Skip to main content
Manus에서 모든 스킬 실행
원클릭으로
GitHub 저장소

recon-skills

recon-skills에는 uphiago에서 수집한 skills 129개가 있으며, 저장소 수준 직업 범위와 사이트 내 skill 상세 페이지를 제공합니다.

수집된 skills
129
Stars
560
업데이트
2026-07-02
Forks
104
직업 범위
직업 카테고리 4개 · 60% 분류됨
저장소 탐색

이 저장소의 skills

saml-sso-attack
미분류

Attack SAML SSO via XSW, signature strip, metadata extract.

2026-07-02
cross-attack-chains
미분류

Chain multiple vulns into critical impact attack paths.

2026-07-02
wordpress-full-compromise
미분류

Execute optimal kill chains for WordPress full compromise.

2026-07-02
docker-privesc
미분류

Escape Docker containers to host root via 5 techniques.

2026-07-02
attack-patterns-reference
미분류

Catalog: 25 attacks, 18 WP, 8 CORS to match findings.

2026-07-02
pentest-playbook
미분류

7-phase pentest pipeline from passive recon to exploitation.

2026-07-02
recon-playbook
미분류

4-phase pipeline for max findings per minute across batches.

2026-07-02
sector-recon-methodology
미분류

Pick sectors, compile targets, batch recon for campaigns.

2026-07-02
api-noauth-hunt
미분류

Exploit no-auth APIs for data theft and CRUD via probes.

2026-07-02
cache-attack
미분류

Poison CDN cache or deceive when X-Cache header is detected.

2026-07-02
cors-credential-wordpress
미분류

Exploit WP CORS credential reflection for data theft.

2026-07-02
deep-invade
미분류

Deep pentest WP: SSRF, plugin CVE, JS mine, port scan chain.

2026-07-02
error-log-mining
미분류

Mine error_log for creds, paths, SQL when leak hunt finds.

2026-07-02
exchange-owa-attack
미분류

Exchange/OWA NTLM AD leak, spray attack when mail subdomain.

2026-07-02
firebase-supabase-attack
미분류

Exploit Firebase/Supabase for data via JS config leak probe.

2026-07-02
gitlab-public-recon
미분류

Mine GitLab for secrets, CI tokens when subdomain found.

2026-07-02
hardcoded-credential-hunt
미분류

Detect hardcoded passwords in HTML forms, JavaScript, and API responses.

2026-07-02
http2-header-impersonation
미분류

Spoof HTTP/2 SETTINGS frames and pseudo-header order per browser profile.

2026-07-02
humanize-automation
미분류

Human-like mouse, keyboard and scroll behavior for behavioral bot bypass.

2026-07-02
iot-camera-recon
미분류

Attack cameras via RTSP, ONVIF, Axis config when 554 open.

2026-07-02
jwt-attack
미분류

Decode, forge, brute JWTs when Bearer auth header is seen.

2026-07-02
llm-prompt-injection
미분류

LLM prompt injection / system prompt extraction — 40+ technique catalog against hardened GPT-4o-class deployments. Covers direct/indirect/agentic attacks, encoding bypasses, delimiter smuggling, boolean extraction, positional enumeration, RAG poisoning, guardian-model defense patterns, and real-world cases (GeminiJack, EchoLeak, Reprompt).

2026-07-02
phpinfo-to-rce
미분류

Chain phpinfo to RCE via exec check when info.php exposed.

2026-07-02
port-mass-scan
미분류

Port scan /8-/24 with Masscan+RustScan and nmap banners.

2026-07-02
port-service-discovery
미분류

Nmap scan for MySQL, Redis, FTP, SSH, internal API services.

2026-07-02
s3-minio-content-type-xss
미분류

Exploit public bucket Content-Type override for stored XSS on target origin.

2026-07-02
scada-hikvision-isapi
미분류

Enumerate Hikvision ISAPI endpoints on SCADA and IoT web interfaces.

2026-07-02
source-leak-hunt
미분류

Mass scan for exposed env files, backups, and git configs.

2026-07-02
staging-subdomain-hunt
미분류

Hunt staging via crt.sh when production is WAF-hardened.

2026-07-02
stealth-browser-launch
미분류

Launch stealth Chromium with C++ fingerprint patches for anti-bot bypass.

2026-07-02
subdomain-enumeration
미분류

Map subdomains via crt.sh and subfinder at recon kickoff.

2026-07-02
tls-fingerprint-impersonation
미분류

Spoof TLS ClientHello and JA4 fingerprints for browser impersonation.

2026-07-02
unauth-api-flow-hijack
미분류

Exploit unauthenticated multi-step API flows without credentials.

2026-07-02
wordpress-plugin-hunt
미분류

Hunt WP plugins via REST, exploit CVEs when version known.

2026-07-02
wp-mass-recon
미분류

Batch WP recon: users, CORS, XMLRPC, leaks across domains.

2026-07-02
wp-plugin-rest-auth-bypass
미분류

Scan WordPress REST API plugin endpoints for unauthenticated state-changing operations — discover write endpoints (POST/PUT/PATCH/DELETE) exposed without auth, enumerate all plugin routes, and test for unauthorized content publishing, settings modification, and data leakage.

2026-07-02
xmlrpc-exploitation
미분류

Exploit XMLRPC multicall, pingback for brute force and SSRF.

2026-07-02
zimbra-attack
미분류

Zimbra SOAP user enum, CVE-2022-37042, SSRF when webmail.

2026-07-02
parallel-recon-triad
미분류

Set up and manage self-improving parallel reconnaissance agent triads — eternal overlapping waves of deep invasion, target expansion, and skill evolution. Covers the full lifecycle: spawning parallel subagents, cron orchestration, documentation structure, sector-based US target methodology, and the self-improvement feedback loop that makes the system smarter over time.

2026-07-02
cross-wave-delta-analysis
미분류

Compare recon waves to find NEW, REGRESSED, PERSISTENT findings.

2026-07-02
이 저장소에서 수집된 skills 129개 중 상위 40개를 표시합니다.