一键在 Manus 中运行任何 Skill

$pwd:

exploit-sqli

Name: Exploit Sqli
Author: crazyMarky

// SQL injection detection and exploitation using sqlmap, manual techniques, and custom payloads. Use this skill when user needs to test for SQL injection vulnerabilities, extract database information, or exploit SQLi in parameters, headers, or cookies.

在 Manus 中运行

$ git log --oneline --stat

stars:170

forks:16

updated:2026年2月15日 04:25

文件资源管理器

11 个文件

SKILL.md

readonly

related-skills.json

同仓库

pentest-report.md

from "crazyMarky/pentest-skills"

按照标准格式生成渗透测试报告，包含项目信息表、漏洞发现清单、漏洞详情（含属性表、描述、复现步骤、证据截图、修复建议）、附录（风险等级定义、CVSS说明、词汇表）。当用户要求生成渗透测试报告、安全测试报告、漏洞报告时使用此技能。严格遵循项目模板目录中的标准格式。

2026-03-06170

exploit-file-download.md

from "crazyMarky/pentest-skills"

任意文件下载与本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf、wget 等工具测试文件下载漏洞，支持路径遍历、伪协议利用、敏感文件读取。当用户需要测试文件下载功能、检测 LFI 漏洞、读取服务器敏感文件时使用此技能。

2026-03-05170

exploit-lfi.md

from "crazyMarky/pentest-skills"

本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf 等工具测试 LFI 漏洞，支持路径遍历、PHP 伪协议利用、日志投毒 RCE、敏感文件读取。当用户需要检测 LFI 漏洞、利用文件包含漏洞读取服务器文件时使用此技能。

2026-03-05170

exploit-file-download.md

from "crazyMarky/pentest-skills"

Arbitrary file download vulnerability detection and exploitation using path traversal techniques, bypass methods, and sensitive file discovery. Use this skill when user needs to test for file download vulnerabilities, path traversal, or read sensitive files on target systems.

2026-02-15170

exploit-xss.md

from "crazyMarky/pentest-skills"

Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.

2026-02-15170

recon-dir-scan.md

from "crazyMarky/pentest-skills"

Directory and file enumeration using ffuf, gobuster, dirsearch, and feroxbuster. Use this skill when user needs to discover hidden directories, enumerate files, find backup files, or map application structure through path fuzzing.

2026-02-15170

package.json

"author": "crazyMarky"

"repository": "crazyMarky/pentest-skills"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

信息安全分析师计算机与数学类职业15-1212L4

Option	Description
`-u`	Target URL
`-r`	Parse log file
`-l`	Load from file
`-m`	Scan multiple targets
`-p`	Test specific parameters
`--skip`	Skip parameters
`--dbms`	Force DBMS
`--os`	Force OS
`--tamper`	Tamper script
`--level`	Test level (1-5)
`--risk`	Risk level (1-3)
`--technique`	Specific technique (B/E/U/S/T)
`--batch`	Non-interactive
`--random-agent`	Random User-Agent
`--proxy`	Use proxy
`--delay`	Delay between requests
`--timeout`	Request timeout
`--retries`	Retry attempts
`--string`	Match string
`--not-string`	Not match string
`--regexp`	Regexp filter
`--grep`	Regexp filter for pages
`--crawl`	Crawl site
`--forms`	Parse forms
`--cookie`	Cookie value
`--headers`	Extra headers
`--user-agent`	Custom User-Agent
`--method`	Force method
`--data`	POST data
`-d`	POST data from file
`--dbs`	Enumerate databases
`--tables`	Enumerate tables
`--columns`	Enumerate columns
`--schema`	Enumerate schema
`--dump`	Dump data
`--dump-all`	Dump all
`--search`	Search
`--users`	Enumerate DB users
`--passwords`	Enumerate password hashes
`--priv-esc`	Privilege escalation
`--os-shell`	OS shell
`--os-pwn`	Meterpreter/OBM shell
`--sql-shell`	SQL shell
`--wizard`	Wizard mode
`-v`	Verbosity (0-6)

