원클릭으로 Manus에서 모든 스킬 실행

시작하기

perseusscan

스타67

포크14

업데이트2026년 2월 9일 14:34

Use when starting a security assessment to map architecture, entry points, and attack surface (Phase 1 & 2)

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

kaivyy

kaivyy/perseus

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

Perseus Scan (Phase 1 & 2)

Overview

This skill executes the Pre-Reconnaissance Methodology of the Perseus framework. It maps the target's digital footprint, internal architecture, and attack surface to build a "Target Knowledge Graph".

Goal: Zero-blind-spot understanding of what exists, how it works, and where it can be attacked.

Methodology:

Discovery (Parallel): Architecture, Entry Points, Security Patterns.
Surface Mapping (Parallel): XSS Sinks, SSRF Sinks, Data Flows.
Synthesis: Comprehensive Code Analysis Report.

Incremental Scan Mode

For large codebases, use incremental scanning to only analyze changed files:

Detection: Check for perseus.yaml with incremental settings:

incremental:
  enabled: true
  baseline: "main"  # or specific commit

If incremental enabled:

Run git diff --name-only <baseline>...HEAD to get changed files
Filter to include only code files (exclude tests, configs)
Focus analysis on changed files and their dependencies
Merge with previous cached results from .perseus-cache/

Incremental Workflow:

# Get changed files
git diff --name-only main...HEAD | grep -E '\.(js|ts|py|go|php|rb|java|rs|cs)$'

# If no changes, skip scan
# If changes exist, scan only those files + imports

Execution Instructions

Phase 1: Discovery (Run in Parallel)

Launch these 3 agents simultaneously using a single message with multiple Task tool calls:

Architecture Scanner:
- "Map application structure, tech stack, frameworks, and critical components. Identify if web app, API, or microservices."
Entry Point Mapper:
- "Find ALL network-accessible entry points (API routes, webhooks, public functions). Catalog API schema files (OpenAPI, GraphQL). Exclude local-only tools."
Security Pattern Hunter:
- "Identify authentication flows, authorization mechanisms (RBAC/ABAC), session management, and security middleware. Map the security architecture."

Phase 2: Surface Mapping (Run in Parallel)

Wait for Phase 1 to complete. Then launch these 3 agents simultaneously:

XSS/Injection Sink Hunter:
- "Find dangerous sinks: innerHTML, exec, system, eval, SQL queries, file operations. Provide File:Line references."
SSRF/External Request Tracer:
- "Identify server-side requests: HTTP clients (fetch, axios), URL fetchers, webhooks. Map user-controllable parameters."
Data Security Auditor:
- "Trace sensitive data flows (PII, secrets, payments). Identify encryption and storage mechanisms."

Phase 3: Reporting (Synthesis)

Synthesize all findings into deliverables/code_analysis_deliverable.md.

Required Report Structure:

Scope & Boundaries: Define In-Scope (Network Reachable) vs Out-of-Scope (Local/CLI).
Executive Summary: High-level security posture.
Architecture & Tech Stack: Frameworks, patterns, components.
Authentication & Authorization: Detailed analysis of auth flows and session handling.
Data Security: Encryption, storage, and sensitive data handling.
Attack Surface: Detailed list of In-Scope entry points.
Infrastructure: Secrets management, config, logging.
Critical File Paths: Categorized list for downstream agents.
XSS Sinks: List of specific sinks and render contexts.
SSRF Sinks: List of specific outbound request sinks.

Schema Collection:

Create outputs/schemas/ directory.
Copy all discovered schema files (OpenAPI, GraphQL, JSON Schema) there.

Next Step: Proceed to perseus:audit to analyze identified components for vulnerabilities.

