بنقرة واحدة
recon
Fast reconnaissance - discover assets, entry points, attack surface, and hypotheses
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Fast reconnaissance - discover assets, entry points, attack surface, and hypotheses
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
This skill should be used when working with Bun runtime, bun:sqlite, Bun.serve, bun:test, or when "Bun", "bun:test", or Bun-specific patterns are mentioned.
pi-mono agent framework reference (github.com/badlogic/pi-mono). TRIGGER when: writing agent code using pi-ai/pi-agent-core/pi-coding-agent packages, defining tools with TypeBox schemas, implementing TUI or Web UI over an agent core, building extensions that hook into agent lifecycle, working with session/compaction/retry logic, implementing LLM provider abstractions, or any code that imports from @mariozechner/* packages.
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient.
Active Directory 域渗透全链路指导技能。基于 GOAD (Game of Active Directory) 靶场实战经验, 涵盖从初始侦察、用户枚举、密码攻击、中继与投毒、ADCS证书攻击、MSSQL利用、提权、 横向移动、凭据提取、ACL滥用、委派攻击、域信任利用到域控拿下的完整渗透链。 当用户提到以下任何关键词时,务必触发此技能: AD渗透、域渗透、Active Directory、域控攻击、内网渗透、kerberoasting、AS-REP roasting、 NTLM relay、responder、bloodhound、certipy、ADCS、ESC1-ESC15、PetitPotam、 noPac、PrintNightmare、横向移动、pass the hash、golden ticket、silver ticket、 DCSync、secretsdump、mimikatz、委派攻击、delegation、ACL滥用、域信任、 forest trust、提权、SeImpersonate、KrbRelay、MSSQL提权、webshell、 凭据收集、密码喷洒、password spray、域枚举、SMB签名、coercer、 shadow credentials、certifried、RBCD、GPO abuse、LAPS、 即使用户没有明确说"域渗透",只要涉及Windows域环境的攻击场景都应使用此技能。
Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction.
Help with ffuf-based Web parameter fuzzing. Use this skill whenever the user wants to fuzz Web request paths, query parameters, headers, POST bodies, JSON fields, or raw HTTP requests with ffuf, or when they ask for an ffuf command, wordlist choice, false-positive filtering, matcher/filter tuning, or replaying hits into Burp/ZAP.
| name | recon |
| description | Fast reconnaissance - discover assets, entry points, attack surface, and hypotheses |
| tags | ["pentest","recon","discovery"] |
scope.md 和 run-policy.json。/robots.txt、/sitemap.xml、/.well-known/、/admin、/debug、/.git/、/.env。coverage_gap 或后续候选。在映射功能或某个表面提示存在漏洞类别时,请参阅 references/vuln-class-matrix.md。
利用它来回答三个问题:
targeted-pentest(针对性渗透测试)的 next_test 该如何措辞?该矩阵是以发现为导向的。请勿将漏洞利用载荷(payloads)、提权链或报告用语复制到侦察输出中。
statement(描述)具体且具有可证伪性。entry_point(入口点)精细:单一路径、路由、变更、文件处理器或工作流步骤。kind 使用可能的漏洞类别,而非完整的利用链。why_plausible(合理性说明)中放入机制详情。next_test 中放入最小化的确认动作。confidence(置信度)而不是扩大假设范围。candidate_findings(候选发现)仅作为观察结果;其状态必须保持为 candidate。evidence/ 目录下。仅调用一次 submit_sub_agent_output。
assets: 已确认的主机、路径、端点、参数、角色或工作流节点。hypotheses: 包含 hypothesis_id、kind、entry_point、statement、why_plausible、next_test、priority 和 confidence 的具体记录。candidate_findings: 仅限有证据支撑的观察结果;状态必须保持为 candidate。evidence_refs: 仅限可追溯的文件或捕获的工件。coverage_gaps: 具体的未观察表面或对比,用于驱动下一轮循环。