Skip to main content
在 Manus 中运行任何 Skill
一键导入
GitHub 仓库

pentest-skills

pentest-skills 收录了来自 crazyMarky 的 11 个 skills,并提供仓库级职业覆盖和站内 skill 详情页。

已收集 skills
11
Stars
249
更新
2026-06-04
Forks
28
职业覆盖
2 个职业分类 · 已分类 100%
仓库浏览

这个仓库中的 skills

exploit-lfi
信息安全分析师

本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf 等工具测试 LFI 漏洞,支持路径遍历、PHP 伪协议利用、日志投毒 RCE、敏感文件读取。当用户需要检测 LFI 漏洞、利用文件包含漏洞读取服务器文件时使用此技能。

2026-06-04
exploit-sqli
信息安全分析师

SQL injection detection and exploitation using sqlmap, manual techniques, and custom payloads. Use this skill when user needs to test for SQL injection vulnerabilities, extract database information, or exploit SQLi in parameters, headers, or cookies.

2026-06-04
pentest-report
信息安全分析师

按照标准格式生成渗透测试报告,包含项目信息表、漏洞发现清单、漏洞详情(含属性表、描述、复现步骤、证据截图、修复建议)、附录(风险等级定义、CVSS说明、词汇表)。当用户要求生成渗透测试报告、安全测试报告、漏洞报告时使用此技能。严格遵循项目模板目录中的标准格式。

2026-03-06
exploit-file-download
信息安全分析师

任意文件下载与本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf、wget 等工具测试文件下载漏洞,支持路径遍历、伪协议利用、敏感文件读取。当用户需要测试文件下载功能、检测 LFI 漏洞、读取服务器敏感文件时使用此技能。

2026-03-05
exploit-file-download
信息安全分析师

Arbitrary file download vulnerability detection and exploitation using path traversal techniques, bypass methods, and sensitive file discovery. Use this skill when user needs to test for file download vulnerabilities, path traversal, or read sensitive files on target systems.

2026-02-15
exploit-xss
信息安全分析师

Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.

2026-02-15
recon-dir-scan
信息安全分析师

Directory and file enumeration using ffuf, gobuster, dirsearch, and feroxbuster. Use this skill when user needs to discover hidden directories, enumerate files, find backup files, or map application structure through path fuzzing.

2026-02-15
recon-fingerprint
信息安全分析师

Web fingerprinting and WAF detection using wafw00f, whatweb, nuclei, and httpx. Use this skill when user needs to identify web technologies, detect WAF/CDN, analyze server headers, or fingerprint web applications and frameworks.

2026-02-15
recon-port-scan
信息安全分析师

Port scanning and service identification using nmap, masscan, and rustscan. Use this skill when user needs to discover open ports, identify running services, detect service versions, or fingerprint operating systems on target hosts.

2026-02-15
recon-subdomain
信息安全分析师

Subdomain enumeration and DNS reconnaissance using subfinder, amass, dnsx, and other tools. Use this skill when user needs to discover subdomains, perform DNS enumeration, gather DNS records, or find hidden subdomains of a target domain.

2026-02-15
results-storage
软件开发工程师

SQLite-based persistent storage and reporting system for penetration testing results. Use this skill when user needs to store scan results, query vulnerabilities, generate reports, or manage pentest data across sessions.

2026-02-15