AI Pentesting
Use AI agents to autonomously conduct penetration tests on web applications. Combine LLM reasoning with security tools (nmap, subfinder, nuclei, sqlmap, browser automation) to find and prove vulnerabilities with minimal human intervention.
Overview
The AI Pentesting skill, hosted within the TerminalSkills/skills repository, enables autonomous security assessments of web applications. By integrating large language model reasoning with industry-standard security utilities, this skill allows agents like Claude, Gemini, and Codex to perform complex vulnerability discovery. The system utilizes tools such as nmap for network scanning, subfinder for subdomain discovery, and nuclei for template-based scanning. It further incorporates sqlmap and browser automation to identify and validate security flaws with minimal human oversight. This implementation, part of a project with 71 stars on GitHub, provides a structured approach for AI agents to conduct end-to-end security reviews, leveraging Python-based automation to bridge the gap between LLM intelligence and practical security tooling.
Use Cases
Install Notes
# Review source first
open https://github.com/TerminalSkills/skills/blob/main/skills/ai-pentesting/SKILL.mdCopy or clone the skill folder into your agent skills directory after reviewing its instructions and scripts.
Security Notes
This skill executes active security scanning tools and browser automation, which may trigger defensive alerts or impact target system stability. Users should ensure they have explicit authorization before deploying these autonomous agents against any infrastructure, as the LLM-driven reasoning process may perform unpredictable sequences of security tests.
Related Skills
Security Audit
TerminalSkills/skills
Perform comprehensive security audits on codebases by scanning for OWASP Top 10 vulnerabilities, checking dependencies for known CVEs, detecting leaked secrets and API keys, and generating prioritized fix recommendations. This skill combines static analysis patterns with dependency auditing tools.
Agent Sandbox
TerminalSkills/skills
AI agents execute code, modify files, and run shell commands. Without guardrails, a bad prompt or hallucination can delete your database, overwrite production configs, or exfiltrate secrets. This skill builds safety layers — sandboxed execution, filesystem restrictions, network policies, audit trails, and kill switches
Aceternity UI
TerminalSkills/skills
Aceternity UI is a copypaste component library — not an npm package. You copy the component code directly into your project, giving you full ownership and customization power. Components are built with Framer Motion and Tailwind CSS.
AI Guardrails
TerminalSkills/skills
Add safety layers to AI applications — input validation, prompt injection detection, output filtering, content moderation, and policy enforcement. Prevent misuse without breaking legitimate use cases.