xAmirHamza77/PenKit51
GitHub: xAmirHamza77/PenKit51
PenKit51 是一款基于多 Agent 编排的开源 AI 渗透测试平台,通过 63 个深度漏洞利用技能为安全研究员提供 PoC 验证驱动的授权测试能力。
Stars: 1 | Forks: 0
[](LICENSE)
[](skills/)
[](agents/)
[](assistant-skills/)
[](assets/)
[关于](#about) · [功能](#features) · [示例](#examples) · [图表](#project-analytics) · [快速开始](#quick-start) · [Skill 库](#skill-library) · [架构](#architecture) · [免责声明](#disclaimer)
/debug endpoint] --> B[IDOR on
/api/users/ID] B --> C[Admin JWT
via mass assignment] C --> D[Account Takeover
+ data exfil] style A fill:#ff6b35,color:#fff style B fill:#ff6b35,color:#fff style C fill:#ff6b35,color:#fff style D fill:#00d4aa,color:#fff ``` **链路叙述:** 1. `/debug` 泄露内部用户 ID → `information-disclosure-testing` 2. `/api/users/{id}` 缺少所有权检查 → `idor-testing` 3. `PATCH /api/users/me` 接受 `role: admin` → `mass-assignment-testing` 4. 伪造的 admin JWT → 完全接管账户 ### 示例 4 — 针对 PR diff 的 CI/CD 快速扫描 ``` /penkit51-ai scan https://pr-142.preview.target.com Mode: quick Focus: changed endpoints only (/api/v2/checkout, /api/v2/coupons) Authorization: internal staging — approved ``` 快速模式将范围限制在已更改的攻击面 —— 非常适合 DevSecOps pipeline 中的 pull request 安全门禁。 ### 示例 5 — 在本地安装助手 skill ``` # Clone PenKit51 git clone https://github.com/xAmirHamza77/PenKit51.git cd PenKit51 # 为 Claude Code 安装 cp -R assistant-skills/claude/penkit51-ai ~/.claude/skills/ # 为 Grok / Cursor 安装 cp -R assistant-skills/grok/penkit51-ai ~/.grok/skills/ # 打包 ChatGPT 上传 zip ./scripts/package-assistant-skills.sh # → 在 chatgpt.com/skills 上传 dist/penkit51-ai-chatgpt.zip ``` ## 项目分析 ### Skill 库分布
### 按类别划分的 Skills
| 类别 | Skills | 示例 |
|----------|--------|----------|
| **漏洞测试** | 26 | SQLi, XSS, SSRF, IDOR, JWT, XXE, SSTI, CSRF |
| **框架与技术** | 8 | FastAPI, Next.js, Django, NestJS, GraphQL, OAuth |
| **云与基础设施** | 5 | AWS Audit, Kubernetes, Containers, Network Pentest |
| **方法论** | 5 | 深度/标准/快速模式、规划、编排 |
| **工具手册** | 11 | nmap, nuclei, httpx, ffuf, sqlmap, katana, semgrep |
| **平台** | 8 | API 安全、代码审查、移动端、SAST、自动化 |
### 漏洞覆盖范围
### 测试深度对比
## 快速开始
### 助手 Skills
| 平台 | 安装 |
|----------|---------|
| **Claude** | `cp -R assistant-skills/claude/penkit51-ai ~/.claude/skills/` |
| **ChatGPT** | 在 [chatgpt.com/skills](https://chatgpt.com/skills) 上传 `dist/penkit51-ai-chatgpt.zip` |
| **Grok** | `cp -R assistant-skills/grok/penkit51-ai ~/.grok/skills/` |
```
# 打包上传 zips
./scripts/package-assistant-skills.sh
# 在本地安装 Claude + Grok
./scripts/install-assistant-skills.sh all
```
### 开始测试
```
/penkit51-ai deep https://target.com
Scope: all subdomains of target.com
Exclude: payment gateway, production database
Authorization: confirmed — client SOW signed
```
### 直接使用 Skill 包
### 可选的平台部署
```
PLATFORM_DIR=/path/to/platform ./scripts/install.sh