이 저장소의 다른 Skills

같은 저장소

perseusstart

kaivyy/perseus

Use when you want to run a full, automated penetration test from start to finish (Scan -> Audit -> Exploit -> Report)

2026-02-2367

using-perseus

kaivyy/perseus

Use when starting a security conversation to understand the Perseus methodology

2026-02-2367

perseusaudit

kaivyy/perseus

Use when analyzing components for vulnerabilities (Phase 2 - Parallel Analysis)

2026-02-1267

perseusexploit

kaivyy/perseus

Use when verifying vulnerabilities with Dynamic Exploit Generation (Phase 3)

2026-02-1267

perseusreport

kaivyy/perseus

Use when generating the final executive security report (Phase 4)

2026-02-1267

perseus-specialist

kaivyy/perseus

Run all specialist deep-dive skills in parallel for comprehensive analysis

2026-02-1267

name	perseus:scan
description	Use when starting a security assessment to map architecture, entry points, and attack surface (Phase 1 & 2)

Perseus Scan (Phase 1 & 2)

Overview

Goal: Zero-blind-spot understanding of what exists, how it works, and where it can be attacked.

Methodology:

Discovery (Parallel): Architecture, Entry Points, Security Patterns.
Surface Mapping (Parallel): XSS Sinks, SSRF Sinks, Data Flows.
Synthesis: Comprehensive Code Analysis Report.

Incremental Scan Mode

For large codebases, use incremental scanning to only analyze changed files:

Detection: Check for perseus.yaml with incremental settings:

incremental:
  enabled: true
  baseline: "main"  # or specific commit

If incremental enabled:

Run git diff --name-only <baseline>...HEAD to get changed files
Filter to include only code files (exclude tests, configs)
Focus analysis on changed files and their dependencies
Merge with previous cached results from .perseus-cache/

Incremental Workflow:

# Get changed files
git diff --name-only main...HEAD | grep -E '\.(js|ts|py|go|php|rb|java|rs|cs)$'

# If no changes, skip scan
# If changes exist, scan only those files + imports

Execution Instructions

Phase 1: Discovery (Run in Parallel)

Launch these 3 agents simultaneously using a single message with multiple Task tool calls:

Architecture Scanner:
- "Map application structure, tech stack, frameworks, and critical components. Identify if web app, API, or microservices."
Entry Point Mapper:
- "Find ALL network-accessible entry points (API routes, webhooks, public functions). Catalog API schema files (OpenAPI, GraphQL). Exclude local-only tools."
Security Pattern Hunter:
- "Identify authentication flows, authorization mechanisms (RBAC/ABAC), session management, and security middleware. Map the security architecture."

Phase 2: Surface Mapping (Run in Parallel)

Wait for Phase 1 to complete. Then launch these 3 agents simultaneously:

XSS/Injection Sink Hunter:
- "Find dangerous sinks: innerHTML, exec, system, eval, SQL queries, file operations. Provide File:Line references."
SSRF/External Request Tracer:
- "Identify server-side requests: HTTP clients (fetch, axios), URL fetchers, webhooks. Map user-controllable parameters."
Data Security Auditor:
- "Trace sensitive data flows (PII, secrets, payments). Identify encryption and storage mechanisms."

Phase 3: Reporting (Synthesis)

Synthesize all findings into deliverables/code_analysis_deliverable.md.

Required Report Structure:

Scope & Boundaries: Define In-Scope (Network Reachable) vs Out-of-Scope (Local/CLI).
Executive Summary: High-level security posture.
Architecture & Tech Stack: Frameworks, patterns, components.
Authentication & Authorization: Detailed analysis of auth flows and session handling.
Data Security: Encryption, storage, and sensitive data handling.
Attack Surface: Detailed list of In-Scope entry points.
Infrastructure: Secrets management, config, logging.
Critical File Paths: Categorized list for downstream agents.
XSS Sinks: List of specific sinks and render contexts.
SSRF Sinks: List of specific outbound request sinks.

Schema Collection:

Create outputs/schemas/ directory.
Copy all discovered schema files (OpenAPI, GraphQL, JSON Schema) there.

Next Step: Proceed to perseus:audit to analyze identified components for vulnerabilities.