0X6C7879/tunnel
skills/tunnel/SKILL.md
Use when performing AD pentest tunneling and pivoting, especially with Ligolo-ng, Chisel, frp, proxychains, SSH forwarding, SOCKS relays, reverse tunnels, or when internal reachability is the main blocker.
$ install --global
skillsauthnpx skillsauth add 0X6C7879/aegissec tunnelInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 3:09 PM160.1s5 files scanned
SKILL.md
- name:
- tunnel
- description:
- Use when performing AD pentest tunneling and pivoting, especially with Ligolo-ng, Chisel, frp, proxychains, SSH forwarding, SOCKS relays, reverse tunnels, or when internal reachability is the main blocker.
Tunnel
Use this skill when the next step is blocked by network reachability rather than missing credentials.
Quick Start
- Read
references/tunneling.mdfor concrete command chains. - If tool availability is unknown, read
../shared/references/tool-matrix.mdand run../shared/scripts/detect_adpwn_toolchain.py. - Build the smallest tunnel that unlocks the target subnet or protocol.
- Use script helpers in
scripts/when you need ready-to-paste setup commands:ligolo_setup.py- proxy/agent/route/start command plannerchisel_pivot.py- server/client SOCKS pivot command plannerproxychains_gen.py- generate proxychains config for SOCKS endpoints
Selection Rules
- Prefer Ligolo-ng for full-network pivots.
- Prefer Chisel for simple SOCKS or reverse tunnel setups.
- Prefer SSH or socat when living-off-the-land matters more than ergonomics.
- Always document listener, route, and reachable targets.
Output Discipline
For every tunnel setup, report:
- tunnel type (Ligolo-ng / Chisel / SSH / socat / other)
- listener endpoint and port
- route configuration or SOCKS proxy endpoint
- newly reachable target subnets or hosts
- validation test (ping / port check showing reachability)
- next objective
Keep tunnel configs saved and documented for cleanup.
When To Switch
Switch away from tunneling when:
- Target subnet is now reachable from attack position
- Credential-based approach becomes viable (you have working creds and network path)
- Need to establish additional tunnels from newly compromised host
Switch to:
movementwhen valid credentials exist and network path is establishedadscanwhen tunnel enables new recon or enumeration scope
References
references/tunneling.md- tunnel setup decision trees and commands../shared/references/tool-matrix.md- fallback tools and substitutions../shared/references/output-conventions.md- workspace and evidence rules
Related Skills
0X6C7879/wooyun-legacy
development
VerifiedTrustedCommunity
WooYun-derived business-logic testing methodology for web apps and APIs. Use when the request involves 支付、退款、订单、越权、认证、授权、价格篡改或业务流程绕过 review, especially black-box probing for price tampering, account takeover, and process bypass flaws.
2SKILL.mdUpdated Apr 28, 2026
0X6C7879/windows-privilege-escalation
tools
VerifiedTrustedCommunity
Escalate privileges on Windows systems using service misconfigurations, DLL hijacking, token manipulation, UAC bypasses, registry exploits, and credential dumping. Use when performing Windows post-exploitation or privilege escalation.
2SKILL.mdUpdated Apr 28, 2026
0X6C7879/threat-modeling
development
VerifiedTrustedCommunity
Threat model, security audit, find vulnerabilities, check security of my app, risk assessment, penetration test prep, analyze attack surface, what could an attacker exploit. Use this skill whenever a user wants holistic security analysis of a codebase, application, or project. MUST be invoked instead of analyzing security yourself — it runs a specialized 8-phase STRIDE workflow producing professional deliverables you cannot generate alone: risk assessment reports, DFD diagrams, threat inventories, attack path validation, mitigation plans, and pentest plans. Trigger on: 威胁建模, 安全评估, 渗透测试, 安全分析, 安全审计, 安全检查, 风险评估. NOT for: fixing one specific bug, adding one security feature (rate limiting, CORS), writing tests, CI/CD setup, or debugging errors.
2SKILL.mdUpdated Apr 22, 2026
0X6C7879/test-engineering
testing
VerifiedTrustedCommunity
测试工程技能 - TDD流程、测试策略、覆盖率、Mock规范、回归测试。当你涉及测试用例、覆盖率、TDD、Mock、断言、回归测试时必须使用此技能。即使用户只是说"加个测试"或"这个bug要测试",也应触发。
1SKILL.mdUpdated Apr 22, 2026