```
## Skill 库
### 漏洞测试 (26)
SQLi · XSS · SSRF · CSRF · XXE · IDOR · RCE · SSTI · NoSQLi · Deserialization · File Upload · JWT · Race Conditions · HTTP Smuggling · Prototype Pollution · Mass Assignment · Open Redirect · Header Injection · Path Traversal · Subdomain Takeover · Business Logic · BFLA · Info Disclosure · LLM Prompt Injection · LDAP · XPath
### 框架与技术 (8)
FastAPI · Next.js · Django · NestJS · Supabase · Firebase/Firestore · GraphQL · OAuth
### 云与基础设施 (5)
AWS Audit · Kubernetes · Container Security · Network Penetration · Cloud Security Audit
### 方法论 (5)
深度 · 标准 · 快速渗透测试模式 · 测试规划 · 编排
### 工具手册 (11)
nmap · nuclei · httpx · ffuf · subfinder · naabu · katana · sqlmap · semgrep · Browser Exploitation · Python Exploit Runtime
### 平台 (8)
API 安全 · 代码审查 · 移动应用 · 漏洞评估 · 安全自动化 · 事件响应 · Whitebox/SAST · Source-Aware Testing
## 架构
```
graph TB
subgraph Assistants["Assistant Layer"]
CL[Claude Skill]
GPT[ChatGPT Skill]
GK[Grok Skill]
end
subgraph Core["PenKit51 Core"]
ORCH[penkit51-orchestrator]
VH[vulnerability-hunter]
RC[recon]
PEN[penetration]
REP[reporting-remediation]
end
subgraph Skills["63 Agent Skills"]
VULN[26 Vuln Testing]
FW[8 Framework]
CLD[5 Cloud/Infra]
METH[5 Methodology]
TOOL[11 Tooling]
PLAT[8 Platform]
end
CL --> ORCH
GPT --> ORCH
GK --> ORCH
ORCH --> RC & VH & PEN & REP
RC & VH & PEN --> VULN & FW & CLD & METH & TOOL & PLAT
```
```
PenKit51/
├── assets/
│ ├── logo.png # App icon (512×512)
│ ├── logo-icon.svg # Transparent vector icon
│ ├── github-banner.png # README hero banner
│ ├── social-preview.png # Social / repo preview card
│ ├── chart-skill-distribution.png # Skill library donut chart
│ ├── chart-skills-by-category.png # Category bar chart
│ ├── chart-vuln-coverage.png # OWASP coverage chart
│ ├── chart-engagement-depth.png # Quick/Standard/Deep comparison
│ └── chart-platform-support.png # Cross-platform support chart
├── skills/ # 63 Agent Skills (SKILL.md)
├── agents/
│ ├── orchestrator.md # Master coordinator
│ └── vulnerability-hunter.md # Deep vuln specialist
├── roles/
│ └── penkit51-ai.yaml # Pre-configured pentest role
├── assistant-skills/
│ ├── claude/penkit51-ai/ # Claude Code skill
│ ├── chatgpt/penkit51-ai/ # ChatGPT upload skill
│ └── grok/penkit51-ai/ # Grok/Cursor skill
├── dist/ # Packaged upload zips
└── scripts/
├── merge_skills.py
├── package-assistant-skills.sh
└── install-assistant-skills.sh
```
## 重新生成 Skills
```
./scripts/prepare_upstream.sh
python3 scripts/merge_skills.py
python3 scripts/sanitize_names.py
```
## 免责声明
**仅供授权测试。** 请仅在您拥有或获得明确书面测试许可的系统上使用 PenKit51。您需对道德和法律合规性负全部责任。作者对任何滥用行为不承担责任。
**PenKit51** — 将漏洞转化为经过验证的发现。
标签:DevSecOps, XXE攻击, 上游代理, 人工智能, 多智能体, 实时处理, 密码管理, 应用安全, 用户模式Hook绕过, 逆向工具