Option	Description
`-u`	Target URL
`-r`	Parse log file
`-l`	Load from file
`-m`	Scan multiple targets
`-p`	Test specific parameters
`--skip`	Skip parameters
`--dbms`	Force DBMS
`--os`	Force OS
`--tamper`	Tamper script
`--level`	Test level (1-5)
`--risk`	Risk level (1-3)
`--technique`	Specific technique (B/E/U/S/T)
`--batch`	Non-interactive
`--random-agent`	Random User-Agent
`--proxy`	Use proxy
`--delay`	Delay between requests
`--timeout`	Request timeout
`--retries`	Retry attempts
`--string`	Match string
`--not-string`	Not match string
`--regexp`	Regexp filter
`--grep`	Regexp filter for pages
`--crawl`	Crawl site
`--forms`	Parse forms
`--cookie`	Cookie value
`--headers`	Extra headers
`--user-agent`	Custom User-Agent
`--method`	Force method
`--data`	POST data
`-d`	POST data from file
`--dbs`	Enumerate databases
`--tables`	Enumerate tables
`--columns`	Enumerate columns
`--schema`	Enumerate schema
`--dump`	Dump data
`--dump-all`	Dump all
`--search`	Search
`--users`	Enumerate DB users
`--passwords`	Enumerate password hashes
`--priv-esc`	Privilege escalation
`--os-shell`	OS shell
`--os-pwn`	Meterpreter/OBM shell
`--sql-shell`	SQL shell
`--wizard`	Wizard mode
`-v`	Verbosity (0-6)

name	exploit-sqli
description	SQL injection detection and exploitation using sqlmap, manual techniques, and custom payloads. Use this skill when user needs to test for SQL injection vulnerabilities, extract database information, or exploit SQLi in parameters, headers, or cookies.

exploit-sqli

同仓库更多 Skills

同仓库更多 Skills

SQL Injection Detection & Exploitation

Authorization Warning

Prerequisites

Quick Start

Automated SQLMap Scan

POST Request Testing

Cookie Testing

Common Scenarios

Scenario 1: Basic Parameter Testing

Scenario 2: POST Request Injection

Scenario 3: Cookie/Header Injection

Scenario 4: Specific DBMS Testing

Scenario 5: Database Enumeration

Scenario 6: User Enumeration

Scenario 7: Union-Based SQL Injection

Scenario 8: Error-Based SQL Injection

Scenario 9: Blind SQL Injection

Scenario 10: WAF Evasion

Injection Testing Workflow

1. Initial Detection

2. Confirmation

3. Fingerprint Database

4. Enumeration

SQLMap Options Reference

Manual Payloads

MySQL Payloads

PostgreSQL Payloads

SQL Server Payloads

Oracle Payloads

Testing Checklist

Scenario: Persistent Storage of SQL Injection Findings

Resources

Scripts

References

Assets

SQL Injection Detection & Exploitation

Authorization Warning

Prerequisites

Quick Start

Automated SQLMap Scan

POST Request Testing

Cookie Testing

Common Scenarios

Scenario 1: Basic Parameter Testing

Scenario 2: POST Request Injection

Scenario 3: Cookie/Header Injection

Scenario 4: Specific DBMS Testing

Scenario 5: Database Enumeration

Scenario 6: User Enumeration

Scenario 7: Union-Based SQL Injection

Scenario 8: Error-Based SQL Injection

Scenario 9: Blind SQL Injection

Scenario 10: WAF Evasion

Injection Testing Workflow

1. Initial Detection

2. Confirmation

3. Fingerprint Database

4. Enumeration

SQLMap Options Reference

Manual Payloads

MySQL Payloads

PostgreSQL Payloads

SQL Server Payloads

Oracle Payloads

Testing Checklist

Scenario: Persistent Storage of SQL Injection Findings

Resources

Scripts

References

Assets