Pentest Commands
This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.
Author
zebbern
Category
Other ToolsInstall
Download and extract to your skills directory
Copy command and send to OpenClaw for auto-install:
Pentest Commands - Quick Reference Guide for Penetration Testing Commands
Skill Overview
Pentest Commands is a command reference tool designed specifically for penetration testers. It provides complete quick-reference commands for eight popular security testing tools—Nmap, Metasploit, Hydra, SQLMap, and more—helping you quickly find the commands you need during security assessments.
Use Cases
In officially approved security assessment projects with written permission, quickly find network scanning, vulnerability exploitation, and password-cracking commands to improve penetration testing efficiency.
In capture-the-flag (CTF) contests, quickly look up the command syntax of commonly used tools for scenarios such as port scanning, service identification, vulnerability detection, and privilege escalation.
For cybersecurity professionals and ethical hackers to learn and review how to use penetration testing tools, and to master various security assessment commands.
Core Features
Covers all Nmap scan types, including host discovery, port scanning, service detection, and NSE scripts. Includes commands for TCP/UDP scanning, operating system identification, vulnerability detection scripts, and enumeration for services such as SMB, HTTP, and SSH.
Provides a complete command reference for the Metasploit Framework, including common exploit modules (EternalBlue, MS08-067, Shellshock, etc.), scanner modules, Handler configuration, and msfvenom payload generation.
Integrates Hydra multi-protocol brute forcing, John the Ripper hash cracking, SQLMap SQL injection detection, Nikto web vulnerability scanning, and Aircrack-ng wireless penetration testing and Tshark traffic analysis tools.
Common Questions
Can penetration testing commands be used in any environment?
No. All penetration testing tools and commands are for use only within the scope of clear written authorization, including approved security assessment projects, self-built test environments, or CTF competitions. Scanning or attacking other people’s systems without authorization is illegal.
Is this skill suitable for penetration testing beginners?
Yes, but you need some foundation. The skill assumes you already understand the basic concepts of penetration testing and the purposes of the related tools. It is mainly for quickly looking up command syntax and parameters. It is recommended to use Kali Linux or other penetration testing distributions and learn the basics of each tool first.
How do I choose the right scanning commands?
Choose based on the target and what information you want to obtain: use nmap -sn for quick host discovery; use nmap -sV for port and service identification; use nmap --script vuln for comprehensive vulnerability scanning. Note that some scans (such as UDP scanning and version detection) can be time-consuming—adjust timing parameters (e.g., -T4/-T5) as needed to speed things up.