Skip to main content
Manus에서 모든 스킬 실행
원클릭으로
GitHub 저장소

pentest-agents

pentest-agents에는 H-mmer에서 수집한 skills 162개가 있으며, 저장소 수준 직업 범위와 사이트 내 skill 상세 페이지를 제공합니다.

수집된 skills
162
Stars
749
업데이트
2026-05-06
Forks
149
직업 범위
직업 카테고리 4개 · 100% 분류됨
저장소 탐색

이 저장소의 skills

autopilot
정보 보안 분석가

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
autopilot
정보 보안 분석가

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
dast-devils-advocate
정보 보안 분석가

Adversarial validator for DAST findings. Attempts to DISPROVE each finding and DOWNGRADE severity. Catches inflated reports, unverified assumptions, and theoretical-only bugs. Dispatch after /validate PASS and before /report.

2026-05-06
ssti-hunter
정보 보안 분석가

Server-Side Template Injection specialist. Covers Jinja2 (H1 #74), Twig, Velocity, FreeMarker, ERB, Handlebars, Thymeleaf. Use for any rule-engine, comment/message rendering, PR automation, admin template, or user-customizable template surface. Systematic blocklist mapper + CVE bypass runner + runtime-vs-parse distinguisher.

2026-05-06
autopilot
정보 보안 분석가

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
autopilot
정보 보안 분석가

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
report
정보 보안 분석가

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
정보 보안 분석가

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
정보 보안 분석가

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
정보 보안 분석가

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
정보 보안 분석가

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
정보 보안 분석가

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
정보 보안 분석가

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
정보 보안 분석가

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
hunt
정보 보안 분석가

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
hunt
정보 보안 분석가

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
browser-verifier
정보 보안 분석가

Mandatory browser verification for client-side findings (XSS, DOM, postMessage, prototype pollution). Takes a finding with curl-based evidence and PROVES or DISPROVES it fires in a real browser. No finding ships without browser verification. Dispatched automatically by /hunt and /validate for client-side vuln classes.

2026-05-05
xss-hunter
정보 보안 분석가

XSS specialist covering reflected (H1 #60), stored (H1 #61), and DOM (H1 #62). Dispatcher passes subtype — 'reflected', 'stored', or 'dom' — in the task; falls back to inference from target. Use for parameter reflection, persisted inputs (comments/profiles/uploads/filenames), or client-side source→sink analysis.

2026-05-05
hunt
정보 보안 분석가

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
hunt
정보 보안 분석가

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
analyze
정보 보안 분석가

Analyze recon output with AI to suggest high-value targets and attack strategies. Usage: /analyze <target>

2026-05-05
brain
기타 컴퓨터 관련 직업

Manage the engagement brain. Subcommands: 'init' to set up, 'brief <target>' for pre-flight, 'status' for overview, 'exhausted [target]' to see dead ends.

2026-05-05
chain
기타 컴퓨터 관련 직업

Build deep exploit chains — dispatches chain-builder agent. Given bug A, recursively walks the chain graph. Usage: /chain (then describe bug A)

2026-05-05
correlate
기타 컴퓨터 관련 직업

Run the finding correlation engine to discover attack chains from individual findings.

2026-05-05
cost
기타 컴퓨터 관련 직업

Show cost tracking and ROI for this engagement.

2026-05-05
dupcheck
기타 컴퓨터 관련 직업

Check if a vulnerability has already been reported. Searches platform hacktivity + local findings. Usage: /dupcheck <vuln_type> e.g. /dupcheck XSS in search endpoint

2026-05-05
fullscan
기타 컴퓨터 관련 직업

Full security assessment with brain coordination. Multi-phase, skips known-exhausted areas, builds on prior knowledge.

2026-05-05
learn
기타 컴퓨터 관련 직업

Record a platform response and update learning. Usage: /learn <report_id> <status> [--bounty 500] [--vuln-type XSS]

2026-05-05
mindmap
기타 컴퓨터 관련 직업

Generate a text-based attack surface mindmap. Shows tech stack → vuln class → endpoint relationships. Usage: /mindmap <target>

2026-05-05
monitor
기타 컴퓨터 관련 직업

Monitor targets for changes. Usage: /monitor baseline (first run), /monitor check (detect changes), /monitor scope (check platform for scope updates)

2026-05-05
new
기타 컴퓨터 관련 직업

Create a new engagement workspace. Usage: /new <platform> <program> [--type web-app|api|mobile|smart-contract]

2026-05-05
pipeline
정보 보안 분석가

Prepare the battlefield — recon, scanning, and surface ranking. Stops before hunting. Run /hunt or /autopilot after. Usage: /pipeline or /pipeline <target>

2026-05-05
quality
소프트웨어 품질 보증 분석가·테스터

Score a report draft before submission. Usage: /quality <draft-path-or-finding-description>

2026-05-05
quickscan
정보 보안 분석가

Run a quick security scan on a target. Consults the Brain first, validates scope, runs passive recon + vuln scan in parallel.

2026-05-05
remember
정보 보안 분석가

Log a finding or pattern to persistent brain memory. Auto-fills from session context. Usage: /remember

2026-05-05
resume
정보 보안 분석가

Resume a previous hunt. Shows hunt history, untested endpoints, memory-informed suggestions. Usage: /resume target.com

2026-05-05
sast
소프트웨어 품질 보증 분석가·테스터

Source code vulnerability hunting (SAST). Decomposes analysis into specialized passes: map entry points, map dangerous ops, trace flows, find gaps, adversarial validation, exploit. Usage: /sast <repo_path> [--lang c|cpp|rust|java|python|go|php] [--min-score 4] [--max-files 30] [--skip-static] [--best-of N]

2026-05-05
status
정보 보안 분석가

Show engagement dashboard with program info, scope, brain state, findings, agent activity, and cost estimate.

2026-05-05
surface
정보 보안 분석가

Show ranked attack surface for a target. Invokes recon-ranker agent. Usage: /surface target.com

2026-05-05
sync
정보 보안 분석가

Sync program scope, policy, and hacktivity from a bug bounty platform. Usage: /sync hackerone tesla or /sync bugcrowd uber

2026-05-05
이 저장소에서 수집된 skills 162개 중 상위 40개를 표시합니다.