0X6C7879
59 verified skills63 total stars
tunnel
Use when performing AD pentest tunneling and pivoting, especially with Ligolo-ng, Chisel, frp, proxychains, SSH forwarding, SOCKS relays, reverse tunnels, or when internal reachability is the main blocker.
development2
threat-modeling
Threat model, security audit, find vulnerabilities, check security of my app, risk assessment, penetration test prep, analyze attack surface, what could an attacker exploit. Use this skill whenever a user wants holistic security analysis of a codebase, application, or project. MUST be invoked instead of analyzing security yourself — it runs a specialized 8-phase STRIDE workflow producing professional deliverables you cannot generate alone: risk assessment reports, DFD diagrams, threat inventories, attack path validation, mitigation plans, and pentest plans. Trigger on: 威胁建模, 安全评估, 渗透测试, 安全分析, 安全审计, 安全检查, 风险评估. NOT for: fixing one specific bug, adding one security feature (rate limiting, CORS), writing tests, CI/CD setup, or debugging errors.
development2
wooyun-legacy
WooYun-derived business-logic testing methodology for web apps and APIs. Use when the request involves 支付、退款、订单、越权、认证、授权、价格篡改或业务流程绕过 review, especially black-box probing for price tampering, account takeover, and process bypass flaws.
development2
windows-privilege-escalation
Escalate privileges on Windows systems using service misconfigurations, DLL hijacking, token manipulation, UAC bypasses, registry exploits, and credential dumping. Use when performing Windows post-exploitation or privilege escalation.
tools2
api-security-testing
Test REST and GraphQL APIs for authentication bypasses, authorization flaws, IDOR, mass assignment, injection attacks, and rate limiting issues. Use when pentesting APIs or testing microservices security.
development1
c2
Use when setting up or selecting C2 frameworks for AD operations, especially Metasploit, msfconsole, msfvenom, Sliver, Havoc, Mythic, payload staging, listener design, and operator infrastructure tradeoffs.
development1
ctf-ai-ml
Provides AI and machine learning techniques for CTF challenges. Use when attacking ML models, crafting adversarial examples, performing model extraction, prompt injection, membership inference, training data poisoning, fine-tuning manipulation, neural network analysis, LoRA adapter exploitation, LLM jailbreaking, or solving AI-related puzzles.
data-ai1
reverse-engineering
逆向工程技能 - 二进制分析、协议逆向、Hook/注入、脱壳、防护对抗、漏洞挖掘。当你涉及逆向分析、反编译、二进制分析、Hook、Frida、LLDB调试、协议分析、加密算法还原、防护绕过、脱壳、签名伪造时必须使用此技能。即使用户只是说"看看这个app"或"分析一下这个二进制",也应触发。
databases1
ctf-web
Provides web exploitation techniques for CTF challenges. Use when the target is primarily an HTTP application, API, browser client, template engine, identity flow, or smart-contract frontend/backend surface, including XSS, SQLi, SSTI, SSRF, XXE, JWT, auth bypass, file upload, request smuggling, OAuth/OIDC, SAML, prototype pollution, and similar web bugs. Do not use it for native binary memory corruption, reverse engineering of standalone executables, disk or memory forensics, or pure cryptanalysis unless the web flaw is still the main path to the flag.
tools1
ctf-misc
Provides miscellaneous CTF challenge techniques for problems that do not cleanly fit the main categories. Use for encoding puzzles, pyjails, bash jails, RF/SDR, DNS oddities, unicode tricks, esoteric languages, QR or audio puzzles, constraint solving, game theory, unusual sandbox escapes, and hybrid logic puzzles. Prefer a more specific skill first when the challenge is mainly web, pwn, reverse, forensics, malware, OSINT, or crypto. Treat this as the fallback skill for genuine cross-category or edge-case challenges, not the default starting point.
development1
file-transfer-techniques
Transfer files between systems using HTTP, SMB, FTP, netcat, base64 encoding, and living-off-the-land techniques for both Linux and Windows. Use when moving tools or exfiltrating data.
tools1
initial-access-recon
Perform OSINT, subdomain enumeration, port scanning, web reconnaissance, email harvesting, and cloud asset discovery for initial access. Use when gathering intelligence or mapping attack surface.
