一键导入
scan
Use this skill when working with scan for the multi-stage aiscan pipeline across discovery, web probing, weak credentials, POC checks, and verification.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use this skill when working with scan for the multi-stage aiscan pipeline across discovery, web probing, weak credentials, POC checks, and verification.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use this skill when the agent needs to understand aiscan mechanisms, available capabilities, scanner pseudo-commands, and tool invocation rules.
Use this skill when working with proton for sensitive information scanning — detecting API keys, tokens, credentials, and secrets in files or piped data.
Use this skill to learn how to use the playwright pseudo-command for headless browsing, screenshots, network capture, and interactive vulnerability verification. Aligned with microsoft/playwright-cli conventions.
Use this skill when working with neutron for template-based POC execution, template filtering, and POC result analysis.
Use this skill when working with gogo for host, port, service, banner, fingerprint, or vulnerability-hint discovery.
Use katana for deep web crawling with full parameter discovery. Produces URLs with query strings, form targets, and JS endpoints that spray crawl strips.
| name | scan |
| description | Use this skill when working with scan for the multi-stage aiscan pipeline across discovery, web probing, weak credentials, POC checks, and verification. |
| internal | true |
Scan is the multi-stage orchestration pipeline in aiscan.
Capabilities:
Common usage:
# Single target (-i)
scan -i 10.0.0.1 --mode quick
scan -i 10.0.0.0/24 --mode full
scan -i 10.0.0.1:8080 --mode quick
scan -i 10.0.0.1 --mode full --ports top1000
scan -i http://10.0.0.1:8080 --mode quick
scan -i https://example.com --mode quick
# Target list file (-l) — one target per line
scan -l /tmp/targets.txt --mode quick
scan -l /tmp/targets.txt --mode full --thread 4 --timeout 10
# AI features
scan -i 10.0.0.1 --verify=high
scan -i 10.0.0.1 --sniper
scan -i 10.0.0.1 --mode full --deep
scan -i 10.0.0.1 -j
CRITICAL: -i vs -l:
-i is for one inline target per flag: IP, CIDR, IP:port, URL, or domain. Repeat -i for multiple inline targets.-l is for target list files (one target per line). Always use -l when scanning from a file.scan -i /tmp/targets.txt will FAIL — use scan -l /tmp/targets.txt instead.Input format for -i:
10.0.0.110.0.0.0/2410.0.0.1:8080http://10.0.0.1:8080example.com (scan discovers ports itself)-i, for example scan -i 10.0.0.1 -i 10.0.0.2-l for files.Notes:
quick uses gogo ports all, spray check/finger, spray crawl depth 2, weakpass checks, and fingerprint-based POC checks.full uses gogo ports - and adds spray plugins (common/bak/active) plus spray default-dictionary probing; crawl depth remains 2.katana_crawl in quick/full and katana_deep in full.--verify=<level> triggers in-pipeline AI verification for loots at or above the specified priority threshold (low, medium, high, critical). Only loots meeting the threshold are sent to a verify sub-agent.--sniper asks an LLM agent to perform fingerprint vulnerability intelligence.--deep asks an LLM agent to perform browser-backed testing for discovered websites and fingerprint-based deep assessment.The scan AI sub-skills are independent references:
aiscan://skills/scan/verify.md - Active loot validation: probes targets to confirm or reject scanner leadsaiscan://skills/scan/sniper.md — Vulnerability intelligence: searches for known CVEs based on discovered fingerprintsaiscan://skills/scan/deep.md — Deep testing for discovered web endpoints and fingerprinted assetsaiscan://skills/scan/fuzz.md — Internal parameter-review standard for high-value inputs; not a scan flag or standalone mode