Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة
مستودع GitHub

communitytools

يحتوي communitytools على 45 من skills المجمعة من transilienceai، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.

skills مجمعة
45
Stars
385
محدث
2026-06-09
Forks
70
التغطية المهنية
6 فئات مهنية · 100% مصنفة
مستكشف المستودعات

Skills في هذا المستودع

transilience-report-style
فنيو النشر المكتبي

Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.

2026-06-09
ai-threat-testing
محللو أمن المعلومات

Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.

2026-06-09
api-security
محللو أمن المعلومات

API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.

2026-06-09
coordination
المهن الحاسوبية الأخرى

Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.

2026-06-09
cryptography
مطوّرو البرمجيات

Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery.

2026-06-09
dfir
محللو أمن المعلومات

Digital forensics and incident response - Windows event log analysis, PCAP forensics, filesystem artifact analysis, AD attack detection, and timeline correlation. Use when investigating security incidents, analyzing Sherlocks, or performing threat hunting on provided evidence files.

2026-06-09
essential-tools
المهن الحاسوبية الأخرى

Core pentesting tools and methodology - Burp Suite usage, Playwright automation, binary analysis, testing methodology, and professional reporting standards.

2026-06-09
hackerone
المهن الحاسوبية الأخرى

HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents per asset, validates PoCs, and generates platform-ready submission reports.

2026-06-09
hackthebox
المهن الحاسوبية الأخرى

HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions

2026-06-09
infrastructure
مديرو الشبكات وأنظمة الحاسوب

Network infrastructure testing - port scanning, DNS attacks, MITM, VLAN hopping, IPv6, SMB/NetBIOS, sniffing, and DoS assessment.

2026-06-09
injection
مطوّرو البرمجيات

Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.

2026-06-09
pci-secure-software
مطوّرو البرمجيات

Automated PCI Secure Software Standard (SSS) v2.0 readiness gap-assessment of an application from its source code and documentation. Deterministically enumerates every applicable Test Requirement from a pinned catalog, gathers source/doc evidence, and emits an evidence-bound per-requirement verdict (MET / NOT_MET / PARTIALLY_MET / NOT_APPLICABLE / REQUIRES_MANUAL_REVIEW) with file+line citations, then a Transilience gap report. Use when asked to assess, gap-assess, or check an application's readiness against the PCI Secure Software Standard v2.0 / PCI SSF, or to map source code and design docs to PCI SSS Security Objectives and Test Requirements. Produces a readiness gap-analysis only — NOT an official PCI validation.

2026-06-09
pentest-engagement
المهن الحاسوبية الأخرى

Run a professional web/API/cloud penetration engagement from a scope file — mandatory surface expansion, systematic OWASP attack-class coverage, reversible active exploitation, root-cause severity, authoritative validation, and a Transilience PDF. The general (non-CTF) analogue of hackthebox/htb-solve.

2026-06-09
reconnaissance
محللو أمن المعلومات

Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.

2026-06-09
server-side
محللو أمن المعلومات

Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.

2026-06-09
source-code-scanning
محللو أمن المعلومات

Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".

2026-06-09
system
محللو أمن المعلومات

System exploitation testing - Active Directory attacks, privilege escalation (Linux/Windows), and exploit development.

2026-06-09
attack-path-stitcher
محللو أمن المعلومات

Stitches confirmed single-asset findings into multi-hop attack paths across the organization. Builds a graph where nodes are assets and edges are confirmed exploit hops citing the findings that enable them.

2026-05-29
authentication
محللو أمن المعلومات

Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.

2026-05-29
cloud-containers
محللو أمن المعلومات

Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.

2026-05-29
cve-risk-score
محللو أمن المعلومات

Retrieve CVE risk scores from NVD. Auto-invoked whenever a CVE ID is mentioned to display CVSS score, severity, CWE, and description.

2026-05-29
patt-fetcher
محللو أمن المعلومات

Fetches and extracts payloads from PayloadsAllTheThings on demand. Bake into executor prompts for live payload enrichment.