development1
linuxgun
Linux 应急响应专用技能。Use when users provide SSH connection fields (hostname, port, username, password) and need guided intrusion triage, evidence-oriented command execution, per-command analysis, threat grading, and actionable containment/remediation recommendations.
documentation1
linux-privilege-escalation
Escalate privileges on Linux systems using SUID/SGID binaries, capabilities, sudo misconfigurations, cron jobs, kernel exploits, and container escapes. Use when performing Linux post-exploitation or privilege escalation.
data-ai1
movement
Use when performing AD lateral movement with Impacket, NetExec, Evil-WinRM, WMI, DCOM, SMB exec, PtH, PtT, RDP, or when you have credentials and need host-to-host execution.
tools1
nmap-recon
Scoped host-level reconnaissance with the bundled Nmap distribution. Use when the operator explicitly asks for nmap, port scanning, service enumeration, host reachability checks, or low-risk host discovery on authorized targets.
testing1
nu1l-zone-competition
零界AI社交网络比赛助手 - 帮助参赛者快速接入平台API、理解四大挑战赛题、制定策略并提交Flag。适用于"零界"AI论坛比赛的参赛选手,提供完整的API调用封装、挑战任务策略和最佳实践指导。
development1
pattt-readme-loader
README-first PayloadsAllTheThings loader for payload retrieval, Burp Intruder wordlists, fuzz candidates, verification probes, bypass ideas, exploit-gated research, and traceable offensive-web knowledge.
development1
pentest-report
按照标准格式生成渗透测试报告,包含项目信息表、漏洞发现清单、漏洞详情(含属性表、描述、复现步骤、证据截图、修复建议)、附录(风险等级定义、CVSS说明、词汇表)。当用户要求生成渗透测试报告、安全测试报告、漏洞报告时使用此技能。严格遵循项目模板目录中的标准格式。
testing1
phishing-social-engineering
Conduct phishing campaigns, credential harvesting, pretexting, and social engineering attacks using tools like Gophish, SET, and custom techniques. Use when performing social engineering assessments or red team engagements.
tools1
privesc
Use when performing Windows local privilege escalation with WinPEAS, Seatbelt, Potato-family techniques, token abuse, service abuse, or when you have a low-priv foothold and need admin or SYSTEM.
tools1
protocol-reverse-engineering
Master network protocol reverse engineering including packet analysis, protocol dissection, and custom protocol documentation. Use when analyzing network traffic, understanding proprietary protocols, or debugging network communication.
development1
recon-web
Safe first-pass web reconnaissance workflow for browser-assisted pentesting. Use when starting assessment on a web app, mapping exposed pages and flows, collecting passive evidence, or deciding whether deeper scripted discovery such as dirsearch, nmap, or sqlmap is justified.
development1
secknowledge
整合WooYun(88,636案例)+先知L1-L4方法论+GAARM(150风险)的Web和AI安全测试知识库。 当用户进行以下活动时触发: 漏洞挖掘、渗透测试、安全审计、代码审计、AI安全测试、 Prompt注入测试、越狱测试、MCP安全评估、LLM应用安全评估。
tools1
shell-scripting
Shell脚本开发技能 - Bash/Zsh脚本、自动化部署、系统管理、文本处理。当你涉及Shell/Bash/Zsh脚本编写、deploy.sh/build.sh等自动化脚本、cron定时任务、系统管理命令、sed/awk/grep文本处理时必须使用此技能。即使用户只是说"写个脚本"或"改下部署脚本",也应触发。
development1
test-engineering
测试工程技能 - TDD流程、测试策略、覆盖率、Mock规范、回归测试。当你涉及测试用例、覆盖率、TDD、Mock、断言、回归测试时必须使用此技能。即使用户只是说"加个测试"或"这个bug要测试",也应触发。
testing1
backend-engineering
后端资深工程师技能 - 架构设计、服务端开发、中间件、错误处理、日志、配置管理、部署运维。当你涉及后端服务开发、Go/Python/Node/Java/PHP后端代码、中间件配置、服务间通信、配置管理、日志策略、进程管理、交叉编译、部署流程时必须使用此技能。即使用户只是说"写个接口"或"后端加个功能",也应触发。
development1
cloud-security
Exploit AWS, Azure, and GCP cloud misconfigurations including S3 buckets, IAM roles, metadata services, serverless functions, and cloud-specific privilege escalation. Use when pentesting cloud environments or assessing cloud security.
