ワンクリックで
zombie
Use this skill when working with zombie for authorized weak credential checks and authentication result analysis.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Use this skill when working with zombie for authorized weak credential checks and authentication result analysis.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | zombie |
| description | Use this skill when working with zombie for authorized weak credential checks and authentication result analysis. |
| internal | true |
Zombie is the weak credential checking tool in aiscan.
Capabilities:
Common usage:
zombie -i 192.168.1.1:3306 -s mysql --concurrency 8
zombie -i 192.168.1.1:22 -s ssh -u root -p admin123,123456,root --concurrency 8
zombie -i 192.168.1.1:6379 -s redis --concurrency 8
zombie -i 192.168.1.1:15672 -s rabbitmq --concurrency 8
zombie -I targets.txt -s ssh --top 10 --concurrency 8
zombie -i 192.168.1.1:8080 -s tomcat -u admin,tomcat -p admin,tomcat,s3cret --concurrency 8
zombie -i 192.168.1.1:23 -s telnet -u admin -p admin --concurrency 8
Key flags:
-i: target ip:port (can repeat: -i host1:3306 -i host2:3306). Also accepts ssh://user@host:22 URL format.-s: service name — required when target has no scheme prefix. Services: ssh, mysql, redis, ftp, rdp, smb, tomcat, nacos, minio, rabbitmq, etc.-u: username(s), comma-separated or repeated.-p, --pwd: password(s), comma-separated or repeated. Prefer -p. Do not use --password; upstream zombie does not define it.-I: target file (uppercase I, one ip:port per line).--top N: use top N common passwords from built-in dictionary.--concurrency N: max concurrent connections per host. Use --concurrency 8 by default, especially for Telnet/Comware-style devices.-t: global thread count (default 100). Not target — use -i for target. Do not use -t as the default per-host concurrency limiter when --concurrency is available.-c: CIDR input. Not concurrency; do not emit -c 8.-l: list supported services and exit (not a file flag!).Common mistakes:
# WRONG:
zombie -t 10.0.0.1 -p 3306 -s mysql # -t is threads, not target
zombie -l targets.txt -s ssh # -l lists services, not reads file
zombie -i 10.0.0.1:3306 # missing -s mysql
zombie -i 10.0.0.1:23 -s telnet --password admin # use -p/--pwd for passwords
zombie -i 10.0.0.1:23 -s telnet -p admin -c 8 # -c is CIDR, not concurrency
# RIGHT:
zombie -i 10.0.0.1:3306 -s mysql --concurrency 8
zombie -I targets.txt -s ssh --concurrency 8
zombie -i 10.0.0.1:3306 -s mysql -t 50 --concurrency 8
zombie -i 10.0.0.1:23 -s telnet -p admin --concurrency 8
Use this skill when the agent needs to understand aiscan mechanisms, available capabilities, scanner pseudo-commands, and tool invocation rules.
Use this skill when working with proton for sensitive information scanning — detecting API keys, tokens, credentials, and secrets in files or piped data.
Use this skill to learn how to use the playwright pseudo-command for headless browsing, screenshots, network capture, and interactive vulnerability verification. Aligned with microsoft/playwright-cli conventions.
Use this skill when working with scan for the multi-stage aiscan pipeline across discovery, web probing, weak credentials, POC checks, and verification.
Use this skill when working with neutron for template-based POC execution, template filtering, and POC result analysis.
Use this skill when working with gogo for host, port, service, banner, fingerprint, or vulnerability-hint discovery.