check documentation for required parameters |
| Tool not found | Dependency not installed | Install required tools per prerequisites |
| Permission denied | Insufficient access | Verify credentials and permissions |


## Resources

- Official documentation for related tools
- Best practices guides
- Community examples and tutorials

## Related Skills

Part of the **Security Advanced** skill category.
Tags: pentesting, compliance, soc2, gdpr, threat-modeling

Overview

This skill automates planning for penetration testing operations in enterprise environments. It produces step-by-step testing plans, configuration templates, and validation checks aligned to industry best practices and compliance frameworks. Use it to accelerate test design, ensure repeatability, and reduce manual errors.

How this skill works

The skill inspects project scope, assets, threat models, and compliance requirements to generate a tailored penetration test plan. It produces checklists, test cases, tool configurations, and validation rules, and flags missing prerequisites or permission issues. Outputs are formatted for operator handoff and can include production-ready code snippets and configuration templates.

When to use it

  • When you must design a scoped penetration test for an application, network, or cloud environment
  • When aligning penetration testing to compliance frameworks like SOC 2 or GDPR audits
  • When you need reproducible test cases, tool configs, or validation checks
  • When preparing pre-engagement documentation and permission verification
  • When automating parts of red-team or purple-team workflows

Best practices

  • Define clear scope, objectives, and success criteria before generating tests
  • Document asset ownership and obtain written authorization for each target
  • Use least-privilege credentials and segregated tooling accounts for testing
  • Validate generated configurations in a staging environment before production execution
  • Include remediation tasks and retesting steps in the plan

Example use cases

  • Create an external web application penetration test plan with OWASP-focused test cases and Burp Suite config
  • Generate an internal network assessment checklist with targeted credentialed scans and lateral-movement scenarios
  • Produce cloud-focused tests for AWS/GCP including IAM misconfigurations and secure default checks
  • Draft pre-engagement and authorization documents for third-party contractors
  • Generate code snippets and IaC templates to provision isolated test environments

FAQ

What inputs does the planner need?

Provide scope, asset inventory, environment details (cloud/on-prem), threat priorities, and compliance requirements.

Can it produce tool-specific configurations?

Yes. It generates configurations and command examples for common tools and validates them against best-practice patterns.