testing1
dirsearch-recon
Scoped web content discovery with the bundled dirsearch source tree. Use when the operator explicitly asks for dirsearch, directory enumeration, hidden file discovery, content brute forcing, or low-risk path discovery on authorized HTTP or HTTPS targets.
development1
exploit-lfi
本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf 等工具测试 LFI 漏洞,支持路径遍历、PHP 伪协议利用、日志投毒 RCE、敏感文件读取。当用户需要检测 LFI 漏洞、利用文件包含漏洞读取服务器文件时使用此技能。
tools1
persistence
Use when establishing AD or Windows persistence with Golden Ticket, Silver Ticket, DCSync-derived material, AD CS certificate persistence, scheduled tasks, or WMI event subscriptions after gaining privileged access.
development1
persistence-techniques
Establish persistence on Windows and Linux systems using registry keys, scheduled tasks, services, cron jobs, SSH keys, backdoor accounts, and rootkits. Use when performing post-exploitation or maintaining long-term access.
data-ai1
recon-subdomain
Subdomain enumeration and DNS reconnaissance using subfinder, amass, dnsx, and other tools. Use this skill when user needs to discover subdomains, perform DNS enumeration, gather DNS records, or find hidden subdomains of a target domain.
tools1
recon-fingerprint
Web fingerprinting and WAF detection using wafw00f, whatweb, nuclei, and httpx. Use this skill when user needs to identify web technologies, detect WAF/CDN, analyze server headers, or fingerprint web applications and frameworks.
development1
recon-dir-scan
Directory and file enumeration using ffuf, gobuster, dirsearch, and feroxbuster. Use this skill when user needs to discover hidden directories, enumerate files, find backup files, or map application structure through path fuzzing.
development1
dirsearch-command-generator
根据用户描述的网站特征和扫描需求,智能生成适合的 dirsearch 命令。当用户需要目录扫描、路径发现、敏感文件探测、Web 渗透测试侦察时使用此 skill。支持快速扫描、深度扫描、特定技术栈扫描、WAF 绕过等多种场景,每次提供至少 5 种命令选项供用户选择。
development1
ctf-writeup
Generates a single standardized submission-style CTF writeup for competition handoff and organizer review. Use after solving a CTF challenge to document the solution steps, tools used, and lessons learned in a structured format.
tools1
exploit-sqli
SQL injection detection and exploitation using sqlmap, manual techniques, and custom payloads. Use this skill when user needs to test for SQL injection vulnerabilities, extract database information, or exploit SQLi in parameters, headers, or cookies.
development1
recon-port-scan
Port scanning and service identification using nmap, masscan, and rustscan. Use this skill when user needs to discover open ports, identify running services, detect service versions, or fingerprint operating systems on target hosts.
development1
network-service-enumeration
Enumerate and exploit network services including SMB, FTP, SSH, RDP, HTTP, databases (MySQL, MSSQL, PostgreSQL, MongoDB), LDAP, NFS, DNS, and SNMP. Use when testing network service security or performing port-based exploitation.
development1
sqlmap-sqli
Scoped SQL injection verification with the bundled sqlmap source tree. Use when the operator explicitly asks for sqlmap, SQL injection testing, raw HTTP request replay, form or anti-CSRF-aware injectable parameter verification, or conservative database fingerprinting and schema enumeration on authorized HTTP or HTTPS targets.
testing1
solve-challenge
Solves CTF challenges by performing first-pass triage, identifying the dominant category, and routing execution to the right specialized ctf-* skill. Use when the user gives you a challenge bundle, a remote service, a suspicious file, or only a vague challenge description and you must determine where to start. Do not use it when the category is already clear and a specialized skill can be invoked directly; this is the dispatcher and recon entrypoint, not the deepest reference for category-specific techniques.
