一键导入
这个仓库中的 skills
Automated tool-assisted strategies for blind injection attacks (SQL, NoSQL, command, XPath). Covers when and how to use sqlmap, custom scripting, and binary search optimization to minimize token consumption and execution time. Use when manual blind injection would require >20 sequential requests.
HTTP Request Smuggling (HRS) / Desync attack detection and exploitation. Covers CL.TE, TE.CL, TE.TE detection, payload crafting, and chaining with SSRF/cache poisoning. Use when front-end/back-end architecture is suspected or when HTTP parsing discrepancies exist.
Race condition vulnerability detection and exploitation. Covers time-of-check to time-of-use (TOCTOU), limit bypass, coupon abuse, and multi-endpoint race chains. Use when state-dependent logic (credits, inventory, votes, transfers) exists or CTF challenge involves concurrent operations.
Canonical Nmap CLI syntax, strict staged scanning workflow, and sandbox-safe bounded scan patterns with timeout backoff.
Exact Nuclei command structure, template selection, staged scanning workflow, and bounded high-throughput execution controls with timeout backoff.
Common CTF exploitation patterns, quick wins, and time-saving tricks for web, crypto, pwn, and misc challenges. Use when you are stuck on a CTF challenge or want to rapidly test known patterns.
Linux and Windows privilege escalation techniques, enumeration scripts, and common misconfigurations. Use when you have obtained a low-privilege shell and need to escalate to root or SYSTEM.
Common web-to-RCE exploitation chains and pivoting strategies. Use when you have identified a web vulnerability and need to escalate it to remote code execution.
Web path scanner for finding hidden directories and files. Use when you need to brute-force discover accessible paths, admin panels, backup files, or hidden endpoints on a web server.
Fast web fuzzer for discovering resources, directories, virtual hosts, and parameters. Use when you need to fuzz URLs, headers, POST data, or virtual hosts with a wordlist.
Automatic SQL injection and database takeover tool. Use when you suspect a web parameter is vulnerable to SQL injection and need to test, exploit, or enumerate the database.