Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة
مستودع GitHub

pentest-agents

يحتوي pentest-agents على 162 من skills المجمعة من H-mmer، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.

skills مجمعة
162
Stars
749
محدث
2026-05-06
Forks
149
التغطية المهنية
4 فئات مهنية · 100% مصنفة
مستكشف المستودعات

Skills في هذا المستودع

autopilot
محللو أمن المعلومات

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
autopilot
محللو أمن المعلومات

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
dast-devils-advocate
محللو أمن المعلومات

Adversarial validator for DAST findings. Attempts to DISPROVE each finding and DOWNGRADE severity. Catches inflated reports, unverified assumptions, and theoretical-only bugs. Dispatch after /validate PASS and before /report.

2026-05-06
ssti-hunter
محللو أمن المعلومات

Server-Side Template Injection specialist. Covers Jinja2 (H1 #74), Twig, Velocity, FreeMarker, ERB, Handlebars, Thymeleaf. Use for any rule-engine, comment/message rendering, PR automation, admin template, or user-customizable template surface. Systematic blocklist mapper + CVE bypass runner + runtime-vs-parse distinguisher.

2026-05-06
autopilot
محللو أمن المعلومات

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
autopilot
محللو أمن المعلومات

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
report
محللو أمن المعلومات

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
محللو أمن المعلومات

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
محللو أمن المعلومات

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
محللو أمن المعلومات

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
محللو أمن المعلومات

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
محللو أمن المعلومات

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
محللو أمن المعلومات

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
محللو أمن المعلومات

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
hunt
محللو أمن المعلومات

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
hunt
محللو أمن المعلومات

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
browser-verifier
محللو أمن المعلومات

Mandatory browser verification for client-side findings (XSS, DOM, postMessage, prototype pollution). Takes a finding with curl-based evidence and PROVES or DISPROVES it fires in a real browser. No finding ships without browser verification. Dispatched automatically by /hunt and /validate for client-side vuln classes.

2026-05-05
xss-hunter
محللو أمن المعلومات

XSS specialist covering reflected (H1 #60), stored (H1 #61), and DOM (H1 #62). Dispatcher passes subtype — 'reflected', 'stored', or 'dom' — in the task; falls back to inference from target. Use for parameter reflection, persisted inputs (comments/profiles/uploads/filenames), or client-side source→sink analysis.

2026-05-05
hunt
محللو أمن المعلومات

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
hunt
محللو أمن المعلومات

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
analyze
محللو أمن المعلومات

Analyze recon output with AI to suggest high-value targets and attack strategies. Usage: /analyze <target>

2026-05-05
brain
المهن الحاسوبية الأخرى

Manage the engagement brain. Subcommands: 'init' to set up, 'brief <target>' for pre-flight, 'status' for overview, 'exhausted [target]' to see dead ends.

2026-05-05
chain
المهن الحاسوبية الأخرى

Build deep exploit chains — dispatches chain-builder agent. Given bug A, recursively walks the chain graph. Usage: /chain (then describe bug A)

2026-05-05
correlate
المهن الحاسوبية الأخرى

Run the finding correlation engine to discover attack chains from individual findings.

2026-05-05
cost
المهن الحاسوبية الأخرى

Show cost tracking and ROI for this engagement.

2026-05-05
dupcheck
المهن الحاسوبية الأخرى

Check if a vulnerability has already been reported. Searches platform hacktivity + local findings. Usage: /dupcheck <vuln_type> e.g. /dupcheck XSS in search endpoint

2026-05-05
fullscan
المهن الحاسوبية الأخرى

Full security assessment with brain coordination. Multi-phase, skips known-exhausted areas, builds on prior knowledge.

2026-05-05
learn
المهن الحاسوبية الأخرى

Record a platform response and update learning. Usage: /learn <report_id> <status> [--bounty 500] [--vuln-type XSS]

2026-05-05
mindmap
المهن الحاسوبية الأخرى

Generate a text-based attack surface mindmap. Shows tech stack → vuln class → endpoint relationships. Usage: /mindmap <target>

2026-05-05
monitor
المهن الحاسوبية الأخرى

Monitor targets for changes. Usage: /monitor baseline (first run), /monitor check (detect changes), /monitor scope (check platform for scope updates)

2026-05-05
new
المهن الحاسوبية الأخرى

Create a new engagement workspace. Usage: /new <platform> <program> [--type web-app|api|mobile|smart-contract]

2026-05-05
pipeline
محللو أمن المعلومات

Prepare the battlefield — recon, scanning, and surface ranking. Stops before hunting. Run /hunt or /autopilot after. Usage: /pipeline or /pipeline <target>

2026-05-05
quality
محللو ضمان جودة البرمجيات والمختبرون

Score a report draft before submission. Usage: /quality <draft-path-or-finding-description>

2026-05-05
quickscan
محللو أمن المعلومات

Run a quick security scan on a target. Consults the Brain first, validates scope, runs passive recon + vuln scan in parallel.

2026-05-05
remember
محللو أمن المعلومات

Log a finding or pattern to persistent brain memory. Auto-fills from session context. Usage: /remember

2026-05-05
resume
محللو أمن المعلومات

Resume a previous hunt. Shows hunt history, untested endpoints, memory-informed suggestions. Usage: /resume target.com

2026-05-05
sast
محللو ضمان جودة البرمجيات والمختبرون

Source code vulnerability hunting (SAST). Decomposes analysis into specialized passes: map entry points, map dangerous ops, trace flows, find gaps, adversarial validation, exploit. Usage: /sast <repo_path> [--lang c|cpp|rust|java|python|go|php] [--min-score 4] [--max-files 30] [--skip-static] [--best-of N]

2026-05-05
status
محللو أمن المعلومات

Show engagement dashboard with program info, scope, brain state, findings, agent activity, and cost estimate.

2026-05-05
surface
محللو أمن المعلومات

Show ranked attack surface for a target. Invokes recon-ranker agent. Usage: /surface target.com

2026-05-05
sync
محللو أمن المعلومات

Sync program scope, policy, and hacktivity from a bug bounty platform. Usage: /sync hackerone tesla or /sync bugcrowd uber

2026-05-05
عرض أهم 40 من أصل 162 skills مجمعة في هذا المستودع.