Skip to main content
在 Manus 中运行任何 Skill
一键导入
GitHub 仓库

vibe-pentest

vibe-pentest 收录了来自 ok-helloworld 的 36 个 skills,并提供仓库级职业覆盖和站内 skill 详情页。

已收集 skills
36
Stars
207
更新
2026-07-08
Forks
22
职业覆盖
2 个职业分类 · 已分类 100%
仓库浏览

这个仓库中的 skills

vibe-pentest
信息安全分析师

AI 渗透测试:多 Agent 并行架构的 Web 应用渗透测试技能。 流程: 指纹识别 → 后台入口扫描 → API 预扫描 → 浏览器登录提取凭证(可选) → GoSpider 爬虫 → 过滤数据 → 指纹汇总 → 多 Agent 并行渗透测试 → 攻击链分析 → 漏洞证据复查 → 导出 JSON 报告 → 主机漏洞扫描 (可选)。 纯黑盒测试,不依赖源码。平台无关设计,可在任意 Agent 平台创建和使用。

2026-07-08
poc-agent
信息安全分析师

基于指纹识别结果(tech_stack),优先匹配本地 POC;在用户明确授权时补充联网搜索 POC,并通过 http_test.py 验证已知漏洞。 工作流程:读取指纹识别结果 → 提取关键字搜索本地与联网 POC → 整理待验证清单 → 解析 POC 定义 → 构造 http_test.py 命令 → 评估匹配器 → 回填 findings。

2026-07-08
auth-agent
信息安全分析师

负责认证与会话类漏洞检测:认证绕过/暴力破解/会话管理/JWT/OAuth/SAML/ 密码重置绕过/验证码绕过/不安全随机数/用户枚举/OIDC/CSRF。 受控密码测试为条件执行:根据用户授权、测试账号情况、验证码类型和登录保护强度自主决策。

2026-07-02
api-agent
信息安全分析师

负责 API 安全类漏洞检测:未授权访问/BOLA/BFLA/批量赋值/GraphQL 深度测试/ API 参数篡改/隐藏参数发现/WebSocket 安全/API 版本枚举/ 过度数据暴露

2026-06-24
business-agent
信息安全分析师

负责业务逻辑漏洞检测:业务流程绕过、状态机缺陷、竞态滥用、价格篡改、 优惠券滥用、库存与数量操纵,以及订单、支付、订阅等场景中的业务规则滥用

2026-06-24
file-agent
信息安全分析师

负责文件类漏洞检测:路径穿越/LFI/RFI/LFI→RCE、任意文件上传、文件包含、 任意文件下载、Zip Slip、SVG/CSV 注入、PHP Wrapper 利用、PEARCMD RCE、 编辑器路径利用、敏感文件泄露与文件解析链风险。

2026-06-24
injection-agent
信息安全分析师

负责所有注入类漏洞检测:SQLi/NoSQL/XSS(存储/反射/DOM)/SSRF/XXE/SSTI/RCE/反序列化/CRLF/XSLT/EL/JNDI

2026-06-24
misc-agent
信息安全分析师

负责外围攻击面与协议边界安全检测:信息泄露/开放重定向/CORS/CSP/安全头/目录索引/子域名接管/401-403绕过/Web缓存欺骗/Clickjacking/Host头攻击

2026-06-24
vuln-analysis-agent
软件开发工程师

Vibe Pentest 漏洞综合分析 Agent。固定负责 Phase 5.5 攻击链分析与 Phase 5.6 漏洞证据复查:读取已启用的渗透 Agent 的 findings,输出 attack_chains.json

2026-06-24
business-logic-vulnerabilities
软件开发工程师

Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step authorization gaps.

2026-06-24
cmdi-command-injection
软件开发工程师

Command injection playbook. Use when user input may reach shell commands, process execution, converters, import pipelines, or blind out-of-band command sinks.

2026-06-24
file-access-vuln
软件开发工程师

Entry P1 category router for file access and upload workflows. Use when testing download endpoints, file paths, local file inclusion, upload flows, preview pipelines, archive extraction, or storage and sharing boundaries.

2026-06-24
ghost-bits-cast-attack
软件开发工程师

Java "Ghost Bits" / Cast Attack playbook (Black Hat Asia 2026). Use when attacking Java services where 16-bit char is silently narrowed to 8-bit byte to bypass WAF/IDS for SQL injection, deserialization RCE, file upload (Webshell), path traversal, CRLF injection, request smuggling, and SMTP injection. Affects Tomcat, Spring, Jetty, Undertow, Vert.x, Jackson, Fastjson, Apache Commons BCEL, Apache HttpClient, Angus Mail, JDK HttpServer, Lettuce, Jodd, XMLWriter and re-enables many "patched" CVEs through WAF bypass.

2026-06-24
injection-checking
软件开发工程师

Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on how attacker-controlled input is consumed.

2026-06-24
path-traversal-lfi
软件开发工程师

Path traversal and LFI playbook. Use when file paths, download endpoints, include operations, archive extraction, or wrapper behavior may expose filesystem control.

2026-06-24
xss-cross-site-scripting
软件开发工程师

XSS playbook. Use when user-controlled content reaches HTML, attributes, JavaScript, DOM sinks, uploads, or multi-context rendering paths.

