Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

0X6C7879/nmap-recon

Name: nmap-recon
Author: 0X6C7879

skills/nmap-recon/SKILL.md

npx skillsauth add 0X6C7879/aegissec nmap-recon

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Nmap Recon

Use this skill for low-risk host reconnaissance inside the authorized scope.

Workflow

Call list_skill_scripts(skill_name="nmap-recon") if you need to confirm the packaged script names.
Run scripts/nmap_status.py through run_skill_script first to confirm the bundled binary is available.
Run scripts/nmap_scan.py through run_skill_script for actual scans.
Scan only explicit in-scope hosts. Prefer a single host unless there is a clear reason to batch.
Start conservatively:
- Use top_ports before broad ports ranges.
- Keep service_version=true when service fingerprinting matters.
- Keep os_detection=false unless the operator clearly needs OS guesses.
Treat skip_host_discovery=true as a fallback for hosts that block ping discovery.
Review the saved artifacts under artifacts/.../nmap/ and summarize only evidence-backed conclusions.

Notes

The bundled scripts/ directory is for deterministic helper logic. Use list_skill_scripts to inspect it.
run_skill_script(skill_name="nmap-recon", script_name="nmap_scan.py", args_json='["--target","app.example.internal","--top-ports","20"]') is the preferred scan entrypoint.
nmap_scan.py enforces scope, rejects CIDR ranges, and records structured artifacts.
Results are saved as .xml, .txt, and .json, plus an nmap-log.jsonl audit trail.
If the scan returns ok=false, inspect stderr, parse_error, and the saved text output before concluding the host is unreachable.
Prefer this packaged scripted workflow over writing one-off sandbox scan code when the task is clearly host or port reconnaissance.

0X6C7879/nmap-recon

skills/nmap-recon/SKILL.md

Scoped host-level reconnaissance with the bundled Nmap distribution. Use when the operator explicitly asks for nmap, port scanning, service enumeration, host reachability checks, or low-risk host discovery on authorized targets.

1 stars

testing

Updated Apr 22, 2026

$ install --global

skillsauth

npx skillsauth add 0X6C7879/aegissec nmap-recon

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 23, 2026, 1:51 AM105.8s1 file scanned

SKILL.md

name:: nmap-recon
description:: Scoped host-level reconnaissance with the bundled Nmap distribution. Use when the operator explicitly asks for nmap, port scanning, service enumeration, host reachability checks, or low-risk host discovery on authorized targets.
activation:: auto

Nmap Recon

Use this skill for low-risk host reconnaissance inside the authorized scope.

Workflow

Call list_skill_scripts(skill_name="nmap-recon") if you need to confirm the packaged script names.
Run scripts/nmap_status.py through run_skill_script first to confirm the bundled binary is available.
Run scripts/nmap_scan.py through run_skill_script for actual scans.
Scan only explicit in-scope hosts. Prefer a single host unless there is a clear reason to batch.
Start conservatively:
- Use top_ports before broad ports ranges.
- Keep service_version=true when service fingerprinting matters.
- Keep os_detection=false unless the operator clearly needs OS guesses.
Treat skip_host_discovery=true as a fallback for hosts that block ping discovery.
Review the saved artifacts under artifacts/.../nmap/ and summarize only evidence-backed conclusions.

Notes

The bundled scripts/ directory is for deterministic helper logic. Use list_skill_scripts to inspect it.
run_skill_script(skill_name="nmap-recon", script_name="nmap_scan.py", args_json='["--target","app.example.internal","--top-ports","20"]') is the preferred scan entrypoint.
nmap_scan.py enforces scope, rejects CIDR ranges, and records structured artifacts.
Results are saved as .xml, .txt, and .json, plus an nmap-log.jsonl audit trail.
If the scan returns ok=false, inspect stderr, parse_error, and the saved text output before concluding the host is unreachable.
Prefer this packaged scripted workflow over writing one-off sandbox scan code when the task is clearly host or port reconnaissance.

Related Skills

0X6C7879/wooyun-legacy

development

VerifiedTrustedCommunity

WooYun-derived business-logic testing methodology for web apps and APIs. Use when the request involves 支付、退款、订单、越权、认证、授权、价格篡改或业务流程绕过 review, especially black-box probing for price tampering, account takeover, and process bypass flaws.

2SKILL.mdUpdated Apr 28, 2026

0X6C7879/wooyun-legacy

0X6C7879/windows-privilege-escalation

tools

VerifiedTrustedCommunity

Escalate privileges on Windows systems using service misconfigurations, DLL hijacking, token manipulation, UAC bypasses, registry exploits, and credential dumping. Use when performing Windows post-exploitation or privilege escalation.

2SKILL.mdUpdated Apr 28, 2026

0X6C7879/windows-privilege-escalation

0X6C7879/tunnel

development

VerifiedTrustedCommunity

Use when performing AD pentest tunneling and pivoting, especially with Ligolo-ng, Chisel, frp, proxychains, SSH forwarding, SOCKS relays, reverse tunnels, or when internal reachability is the main blocker.

2SKILL.mdUpdated Apr 28, 2026

0X6C7879/threat-modeling

development

VerifiedTrustedCommunity

Threat model, security audit, find vulnerabilities, check security of my app, risk assessment, penetration test prep, analyze attack surface, what could an attacker exploit. Use this skill whenever a user wants holistic security analysis of a codebase, application, or project. MUST be invoked instead of analyzing security yourself — it runs a specialized 8-phase STRIDE workflow producing professional deliverables you cannot generate alone: risk assessment reports, DFD diagrams, threat inventories, attack path validation, mitigation plans, and pentest plans. Trigger on: 威胁建模, 安全评估, 渗透测试, 安全分析, 安全审计, 安全检查, 风险评估. NOT for: fixing one specific bug, adding one security feature (rate limiting, CORS), writing tests, CI/CD setup, or debugging errors.

2SKILL.mdUpdated Apr 22, 2026

0X6C7879/threat-modeling

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/0X6C7879/aegissec.git

# Copy into Claude Code skills folder (global)
cp -r aegissec/skills/nmap-recon ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

0X6C7879/aegissec

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT