Research: pentest
Cached research evidence for pentest (not authority).
Quick Answer
Section titled “Quick Answer”Problem: Authorized penetration-test planning and methodology synthesis with mandatory ROE scope gate. Use for signed engagements. NOT for static repo audit (security-scanner), CTF labs (ctf-*), or C2/webshell tooling.
Stack / assumptions: scripts/scope_check.py fail-closed gate; planning playbooks under references/playbooks/; structured findings via findings_emit.py; operator-run external tools only.
Comparable alternative: security-scanner for pre-deploy SAST/secrets; ctf-* for synthetic lab puzzles.
Repo summary:
Synthesis-only skill: scope gate before recon/web/api/osint, no attack execution in bundled scripts, tier table separating static audit vs authorized pentest vs CTF, and JSON findings schema for reports.
> Grounded in repository skills/pentest/SKILL.md; treat as evidence, not authority.
Authorization Model
Section titled “Authorization Model”ROE file + in-scope target required every session. Missing or expired ROE denies immediately; scripts do not create or modify authorization documents.