2026-06-24
xxe-xml-external-entity
软件开发工程师

XXE playbook. Use when XML, SVG, OOXML, SOAP, or parser-driven imports may resolve external entities, files, or internal network resources.

2026-06-24
deserialization-insecure
信息安全分析师

Insecure deserialization playbook. Use when Java, PHP, or Python applications deserialize untrusted data via ObjectInputStream, unserialize, pickle, or similar mechanisms that may lead to RCE, file access, or privilege escalation.

2026-06-15
authbypass-authentication-flaws
信息安全分析师

Authentication bypass testing playbook. Use when assessing login flows, password reset logic, account recovery, MFA bypass, token predictability, brute-force resistance, and session boundary flaws.

2026-06-07
cors-cross-origin-misconfiguration
信息安全分析师

CORS misconfiguration testing playbook. Use when analyzing cross-origin trust, credentialed browser reads, origin reflection, preflight policy bugs, and browser-based access to authenticated APIs.

2026-06-07
csp-bypass-advanced
信息安全分析师

Advanced Content Security Policy bypass techniques. Use when XSS or data exfiltration is blocked by CSP and you need to find policy weaknesses, trusted endpoint abuse, nonce leakage, or exfiltration channels that CSP cannot block.

2026-06-07
csrf-cross-site-request-forgery
信息安全分析师

CSRF testing playbook. Use when reviewing state-changing web flows, anti-CSRF defenses, SameSite behavior, JSON CSRF, login CSRF, and OAuth state handling.

2026-06-07
dangling-markup-injection
信息安全分析师

Dangling markup injection playbook. Use when HTML injection is possible but JavaScript execution is blocked (CSP, sanitizer strips event handlers, WAF blocks script tags) — exfiltrate CSRF tokens, session data, and page content by injecting unclosed HTML tags that capture subsequent page content.

2026-06-07
dns-rebinding-attacks
信息安全分析师

DNS rebinding attack playbook. Use when testing applications that trust DNS resolution for origin checks, interact with internal services from browser context, or when SSRF is not possible server-side but the target has client-side fetch/XHR to attacker-controlled domains.

2026-06-07
email-header-injection
信息安全分析师

Email header injection and spoofing playbook. Use when testing contact forms, email APIs, password reset flows, or any feature that constructs SMTP messages with user-controlled fields. Covers CRLF injection in headers, SPF/DKIM/DMARC bypass, and phishing amplification.

2026-06-07
http-host-header-attacks
信息安全分析师

HTTP Host header injection and routing abuse playbook. Use when the application trusts the Host header for generating URLs, routing requests, or access control — enabling password reset poisoning, web cache poisoning, SSRF via routing, and virtual host bypass.

2026-06-07
jndi-injection
信息安全分析师

JNDI injection playbook. Use when Java applications perform JNDI lookups with attacker-controlled names, especially via Log4j2, Spring, or any code path reaching InitialContext.lookup().

2026-06-07
jwt-oauth-token-attacks
信息安全分析师

JWT and OAuth token attack playbook. Use when validating token trust, signing algorithms, key handling, claim abuse, bearer flows, and OAuth account-binding weaknesses.

2026-06-07
open-redirect
信息安全分析师

Open redirect playbook. Use when URL parameters, form actions, or JavaScript sinks control navigation targets and may redirect users to attacker-controlled destinations.

2026-06-07
prototype-pollution-advanced
信息安全分析师

Advanced prototype pollution playbook — server-side RCE, client-side gadgets, filter bypasses, and detection techniques. Companion to ../prototype-pollution/ for basics. Use when you've confirmed pollution and need to escalate to code execution or find framework-specific gadgets.

2026-06-07
request-smuggling
信息安全分析师

HTTP request smuggling and desynchronization testing. Use when front proxies, CDNs, or load balancers disagree with the origin on message framing (Content-Length vs Transfer-Encoding), on HTTP/2→HTTP/1 translation, or when exploring client-side desync via browser fetch pipelines.

2026-06-07
sqli-sql-injection
信息安全分析师

SQL injection playbook. Use when input reaches SQL queries, authentication logic, sorting, filtering, reporting, or DB-specific blind and out-of-band execution paths.

2026-06-07
ssrf-server-side-request-forgery
信息安全分析师

SSRF playbook. Use when the server fetches URLs, resolves hostnames, imports remote content, or can be driven toward internal networks, cloud metadata, or secondary protocols.

2026-06-07
ssti-server-side-template-injection
信息安全分析师

SSTI playbook. Use when template expressions, server-side rendering, preview features, or templating engines may evaluate attacker-controlled content.

2026-06-07
websocket-security
信息安全分析师

WebSocket handshake, CSWSH, tooling (wsrepl, ws-harness, Burp), and common flaws. Use when apps use real-time channels, chat, notifications, or WS-backed APIs.

2026-06-07
insecure-source-code-management
信息安全分析师

Source control and artifact exposure (.git, .svn, .hg, backups, .env). Use when recon finds VCS paths, 403 on hidden dirs, or backup/config leaks during authorized testing.

2026-06-05