mit einem Klick
recon-skills
recon-skills enthält 129 gesammelte Skills von uphiago, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Attack SAML SSO via XSW, signature strip, metadata extract.
Chain multiple vulns into critical impact attack paths.
Execute optimal kill chains for WordPress full compromise.
Escape Docker containers to host root via 5 techniques.
Catalog: 25 attacks, 18 WP, 8 CORS to match findings.
7-phase pentest pipeline from passive recon to exploitation.
4-phase pipeline for max findings per minute across batches.
Pick sectors, compile targets, batch recon for campaigns.
Exploit no-auth APIs for data theft and CRUD via probes.
Poison CDN cache or deceive when X-Cache header is detected.
Exploit WP CORS credential reflection for data theft.
Deep pentest WP: SSRF, plugin CVE, JS mine, port scan chain.
Mine error_log for creds, paths, SQL when leak hunt finds.
Exchange/OWA NTLM AD leak, spray attack when mail subdomain.
Exploit Firebase/Supabase for data via JS config leak probe.
Mine GitLab for secrets, CI tokens when subdomain found.
Detect hardcoded passwords in HTML forms, JavaScript, and API responses.
Spoof HTTP/2 SETTINGS frames and pseudo-header order per browser profile.
Human-like mouse, keyboard and scroll behavior for behavioral bot bypass.
Attack cameras via RTSP, ONVIF, Axis config when 554 open.
Decode, forge, brute JWTs when Bearer auth header is seen.
LLM prompt injection / system prompt extraction — 40+ technique catalog against hardened GPT-4o-class deployments. Covers direct/indirect/agentic attacks, encoding bypasses, delimiter smuggling, boolean extraction, positional enumeration, RAG poisoning, guardian-model defense patterns, and real-world cases (GeminiJack, EchoLeak, Reprompt).
Chain phpinfo to RCE via exec check when info.php exposed.
Port scan /8-/24 with Masscan+RustScan and nmap banners.
Nmap scan for MySQL, Redis, FTP, SSH, internal API services.
Exploit public bucket Content-Type override for stored XSS on target origin.
Enumerate Hikvision ISAPI endpoints on SCADA and IoT web interfaces.
Mass scan for exposed env files, backups, and git configs.
Hunt staging via crt.sh when production is WAF-hardened.
Launch stealth Chromium with C++ fingerprint patches for anti-bot bypass.
Map subdomains via crt.sh and subfinder at recon kickoff.
Spoof TLS ClientHello and JA4 fingerprints for browser impersonation.
Exploit unauthenticated multi-step API flows without credentials.
Hunt WP plugins via REST, exploit CVEs when version known.
Batch WP recon: users, CORS, XMLRPC, leaks across domains.
Scan WordPress REST API plugin endpoints for unauthenticated state-changing operations — discover write endpoints (POST/PUT/PATCH/DELETE) exposed without auth, enumerate all plugin routes, and test for unauthorized content publishing, settings modification, and data leakage.
Exploit XMLRPC multicall, pingback for brute force and SSRF.
Zimbra SOAP user enum, CVE-2022-37042, SSRF when webmail.
Set up and manage self-improving parallel reconnaissance agent triads — eternal overlapping waves of deep invasion, target expansion, and skill evolution. Covers the full lifecycle: spawning parallel subagents, cron orchestration, documentation structure, sector-based US target methodology, and the self-improvement feedback loop that makes the system smarter over time.
Compare recon waves to find NEW, REGRESSED, PERSISTENT findings.