一键导入
redteam-cms
Focused methodology for authorized CMS fingerprinting, component inventory, misconfiguration review, and vulnerability validation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Focused methodology for authorized CMS fingerprinting, component inventory, misconfiguration review, and vulnerability validation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Focused workflow for validating exploitability safely and turning candidate issues into reproducible, bounded proof.
Focused reconnaissance workflow for authorized security assessments, bug bounty triage, lab targets, and CTF infrastructure.
Focused reporting workflow for converting verified red-team work into clear, reproducible assessment artifacts.
Expertise in offensive security research, vulnerability analysis, CMS-focused application testing, and red team operations.
Focused source-code security review workflow for web applications, CMS extensions, APIs, and supporting services.
| name | redteam-cms |
| description | Focused methodology for authorized CMS fingerprinting, component inventory, misconfiguration review, and vulnerability validation. |
Focused methodology for authorized CMS fingerprinting, component inventory, misconfiguration review, and vulnerability validation.
Activate when the user asks to:
report.md with verified findings, rejected claims, commands tried, and limitations.Please refer to references/cms-priority-matrix.md for detailed high-value risks and validation checks for each CMS.
Return Markdown with:
Scope and allowed actionsCMS fingerprint and confidenceComponent inventoryPrioritized checksCommands / requestsExpected output and success signalsStop conditions and cleanupCandidate findingsVerifier handoffReport notesConfirmed findings require affected-state proof, exploitability or impact proof, a negative control, reproduction metadata, and remediation retest steps.
WAF Evasion: Utilize HTTP Request Smuggling (CL.TE / TE.CL) or chunked encoding to bypass Edge WAFs before hitting the CMS.
Authenticated RCE paths:
functions.php via Theme Editor.Timing Attacks: Use sleep-based payloads to blindly enumerate CMS user existence or blind SQLi in CMS core/plugins.
Payload Naming (OPSEC): Never use blatant backdoor names like shell.php, cmd.php, or test.php. Blend into the target environment by using convincing names related to the application's context (e.g., class-wp-cache-helper.php, config-update.php, or index_backup.php).