Loading...
Loading...
Found 122 Skills
This skill should be used when the user asks to "plan a red team engagement", "scope a penetration test", "design a security assessment methodology", "create rules of engagement", or "plan an adversary simulation".
Reverse shell techniques playbook. Use when establishing remote shells including language one-liners, encrypted shells (OpenSSL/socat/ncat), web shells, PTY upgrades, file transfer methods, PowerShell shells, and Windows payload generation.
Test Android apps on a rooted device. Decompile APKs, intercept traffic, parse UI, test for IDORs, bypass SSL pinning, hook methods with Frida, inspect exported components, read local storage, and find sensitive data. Use when asked to "test this app", "find bugs", "pentest", "reverse engineer", "decompile", "intercept requests", "check for IDORs", "bypass cert pinning", "hook this method", or "check deeplinks".
Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. Masters firmware extraction, analysis, and vulnerability research for routers, IoT devices, automotive systems, and industrial controllers. Use PROACTIVELY for firmware security audits, IoT penetration testing, or embedded systems research.
Test automate security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues. Use when performing security assessments, penetration tests, or vulnerability scans. Trigger with phrases like "scan for vulnerabilities", "test security", or "run penetration test".
Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vu...
Guide for AI-powered penetration testing tools, red teaming frameworks, and autonomous security agents.
Comprehensive API security testing skill for REST, GraphQL, gRPC, and WebSocket APIs. This skill should be used when performing API penetration testing, testing for OWASP API Top 10 vulnerabilities, fuzzing API endpoints, testing authentication/authorization, and analyzing API specifications. Triggers on requests to test API security, pentest REST APIs, test GraphQL endpoints, analyze OpenAPI/Swagger specs, or find API vulnerabilities.
Use when conducting authorized penetration tests, performing security assessments, running red team exercises, testing security controls, identifying attack paths, or validating hardening measures
Design security testing solutions, including OWASP Top 10, penetration testing, and vulnerability scanning. Default output is Markdown, and Excel/CSV/JSON output is available upon request. Use for security testing or security-testing.
Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.