Run any Skill in Manus with one click

Get Started

perseusscan

Stars67

Forks14

UpdatedFebruary 9, 2026 at 14:34

Use when starting a security assessment to map architecture, entry points, and attack surface (Phase 1 & 2)

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

kaivyy

kaivyy/perseus

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Information Security AnalystsComputer and Mathematical Occupations·SOC 15-1212

SKILL.md

readonly

name	perseus:scan
description	Use when starting a security assessment to map architecture, entry points, and attack surface (Phase 1 & 2)

Perseus Scan (Phase 1 & 2)

Overview

This skill executes the Pre-Reconnaissance Methodology of the Perseus framework. It maps the target's digital footprint, internal architecture, and attack surface to build a "Target Knowledge Graph".

Goal: Zero-blind-spot understanding of what exists, how it works, and where it can be attacked.

Methodology:

Discovery (Parallel): Architecture, Entry Points, Security Patterns.
Surface Mapping (Parallel): XSS Sinks, SSRF Sinks, Data Flows.
Synthesis: Comprehensive Code Analysis Report.

Incremental Scan Mode

For large codebases, use incremental scanning to only analyze changed files:

Detection: Check for perseus.yaml with incremental settings:

incremental:
  enabled: true
  baseline: "main"  # or specific commit

If incremental enabled:

Run git diff --name-only <baseline>...HEAD to get changed files
Filter to include only code files (exclude tests, configs)
Focus analysis on changed files and their dependencies
Merge with previous cached results from .perseus-cache/

Incremental Workflow:

# Get changed files
git diff --name-only main...HEAD | grep -E '\.(js|ts|py|go|php|rb|java|rs|cs)$'

# If no changes, skip scan
# If changes exist, scan only those files + imports

Execution Instructions

Phase 1: Discovery (Run in Parallel)

Launch these 3 agents simultaneously using a single message with multiple Task tool calls:

Architecture Scanner:
- "Map application structure, tech stack, frameworks, and critical components. Identify if web app, API, or microservices."
Entry Point Mapper:
- "Find ALL network-accessible entry points (API routes, webhooks, public functions). Catalog API schema files (OpenAPI, GraphQL). Exclude local-only tools."
Security Pattern Hunter:
- "Identify authentication flows, authorization mechanisms (RBAC/ABAC), session management, and security middleware. Map the security architecture."

Phase 2: Surface Mapping (Run in Parallel)

Wait for Phase 1 to complete. Then launch these 3 agents simultaneously:

XSS/Injection Sink Hunter:
- "Find dangerous sinks: innerHTML, exec, system, eval, SQL queries, file operations. Provide File:Line references."
SSRF/External Request Tracer:
- "Identify server-side requests: HTTP clients (fetch, axios), URL fetchers, webhooks. Map user-controllable parameters."
Data Security Auditor:
- "Trace sensitive data flows (PII, secrets, payments). Identify encryption and storage mechanisms."

Phase 3: Reporting (Synthesis)

Synthesize all findings into deliverables/code_analysis_deliverable.md.

Required Report Structure:

Scope & Boundaries: Define In-Scope (Network Reachable) vs Out-of-Scope (Local/CLI).
Executive Summary: High-level security posture.
Architecture & Tech Stack: Frameworks, patterns, components.
Authentication & Authorization: Detailed analysis of auth flows and session handling.
Data Security: Encryption, storage, and sensitive data handling.
Attack Surface: Detailed list of In-Scope entry points.
Infrastructure: Secrets management, config, logging.
Critical File Paths: Categorized list for downstream agents.
XSS Sinks: List of specific sinks and render contexts.
SSRF Sinks: List of specific outbound request sinks.

Schema Collection:

Create outputs/schemas/ directory.
Copy all discovered schema files (OpenAPI, GraphQL, JSON Schema) there.

Next Step: Proceed to perseus:audit to analyze identified components for vulnerabilities.

Perseus Scan (Phase 1 & 2)

Overview

Goal: Zero-blind-spot understanding of what exists, how it works, and where it can be attacked.

Methodology:

Discovery (Parallel): Architecture, Entry Points, Security Patterns.
Surface Mapping (Parallel): XSS Sinks, SSRF Sinks, Data Flows.
Synthesis: Comprehensive Code Analysis Report.

Incremental Scan Mode

For large codebases, use incremental scanning to only analyze changed files:

Detection: Check for perseus.yaml with incremental settings:

incremental:
  enabled: true
  baseline: "main"  # or specific commit

If incremental enabled:

Run git diff --name-only <baseline>...HEAD to get changed files
Filter to include only code files (exclude tests, configs)
Focus analysis on changed files and their dependencies
Merge with previous cached results from .perseus-cache/

Incremental Workflow:

# Get changed files
git diff --name-only main...HEAD | grep -E '\.(js|ts|py|go|php|rb|java|rs|cs)$'

# If no changes, skip scan
# If changes exist, scan only those files + imports

Execution Instructions

Phase 1: Discovery (Run in Parallel)

Launch these 3 agents simultaneously using a single message with multiple Task tool calls:

Architecture Scanner:
- "Map application structure, tech stack, frameworks, and critical components. Identify if web app, API, or microservices."
Entry Point Mapper:
- "Find ALL network-accessible entry points (API routes, webhooks, public functions). Catalog API schema files (OpenAPI, GraphQL). Exclude local-only tools."
Security Pattern Hunter:
- "Identify authentication flows, authorization mechanisms (RBAC/ABAC), session management, and security middleware. Map the security architecture."

Phase 2: Surface Mapping (Run in Parallel)

Wait for Phase 1 to complete. Then launch these 3 agents simultaneously:

XSS/Injection Sink Hunter:
- "Find dangerous sinks: innerHTML, exec, system, eval, SQL queries, file operations. Provide File:Line references."
SSRF/External Request Tracer:
- "Identify server-side requests: HTTP clients (fetch, axios), URL fetchers, webhooks. Map user-controllable parameters."
Data Security Auditor:
- "Trace sensitive data flows (PII, secrets, payments). Identify encryption and storage mechanisms."

Phase 3: Reporting (Synthesis)

Synthesize all findings into deliverables/code_analysis_deliverable.md.

Required Report Structure:

Scope & Boundaries: Define In-Scope (Network Reachable) vs Out-of-Scope (Local/CLI).
Executive Summary: High-level security posture.
Architecture & Tech Stack: Frameworks, patterns, components.
Authentication & Authorization: Detailed analysis of auth flows and session handling.
Data Security: Encryption, storage, and sensitive data handling.
Attack Surface: Detailed list of In-Scope entry points.
Infrastructure: Secrets management, config, logging.
Critical File Paths: Categorized list for downstream agents.
XSS Sinks: List of specific sinks and render contexts.
SSRF Sinks: List of specific outbound request sinks.

Schema Collection:

Create outputs/schemas/ directory.
Copy all discovered schema files (OpenAPI, GraphQL, JSON Schema) there.

Next Step: Proceed to perseus:audit to analyze identified components for vulnerabilities.

perseusscan

Perseus Scan (Phase 1 & 2)

Overview

Incremental Scan Mode

Execution Instructions

Phase 1: Discovery (Run in Parallel)

Phase 2: Surface Mapping (Run in Parallel)

Phase 3: Reporting (Synthesis)

More from this repository

More from this repository

Perseus Scan (Phase 1 & 2)

Overview

Incremental Scan Mode

Execution Instructions

Phase 1: Discovery (Run in Parallel)

Phase 2: Surface Mapping (Run in Parallel)

Phase 3: Reporting (Synthesis)