Skip to main content
Manusで任意のスキルを実行
ワンクリックで
GitHub リポジトリ

agent

agent には PentesterFlow から収集した 11 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。

収集済み skills
11
Stars
704
更新
2026-06-01
Forks
119
職業カバレッジ
2 件の職業カテゴリ · 100% 分類済み
リポジトリエクスプローラー

このリポジトリの skills

deserialize
情報セキュリティアナリスト

Insecure-deserialization playbook — fingerprint the language/format (Java serialized, .NET BinaryFormatter, Python pickle, PHP unserialize, Node serialize, YAML/JSON-with-types), then build a working gadget chain with ysoserial / ysoserial.net / phpggc / custom pickle. Use when you see serialized blobs (rO0/AC ED, base64 ViewState, PHP O:) or a parameter/cookie that deserializes user input.

2026-06-01
graphql
情報セキュリティアナリスト

GraphQL pentest playbook — find the endpoint, dump the schema (introspection or field-suggestion fallback), then test for authorization gaps, query batching, alias overload, depth-based DoS, and SQLi/NoSQLi in resolver arguments. Use when the target exposes a /graphql endpoint, GraphiQL, Apollo, or accepts GraphQL queries.

2026-06-01
jwt
情報セキュリティアナリスト

JWT attack playbook — algorithm confusion (alg=none, HS/RS confusion), kid path traversal/SQLi, jku/x5u SSRF, weak HS256 cracking, and embedded JWK trickery. Use when the target uses JWTs for auth (header.payload.signature).

2026-06-01
race
情報セキュリティアナリスト

Race condition / TOCTOU playbook — limit overrun (one-time codes used twice, gift cards spent twice), single-packet attack (last-byte sync) to force parallel processing, and state-confusion races (file upload + read, order before payment). Use when timing-sensitive logic could be abused — one-time codes, coupons/gift cards, balance or limit checks, double-spend.

2026-06-01
recon
情報セキュリティアナリスト

External recon playbook for a web target — subdomain enumeration, live-host probing, tech fingerprinting, and a first pass at content discovery. Use when the user gives you a root domain or apex and wants attack surface mapping.

2026-06-01
ssrf
情報セキュリティアナリスト

Deep-dive SSRF testing — bypass filters, hit cloud metadata, chain to RCE/credential disclosure. Use when a target parameter clearly accepts a URL or hostname.

2026-06-01
ssti
ソフトウェア開発者

Server-Side Template Injection — fingerprint the engine first (Jinja2 / Twig / Velocity / Freemarker / ERB / Smarty / Mako / Handlebars / Pug), then escalate the engine-specific primitive to RCE or sandbox escape. Use when user input is reflected through a template engine (Jinja2/Twig/Velocity/Freemarker/ERB/Smarty/Mako/Handlebars/Pug) or {{7*7}} evaluates to 49.

2026-06-01
supabase
ソフトウェア開発者

Supabase / PostgREST Row-Level-Security playbook — pull the anon (or leaked service_role) key out of the frontend JS, map tables from the auto-generated OpenAPI spec, test anonymous RLS READ disclosures (PII/secret leaks), and anonymous RLS WRITE abuse (insert/update/delete — e.g. forging "certificate"/verification/entitlement rows the app trusts). Use when the target's frontend talks to *.supabase.co, ships an anon JWT, or you see /rest/v1/, /auth/v1/, /storage/v1/ requests.

2026-06-01
takeover
ソフトウェア開発者

Subdomain takeover playbook — sweep subdomains for dangling CNAMEs / NS records pointing at unclaimed third-party resources (GitHub Pages, S3, Heroku, Azure, Netlify, Shopify, ...), confirm with the engine's HTTP fingerprint, then prove impact by claiming the resource in scope. Use when enumerating subdomains for dangling CNAME/NS records pointing at unclaimed third-party services.

2026-06-01
webvuln
ソフトウェア開発者

Web vulnerability hunting playbook. Use after recon, when you have specific hosts/endpoints to test for IDOR/BAC, injection, auth flaws, SSRF, and known CVEs. Emphasizes real PoC + concrete impact.

2026-06-01
my-skill
ソフトウェア開発者

One line on what this playbook does, then a "Use when ..." clause so the agent knows when to load it (e.g. "Use when the target exposes X / you see Y in requests"). Max 1024 chars. This description is the ONLY thing the model sees until it loads the skill — make the trigger conditions explicit, since there is no separate `triggers` list.

2026-05-31