2026-05-29
regression-sweep
مطوّرو البرمجيات

Re-validates every previously-confirmed finding against its current target — detects drift (patched, mitigated, re-introduced). Cron-driven weekly sweep across the org's validated finding tree.

2026-05-29
reverse-engineering
مطوّرو البرمجيات

Static and dynamic reverse engineering — ELF/PE analysis, custom-VM bytecode, packed binaries, anti-debug bypass, Frida hooking.

2026-05-29
risk-prioritiser
محللو أمن المعلومات

Risk-based prioritisation of confirmed attack paths. Combines exploit feasibility, technical CVSS severity, and asset business impact into a single ranked list driving remediation roadmaps.

2026-05-29
skill-prune
المهن الحاسوبية الأخرى

Identify and remove negative-ROI skill content — orphan files, never-read entries, duplicates, content reintroducing challenge-specific lore. Inverse of /skill-update. Use during quarterly maintenance or after the linter flags issues.

2026-05-29
skill-update
المهن الحاسوبية الأخرى

Skill creation, update and management — generates skill directory structure, validates against best practices, enforces line count limits. Use when creating, updating, or improving skills.

2026-05-29
ti-ingest
محللو أمن المعلومات

Threat-intel signal ingest — converts a CVE + affected-asset + claim payload into a queued engagement-scope row for the validation pipeline.

2026-05-29
web-app-logic
مطوّرو البرمجيات

Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.

2026-05-29
blockchain-security
محللو أمن المعلومات

Smart contract security testing and blockchain CTF exploitation. Covers Solidity vulnerability analysis, EVM storage manipulation, delegatecall attacks, CREATE/CREATE2 address prediction, and common DeFi exploit patterns. Use when analyzing Solidity contracts, solving blockchain challenges, or testing smart contract security.

2026-05-11
client-side
محللو أمن المعلومات

Client-side vulnerability testing - XSS (reflected/stored/DOM), CSRF, CORS misconfiguration, Clickjacking, DOM-based attacks, and Prototype Pollution.

2026-05-11
cve-poc-generator
محللو أمن المعلومات

CVE research, standalone PoC script and report generation. Given a CVE ID, researches NVD and advisories, generates a safe Python PoC, and writes a detailed vulnerability report.

2026-05-11
mobile-security
محللو أمن المعلومات

Mobile application security testing — Android (smali, Frida, IL2CPP, Flutter AOT, root detection), iOS (jailbreak, Objection).

2026-05-11
osint
محللو أمن المعلومات

Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.

2026-05-11
social-engineering
محللو أمن المعلومات

Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.

2026-05-11
techstack-backend
مطوّرو البرمجيات

Backend tech-stack identification — web servers, runtimes, languages, frameworks, databases, APIs, and CMS via HTTP headers, cookies, error pages, and API discovery.

2026-05-11
techstack-correlation
مطوّرو البرمجيات

Correlation, confidence scoring, and conflict resolution across all tech-stack signals. Cross-validates and assigns High/Medium/Low confidence per technology.

2026-05-11
techstack-frontend
مطوّرو الويب

Frontend tech-stack identification — JavaScript frameworks, meta-frameworks, CSS frameworks, UI libraries, build tools, and CMS via DOM, JS globals, HTML, and bundle patterns.

2026-05-11
techstack-infra
مديرو الشبكات وأنظمة الحاسوب

Infrastructure tech-stack identification — cloud providers, CDN/WAF, DNS services, TLS/CT, DevOps tooling, plus asset discovery (domains, subdomains, IPs).

2026-05-11
techstack-osint
محللو أمن المعلومات

OSINT-side tech-stack identification — public repositories (GitHub/GitLab), job postings & ATS, and Wayback Machine historical snapshots.

2026-05-11
عرض أهم 40 من أصل 45 skills مجمعة في هذا المستودع.