development1
results-storage
SQLite-based persistent storage and reporting system for penetration testing results. Use this skill when user needs to store scan results, query vulnerabilities, generate reports, or manage pentest data across sessions.
testing1
password-attacks
Crack password hashes using hashcat/john, perform password spraying, brute force authentication, and execute pass-the-hash attacks. Use when cracking credentials or performing password-based attacks.
tools1
exploit-file-download
Arbitrary file download vulnerability detection and exploitation using path traversal techniques, bypass methods, and sensitive file discovery. Use this skill when user needs to test for file download vulnerabilities, path traversal, or read sensitive files on target systems.
testing1
exploit-file-download
任意文件下载与本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf、wget 等工具测试文件下载漏洞,支持路径遍历、双重编码绕过、伪协议利用、敏感文件读取。尤其适用于下载接口、LFI、/etc/passwd、/proc/self/environ、win.ini、php://filter 这类文件读取与遍历场景。
tools1
ctf-osint
Provides open source intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, DNS records, username enumeration, reverse image search, Google dorking, Wayback Machine, Tor relays, FEC filings, or identifying unknown data like hashes and coordinates.
development1
ctf-pwn
Provides binary exploitation techniques for CTF challenges. Use when you already have a vulnerable native target or service and need to turn memory corruption or low-level primitives into code execution or privilege escalation, such as buffer overflows, format strings, heap bugs, ROP, ret2libc, shellcode, kernel exploitation, seccomp bypass, sandbox escape, or Windows/Linux exploit chains. Do not use it when the main blocker is understanding what the binary does; use reverse engineering first. Do not use it for pure web bugs, disk or packet forensics, or standalone crypto/math challenges.
development1
ctf-malware
Provides malware analysis and network traffic techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom crypto protocols, C2 traffic, PE/.NET binaries, RC4/AES encrypted communications, YARA rules, shellcode analysis, memory forensics for malware (Volatility malfind, process injection detection), anti-analysis techniques (VM/sandbox detection, timing evasion, API hashing, process injection, environment checks), or extracting malware configurations and indicators of compromise.
development1
ctf-crypto
Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.
testing1
ctf-reverse
Provides reverse engineering techniques for CTF challenges. Use when the main job is to understand how a compiled, obfuscated, packed, or virtualized target works before exploiting or solving it, including binaries, APKs, WASM, firmware, custom VMs, bytecode, game clients, malware-like loaders, and anti-debug or anti-analysis logic. Do not use it when the vulnerability is already understood and the remaining task is exploitation; use pwn instead. Do not use it for pure web workflows, log or disk forensics, or standalone crypto problems unless reversing the implementation is the real blocker.
tools1
bypass
Use when AV or EDR blocks execution and you need AMSI bypass, ETW patching, userland unhooking, LOLBins, loader tradeoffs, or BYOVD-aware decision support during authorized AD pentests.
testing1
container-security
Escape Docker containers and exploit Kubernetes clusters using privileged containers, Docker socket access, misconfigurations, and API abuse. Use when testing container security or performing container escape.
development1
agent-browser
Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction.
tools1
ctf-forensics
Provides digital forensics and signal analysis techniques for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, cryptocurrency transactions, steganography, PDF analysis, Windows registry, Volatility, PCAP, Docker images, coredumps, side-channel power traces, DTMF audio spectrograms, packet timing analysis, CD audio disc images, or recovering deleted files and credentials.
devops1
security-testing-patterns
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques. Use when implementing security testing pipelines, conducting security audits, or validating application security controls.
testing1
exploit-xss
Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.
development1
active-directory-attacks
Attack and enumerate Active Directory environments using Kerberos attacks (Kerberoasting, ASREPRoasting), credential dumping (DCSync, Mimikatz), lateral movement (PtH, PtT), and BloodHound analysis. Use when pentesting Windows domains or exploiting AD misconfigurations.
testing1
adscan
Use when performing Active Directory pentest orchestration without using ADscan itself, especially for domain enumeration, credential validation, BloodHound collection, AD CS abuse, SMB share analysis, relay/cracking workflows, or when replacing ADscan with underlying tools like NetExec, Impacket, Certipy, BloodHound, kerbrute, Responder, hashcat, SMBMap, or Snaffler.
tools1