Use when a task requires shell-level work inside the sandbox, including environment setup, script writing, code execution, running programs, downloads, package installs, scanning, or browser/tool CLIs.
Use ProjectDiscovery httpx for authorized HTTP probing, live host validation, response triage, and lightweight web fingerprint collection.
Use observer_ward for authorized web application and service fingerprint identification against in-scope HTTP targets.
Reverse engineer binaries using Ghidra's headless analyzer. Decompile executables, extract functions, strings, symbols, and analyze call graphs without GUI.
Use agent-browser-cli to perceive and control the supervised Chromium browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use for authorized SQL injection testing with the sqlmap CLI, including detection, DBMS fingerprinting, request replay, and extraction checks against in-scope web targets.
Use for authorized host discovery, port scanning, service/version detection, NSE script checks, network inventory, and local network diagnostics with the nmap CLI.
Android APK decompiler for converting DEX bytecode to readable Java source with the jadx CLI. Use for APK decompilation, app logic review, vulnerability discovery, hardcoded credential checks, API endpoint discovery, and Android reverse engineering.