Skip to main content
在 Manus 中运行任何 Skill
一键导入
GitHub 仓库

pentest-agents

pentest-agents 收录了来自 H-mmer 的 162 个 skills,并提供仓库级职业覆盖和站内 skill 详情页。

已收集 skills
162
Stars
749
更新
2026-05-06
Forks
149
职业覆盖
4 个职业分类 · 已分类 100%
仓库浏览

这个仓库中的 skills

autopilot
信息安全分析师

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
autopilot
信息安全分析师

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
dast-devils-advocate
信息安全分析师

Adversarial validator for DAST findings. Attempts to DISPROVE each finding and DOWNGRADE severity. Catches inflated reports, unverified assumptions, and theoretical-only bugs. Dispatch after /validate PASS and before /report.

2026-05-06
ssti-hunter
信息安全分析师

Server-Side Template Injection specialist. Covers Jinja2 (H1 #74), Twig, Velocity, FreeMarker, ERB, Handlebars, Thymeleaf. Use for any rule-engine, comment/message rendering, PR automation, admin template, or user-customizable template surface. Systematic blocklist mapper + CVE bypass runner + runtime-vs-parse distinguisher.

2026-05-06
autopilot
信息安全分析师

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
autopilot
信息安全分析师

Autonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]

2026-05-06
report
信息安全分析师

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
信息安全分析师

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
信息安全分析师

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
信息安全分析师

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
信息安全分析师

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
信息安全分析师

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
report
信息安全分析师

Generate submission-ready reports for all confirmed findings. Runs dedup, PoC builder, quality check, and report writer. Usage: /report bounty or /report pentest

2026-05-06
submit
信息安全分析师

Draft and submit a vulnerability report to the bug bounty platform. Reads scope.yaml for platform/program, uses brain + findings for content. Always drafts first for review.

2026-05-06
hunt
信息安全分析师

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
hunt
信息安全分析师

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
browser-verifier
信息安全分析师

Mandatory browser verification for client-side findings (XSS, DOM, postMessage, prototype pollution). Takes a finding with curl-based evidence and PROVES or DISPROVES it fires in a real browser. No finding ships without browser verification. Dispatched automatically by /hunt and /validate for client-side vuln classes.

2026-05-05
xss-hunter
信息安全分析师

XSS specialist covering reflected (H1 #60), stored (H1 #61), and DOM (H1 #62). Dispatcher passes subtype — 'reflected', 'stored', or 'dom' — in the task; falls back to inference from target. Use for parameter reflection, persisted inputs (comments/profiles/uploads/filenames), or client-side source→sink analysis.

2026-05-05
hunt
信息安全分析师

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
hunt
信息安全分析师

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

2026-05-05
analyze
信息安全分析师

Analyze recon output with AI to suggest high-value targets and attack strategies. Usage: /analyze <target>

2026-05-05
brain
其他计算机职业

Manage the engagement brain. Subcommands: 'init' to set up, 'brief <target>' for pre-flight, 'status' for overview, 'exhausted [target]' to see dead ends.

2026-05-05
chain
其他计算机职业

Build deep exploit chains — dispatches chain-builder agent. Given bug A, recursively walks the chain graph. Usage: /chain (then describe bug A)

2026-05-05
correlate
其他计算机职业

Run the finding correlation engine to discover attack chains from individual findings.

2026-05-05
cost
其他计算机职业

Show cost tracking and ROI for this engagement.

2026-05-05
dupcheck
其他计算机职业

Check if a vulnerability has already been reported. Searches platform hacktivity + local findings. Usage: /dupcheck <vuln_type> e.g. /dupcheck XSS in search endpoint

2026-05-05
fullscan
其他计算机职业

Full security assessment with brain coordination. Multi-phase, skips known-exhausted areas, builds on prior knowledge.

2026-05-05
learn
其他计算机职业

Record a platform response and update learning. Usage: /learn <report_id> <status> [--bounty 500] [--vuln-type XSS]

2026-05-05
mindmap
其他计算机职业

Generate a text-based attack surface mindmap. Shows tech stack → vuln class → endpoint relationships. Usage: /mindmap <target>

2026-05-05
monitor
其他计算机职业

Monitor targets for changes. Usage: /monitor baseline (first run), /monitor check (detect changes), /monitor scope (check platform for scope updates)

2026-05-05
new
其他计算机职业

Create a new engagement workspace. Usage: /new <platform> <program> [--type web-app|api|mobile|smart-contract]

2026-05-05
pipeline
信息安全分析师

Prepare the battlefield — recon, scanning, and surface ranking. Stops before hunting. Run /hunt or /autopilot after. Usage: /pipeline or /pipeline <target>

2026-05-05
quality
软件质量保证分析师与测试员

Score a report draft before submission. Usage: /quality <draft-path-or-finding-description>

2026-05-05
quickscan
信息安全分析师

Run a quick security scan on a target. Consults the Brain first, validates scope, runs passive recon + vuln scan in parallel.

2026-05-05
remember
信息安全分析师

Log a finding or pattern to persistent brain memory. Auto-fills from session context. Usage: /remember

2026-05-05
resume
信息安全分析师

Resume a previous hunt. Shows hunt history, untested endpoints, memory-informed suggestions. Usage: /resume target.com

2026-05-05
sast
软件质量保证分析师与测试员

Source code vulnerability hunting (SAST). Decomposes analysis into specialized passes: map entry points, map dangerous ops, trace flows, find gaps, adversarial validation, exploit. Usage: /sast <repo_path> [--lang c|cpp|rust|java|python|go|php] [--min-score 4] [--max-files 30] [--skip-static] [--best-of N]

2026-05-05
status
信息安全分析师

Show engagement dashboard with program info, scope, brain state, findings, agent activity, and cost estimate.

2026-05-05
surface
信息安全分析师

Show ranked attack surface for a target. Invokes recon-ranker agent. Usage: /surface target.com

2026-05-05
sync
信息安全分析师

Sync program scope, policy, and hacktivity from a bug bounty platform. Usage: /sync hackerone tesla or /sync bugcrowd uber

2026-05-05
当前展示该仓库 Top 40 / 162 个已收集 skills。