ワンクリックでManusで任意のスキルを実行

recon-reporting

Recon output formatting — report structure, CVSS v4.0 scoring (primary), MITRE ATT&CK mapping, finding prioritization, Markdown output, detection gap tracking, handoff checklists.

Manusで実行

スター4,368

フォーク871

更新日2026年6月12日 09:59

ソース

PurpleAILAB

PurpleAILAB/Decepticon

GitHub リポジトリを開く Creator のリポジトリを見る

インストールコマンド

ダウンロード

Manusで実行

役立つ用途SOC

情報セキュリティアナリストコンピュータ・数学職15-1212L4

SKILL.md

readonly

このリポジトリの他の Skills

同じリポジトリ

finding-protocol

PurpleAILAB/Decepticon

Operational-tier finding template — minimal fields for sub-agent decision support. Heavyweight deliverable promotion lives in skills/decepticon/final-report.

2026-06-124.4k

engagement-lifecycle

PurpleAILAB/Decepticon

Red team engagement lifecycle management — initiation, phase transitions, go/no-go gates, deconfliction, emergency procedures, completion.

2026-06-124.4k

final-report

PurpleAILAB/Decepticon

Final engagement report generation — executive summary, technical report, findings aggregation, attack path narrative, detection gap matrix, remediation roadmap.

2026-06-124.4k

orchestration

PurpleAILAB/Decepticon

Decepticon orchestrator patterns — delegation, state management, adaptive re-planning, context handoff protocols.

2026-06-124.4k

exploit-reporting

PurpleAILAB/Decepticon

Exploitation finding documentation — initial access reports, exploit chain documentation, CVSS v4.0 scoring, shell/credential inventory, detection gap analysis.

2026-06-124.4k

post-exploit-reporting

PurpleAILAB/Decepticon

Post-exploitation finding documentation — credential access, privilege escalation, lateral movement reports, detection gap analysis, attack path documentation, CVSS v4.0 scoring.

2026-06-124.4k

name	recon-reporting
description	Recon output formatting — report structure, CVSS v4.0 scoring (primary), MITRE ATT&CK mapping, finding prioritization, Markdown output, detection gap tracking, handoff checklists.
allowed-tools	Read Write
metadata	{"subdomain":"reporting","kind":"reporting","when_to_use":"generate report, write report, summarize findings, CVSS score, prioritize findings, recon report, final report, handoff","tags":"report, cvss, findings, mitre-mapping, handoff, detection-gap, purple-team","mitre_attack":null}

Field	Value
Primary Domain	example.com
Scope	*.example.com, 10.0.0.0/24
Engagement Type	External Recon
Recon Duration	Passive: X min, Active: Y min

Score	Severity	Response
9.0 – 10.0	Critical	Immediate remediation required
7.0 – 8.9	High	Remediate within days
4.0 – 6.9	Medium	Remediate within weeks
0.1 – 3.9	Low	Remediate within quarter
0.0	None	Informational

Finding	CVSS 4.0	Vector
Exposed database port (MySQL/Postgres)	9.3	AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Subdomain takeover	8.7	AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
.env file exposure	8.7	AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Git config disclosure	7.5	AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Directory listing enabled	6.9	AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Missing security headers	4.3	AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Information disclosure (version)	6.9	AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
DMARC not enforced	4.0	AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Technique ID	Name	Recon Activity
T1595.001	Active Scanning: IP Blocks	nmap port scanning
T1595.002	Active Scanning: Vulnerability Scanning	nuclei, nikto scans
T1595.003	Active Scanning: Wordlist Scanning	ffuf, gobuster
T1592.001	Gather Victim Host Info: Hardware	OS fingerprinting (-O)
T1592.002	Gather Victim Host Info: Software	Service version detection (-sV)
T1593.001	Search Open Websites: Social Media	OSINT gathering
T1593.002	Search Open Websites: Search Engines	Google dorking
T1596.001	Search Open Technical Databases: DNS/Passive DNS	dig, subfinder, amass
T1596.002	Search Open Technical Databases: WHOIS	whois lookups
T1596.003	Search Open Technical Databases: Digital Certificates	crt.sh CT log queries

Priority	Criteria	Example
CRITICAL	Immediate exploitation potential, CVSS 4.0 ≥ 9.0	Exposed database, default creds, subdomain takeover
HIGH	Known CVE or significant misconfiguration, CVSS 7.0–8.9	Outdated service with public exploit, missing auth
MEDIUM	Information disclosure or weak configuration, CVSS 4.0–6.9	Verbose error pages, missing security headers
LOW	Informational or hardening recommendation, CVSS < 4.0	DMARC not enforced, older TLS ciphers

Individual Findings	Severity Alone	Chained Severity
Directory listing + .env exposure	Medium + High	CRITICAL (credentials leaked)
Subdomain takeover + cookie scope	High + Medium	CRITICAL (session hijack)
SSRF + cloud metadata	Medium + N/A	CRITICAL (IAM credential theft)
Weak TLS + HSTS missing	Low + Low	Medium (downgrade attack viable)

recon-reporting

このリポジトリの他の Skills

このリポジトリの他の Skills

Reconnaissance Reporting Knowledge Base

1. Report Structure

Executive Summary

Target Overview

2. Finding Document Template

3. Finding Categories

A. Domain & Subdomain Inventory

B. DNS & Infrastructure Map

C. Open Ports & Services

D. Technology Stack

E. Vulnerability Scan Results

4. CVSS Scoring

CVSS 4.0 (Primary)

Score Ranges

CVSS 4.0 Metric Groups

Common Recon Finding CVSS 4.0 Scores

Dual Reporting (when client requires CVSS 3.1 as well)

5. Evidence Management

Storage Layout

Evidence File Rules

Evidence Table Format

6. Detection Gap Analysis (Purple Team / TIBER-EU)

Purpose

Detection Gap Table

Detection Status Line

7. MITRE ATT&CK Mapping

Reconnaissance Tactics (TA0043)

8. Finding Prioritization

Priority Levels

Prioritized Findings List Format

9. Attack Chain Analysis

Identifying Exploit Chains

Chain Severity Escalation

10. File Management

Directory Layout

Naming and Persistence Rules

11. OPPLAN Feedback Loop

Update Completed Objectives

Create Follow-Up Objectives

Report → OPPLAN Mapping

12. Handoff Checklist

Reconnaissance Reporting Knowledge Base

1. Report Structure

Executive Summary

Target Overview

2. Finding Document Template

3. Finding Categories

A. Domain & Subdomain Inventory

B. DNS & Infrastructure Map

C. Open Ports & Services

D. Technology Stack

E. Vulnerability Scan Results

4. CVSS Scoring

CVSS 4.0 (Primary)

Score Ranges

CVSS 4.0 Metric Groups

Common Recon Finding CVSS 4.0 Scores

Dual Reporting (when client requires CVSS 3.1 as well)

5. Evidence Management

Storage Layout

Evidence File Rules

Evidence Table Format

6. Detection Gap Analysis (Purple Team / TIBER-EU)

Purpose

Detection Gap Table

Detection Status Line

7. MITRE ATT&CK Mapping

Reconnaissance Tactics (TA0043)

8. Finding Prioritization

Priority Levels

Prioritized Findings List Format

9. Attack Chain Analysis

Identifying Exploit Chains

Chain Severity Escalation

10. File Management

Directory Layout

Naming and Persistence Rules