ranbot-ai/red-team-tools
skills/red-team-tools/SKILL.md
Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining t
$ install --global
skillsauthnpx skillsauth add ranbot-ai/awesome-skills red-team-toolsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 2, 2026, 5:46 AM288.8s1 file scanned
SKILL.md
- name:
- red-team-tools
- description:
- Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining t
- category:
- Security & Systems
- source:
- antigravity
- tags:
- [python, api, ai, automation, workflow, template, document, security, vulnerability, rag]
- url:
- https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tools
Red Team Tools and Methodology
Purpose
Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining thorough coverage of attack surfaces.
Inputs/Prerequisites
- Target scope definition (domains, IP ranges, applications)
- Linux-based attack machine (Kali, Ubuntu)
- Bug bounty program rules and scope
- Tool dependencies installed (Go, Python, Ruby)
- API keys for various services (Shodan, Censys, etc.)
Outputs/Deliverables
- Comprehensive subdomain enumeration
- Live host discovery and technology fingerprinting
- Identified vulnerabilities and attack vectors
- Automated recon pipeline outputs
- Documented findings for reporting
Core Workflow
1. Project Tracking and Acquisitions
Set up reconnaissance tracking:
# Create project structure
mkdir -p target/{recon,vulns,reports}
cd target
# Find acquisitions using Crunchbase
# Search manually for subsidiary companies
# Get ASN for targets
amass intel -org "Target Company" -src
# Alternative ASN lookup
curl -s "https://bgp.he.net/search?search=targetcompany&commit=Search"
2. Subdomain Enumeration
Comprehensive subdomain discovery:
# Create wildcards file
echo "target.com" > wildcards
# Run Amass passively
amass enum -passive -d target.com -src -o amass_passive.txt
# Run Amass actively
amass enum -active -d target.com -src -o amass_active.txt
# Use Subfinder
subfinder -d target.com -silent -o subfinder.txt
# Asset discovery
cat wildcards | assetfinder --subs-only | anew domains.txt
# Alternative subdomain tools
findomain -t target.com -o
# Generate permutations with dnsgen
cat domains.txt | dnsgen - | httprobe > permuted.txt
# Combine all sources
cat amass_*.txt subfinder.txt | sort -u > all_subs.txt
3. Live Host Discovery
Identify responding hosts:
# Check which hosts are live with httprobe
cat domains.txt | httprobe -c 80 --prefer-https | anew hosts.txt
# Use httpx for more details
cat domains.txt | httpx -title -tech-detect -status-code -o live_hosts.txt
# Alternative with massdns
massdns -r resolvers.txt -t A -o S domains.txt > resolved.txt
4. Technology Fingerprinting
Identify technologies for targeted attacks:
# Whatweb scanning
whatweb -i hosts.txt -a 3 -v > tech_stack.txt
# Nuclei technology detection
nuclei -l hosts.txt -t technologies/ -o tech_nuclei.txt
# Wappalyzer (if available)
# Browser extension for manual review
5. Content Discovery
Find hidden endpoints and files:
# Directory bruteforce with ffuf
ffuf -ac -v -u https://target.com/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
# Historical URLs from Wayback
waybackurls target.com | tee wayback.txt
# Find all URLs with gau
gau target.com | tee all_urls.txt
# Parameter discovery
cat all_urls.txt | grep "=" | sort -u > params.txt
# Generate custom wordlist from historical data
cat all_urls.txt | unfurl paths | sort -u > custom_wordlist.txt
6. Application Analysis (Jason Haddix Method)
Heat Map Priority Areas:
- File Uploads - Test for injection, XXE, SSRF, shell upload
- Content Types - Filter Burp for multipart forms
- APIs - Look for hidden methods, lack of auth
- Profile Sections - Stored XSS, custom fields
- Integrations - SSRF through third parties
- Error Pages - Exotic injection points
Analysis Questions:
- How does the app pass data? (Params, API, Hybrid)
- Where does the app talk about users? (UID, UUID endpoints)
- Does the site have multi-tenancy or user levels?
- Does it have a unique threat model?
- How does the site handle XSS/CSRF?
- Has the site had past writeups/exploits?
7. Automated XSS Hunting
# ParamSpider for parameter extraction
python3 paramspider.py --domain target.com -o params.txt
# Filter with Gxss
cat params.txt | Gxss -p test
# Dalfox for XSS testing
cat params.txt | dalfox pipe --mining-dict params.txt -o xss_results.txt
# Alternative workflow
waybackurls target.com | grep "=" | qsreplace '"><script>alert(1)</script>' | while read url; do
curl -s "$url" | grep -q 'alert(1)' && echo "$url"
done > potential_xss.txt
8. Vulnerability Scanning
# Nuclei comprehensive scan
nuclei -l hosts.txt -t ~/nuclei-templates/ -o nuclei_results.txt
# Check for common CVEs
nuclei -l hosts.txt -t cves/ -o cve_results.txt
# Web vulnerabilities
nuclei -l hosts.txt -t vulnerabilities/ -o vuln_results.txt
9. API Enumeration
Wordlists for API fuzzing:
# Enumerate API endpoints
ffuf -u https://target.com/api/FUZZ -w /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt
# Test API versions
ffuf -u https://target.com/api/v1/FUZZ -w api_wordlist.txt
ffuf -u https://target.com/api/v2/FUZZ -w api_wordlist.txt
# Check for hidden methods
for method in GET POST PUT DELETE PATCH; do
cu
Related Skills
ranbot-ai/nextjs-seo-indexing
testing
VerifiedTrustedCommunity
Fix SEO indexing issues, crawl budget problems, and Search Console coverage errors for Next.js apps. Covers canonical tags, noindex audits, sitemap health, static rendering, and internal linking.
5SKILL.mdUpdated Jun 2, 2026
ranbot-ai/moatmri
data-ai
VerifiedTrustedCommunity
Analyze AI disruption pressure across a business, map competitive exposure, and produce a 90-day defensive action plan.
5SKILL.mdUpdated Jun 2, 2026
ranbot-ai/skills/longbridge
tools
VerifiedTrustedCommunity
--- name: longbridge description: 125+ agent skills for Longbridge Securities — real-time quotes, charts, fundamentals, portfolio analysis, options, and more for HK/US/A-share/SG markets. Trilingual: Simplified Chinese, Traditional category: AI & Agents source: antigravity tags: [api, mcp, claude, ai, agent, security, cro] url: https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/longbridge --- # Longbridge ## Overview Longbridge is the official skill collection for Longbr
5SKILL.mdUpdated Jun 2, 2026
ranbot-ai/github-actions-advanced
tools
VerifiedTrustedCommunity
Design, debug, and harden GitHub Actions CI/CD workflows, including reusable workflows, matrix builds, self-hosted runners, OIDC authentication, caching, environments, secrets, and release automation.
5SKILL.mdUpdated Jun 2, 2026