cmd pentest kit - nself-org/cli GitHub Wiki
Penetration-test readiness kit for ɳSelf deployments. Business+ tier.
nself pentest-kit <subcommand> [flags]-
NSELF_PENTEST_KIT=truein environment. - pentest plugin installed:
nself plugin install pentest - Business+ license key:
nself license set <key>
Render a structured pentest scope document for this deployment.
nself pentest-kit generate [--output-dir ./pentest-docs]Outputs pentest-scope.md with in-scope surfaces, out-of-scope exclusions,
test credential summary, and rules of engagement.
Provision a Hasura pentest role and generate test credentials.
nself pentest-kit credentialsThe role uses pentest:true Hasura metadata and has read-only access to
non-sensitive tables. Credentials expire in 7 days.
Import findings from a structured JSON report.
nself pentest-kit remediation --import findings.jsonReport format:
{
"findings": [
{
"title": "SQL injection in search",
"severity": "high",
"cvss_score": 8.1,
"description": "...",
"remediation": "Use parameterized queries."
}
]
}Due dates are auto-assigned per severity:
- Critical: 7 days (
NSELF_PENTEST_FINDINGS_DUE_DAYS_CRITICAL) - High: 30 days (
NSELF_PENTEST_FINDINGS_DUE_DAYS_HIGH) - Medium: 90 days (
NSELF_PENTEST_FINDINGS_DUE_DAYS_MEDIUM)
Show open findings by severity.
nself pentest-kit status| Variable | Default | Description |
|---|---|---|
NSELF_PENTEST_KIT |
false |
Enable pentest kit (true required) |
NSELF_PENTEST_SCOPE_BUCKET |
— | MinIO bucket for scope documents |
NSELF_PENTEST_FINDINGS_DUE_DAYS_CRITICAL |
7 |
Days to fix critical findings |
NSELF_PENTEST_FINDINGS_DUE_DAYS_HIGH |
30 |
Days to fix high findings |
NSELF_PENTEST_FINDINGS_DUE_DAYS_MEDIUM |
90 |
Days to fix medium findings |
NSELF_PENTEST_PLUGIN_URL |
http://localhost:3062 |
Pentest plugin URL |
- cmd-secrets, secret rotation
- cmd-verify-sbom, SBOM verification
- security/Supply-Chain, supply-chain security
- Home