mit einem Klick
Z3r0
Z3r0 enthält 25 gesammelte Skills von yv1ing, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Use agent-browser-cli to perceive and control the supervised Chrome browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets.
Use apktool for authorized Android APK resource decoding, manifest review, smali inspection, rebuild checks, and static mobile artifact triage.
Use file, 7z, unzip, tar-compatible tools, hashes, and bounded shell inspection for safe triage of provided archives and unknown files.
Use binwalk for authorized firmware, binary blob, archive, filesystem, and embedded-content triage with bounded extraction and evidence handling.
Use the pwntools-provided checksec CLI for authorized ELF hardening review, mitigation checks, and binary triage evidence.
Use dig, nslookup, whois, and related local CLIs for authorized DNS, WHOIS, ASN, mail, nameserver, and ownership triage.
Use ProjectDiscovery dnsx for authorized batch DNS resolution, record lookup, and validation of discovered hostnames.
Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates.
Use gdb and pwndbg for authorized binary debugging, crash triage, exploit development, and runtime inspection.
Use Ghidra headless analysis for authorized binary reverse engineering, decompilation, function/string/symbol export, and call graph analysis without a GUI.
Use gobuster for authorized directory, DNS, and virtual-host enumeration with bounded wordlists.
Use ProjectDiscovery httpx for authorized HTTP probing, live host validation, response triage, and lightweight web fingerprint collection.
Use hydra only for authorized, bounded authentication testing with explicit targets, protocols, accounts, and rate limits.
Use jadx for authorized Android APK, DEX, AAR, and JAR decompilation, app logic review, API endpoint discovery, credential checks, and mobile reverse engineering.
Use for authorized host discovery, port scanning, service/version detection, NSE script checks, network inventory, and local network diagnostics with the nmap CLI.
Use observer_ward for authorized web application and service fingerprint identification against in-scope HTTP targets.
Use openssl for authorized TLS, certificate, key, CSR, digest, signature, encoding, and protocol-material inspection inside the sandbox.
Use preinstalled pwntools for authorized exploit prototyping, binary interaction, cyclic patterns, packing, and shellcraft tasks.
Use when a task requires shell-level work inside the sandbox, including environment setup, script writing, code execution, running preinstalled programs, downloads, missing dependency setup, scanning, or browser/tool CLIs.
Use the built-in SecLists wordlists for authorized discovery, fuzzing, credential audits, and payload selection.
Use for authorized SQL injection testing with the sqlmap CLI, including detection, DBMS fingerprinting, request replay, and extraction checks against in-scope web targets.
Use strace and ltrace for authorized syscall and library-call tracing of provided binaries and processes.
Use subfinder for authorized passive subdomain enumeration against in-scope domains and organization-owned assets.
Use uv for missing Python dependencies, task-scoped virtual environments, temporary execution, and non-preinstalled Python tools.