🎯

red-team-tools

Name: red-team-tools
Author: sickn33

Niedriges Risiko ⚙️ Externe Befehle🌐 Netzwerkzugriff

Run Automated Red Team Reconnaissance

Bug bounty hunters and penetration testers need efficient reconnaissance workflows to enumerate targets and discover vulnerabilities. This skill provides automated pipelines using industry-standard tools like Amass, Subfinder, httpx, Nuclei, and ffuf for comprehensive security testing.

Unterstützt: Claude Codex Code(CC)

📊 69 Angemessen

Die Skill-ZIP herunterladen

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

Einschalten und loslegen

Teste es

Verwendung von "red-team-tools". subfinder -d target.com | httpx -title -status-code

Erwartetes Ergebnis:

Subdomain enumeration results showing live hosts with HTTP titles and status codes for quick prioritization

Verwendung von "red-team-tools". nuclei -l live_hosts.txt -t cves/ -o cve_results.txt

Erwartetes Ergebnis:

CVE vulnerability scan results with severity ratings, matched templates, and affected endpoints

Sicherheitsaudit

Niedriges Risiko

v1 • 2/24/2026

This skill provides legitimate red team methodology and bug bounty hunting workflows. Static findings flagged shell commands and network access, but these are standard security testing patterns (Amass, Subfinder, Nuclei, httpx, ffuf) used by authorized security professionals. No malicious intent detected. All flagged patterns represent legitimate defensive security tooling.

Gescannte Dateien

316

Analysierte Zeilen

befunde

Gesamtzahl Audits

Probleme mit mittlerem Risiko (2)

SKILL.md:39-312

Shell Command Execution in Documentation

The skill contains bash commands using external security tools. This is expected behavior for a red team methodology skill - tools like amass, subfinder, httpx, nuclei, and ffuf are industry-standard for authorized security testing. No user input is directly executed; commands use hardcoded tool invocations.

SKILL.md:51-199

Network Access for Reconnaissance

The skill references network access to external services (Shodan API, BGP lookup, Wayback Machine) which are standard recon resources for security testing. URLs and API endpoints shown are legitimate recon targets.

Auditiert von: claude

Qualitätsbewertung

Architektur

100

Wartbarkeit

Inhalt

Community

Sicherheit

Spezifikationskonformität

Was du bauen kannst

Quick Subdomain Recon

Rapidly enumerate subdomains and check which ones are live, useful for initial target assessment during bug bounty hunts.

Full Vulnerability Assessment

Comprehensive scan from subdomain enumeration through technology fingerprinting to nuclei vulnerability scanning.

XSS Hunting Pipeline

Automated pipeline to discover parameters and test for XSS vulnerabilities using multiple techniques.

Probiere diese Prompts

Quick Subdomain Scan

Run a quick subdomain enumeration for [TARGET_DOMAIN] using subfinder and check which hosts are live with httpx. Output the results to a file.

Full Recon Pipeline

Execute a complete reconnaissance workflow for [TARGET_DOMAIN]: 1) Run amass passive enum, 2) Use subfinder for additional subdomains, 3) Check live hosts with httprobe, 4) Run nuclei vulnerability scan on live hosts.

XSS Vulnerability Hunt

Help me set up an XSS hunting pipeline for [TARGET_DOMAIN]: 1) Use waybackurls to collect URLs, 2) Extract parameters, 3) Test with dalfox, 4) Verify findings with curl.

API Endpoint Discovery

Enumerate API endpoints for [TARGET_DOMAIN] using ffuf with common API wordlists. Test for both v1 and v2 API versions and check for hidden HTTP methods.

Bewährte Verfahren

Always respect bug bounty program scope and rules before testing any target
Use rate limiting and appropriate concurrency settings to avoid triggering blocks
Verify all findings manually before submitting bug bounty reports to reduce duplicates

Vermeiden

Running automated tools without understanding what each command does
Ignoring program scope boundaries and testing out-of-scope targets
Submitting findings without manual verification, creating noise for program triage teams

Häufig gestellte Fragen

What tools need to be installed before using this skill?

This skill assumes you have Go, Python, and Ruby installed. Key tools include Amass, Subfinder, httpx, Nuclei, ffuf, Dalfox, and waybackurls. Most can be installed via go install or apt.

Is this skill safe to use on any target?

No. Only use this skill on targets where you have explicit authorization. Always check bug bounty program scope and rules before running any reconnaissance.

How do I avoid getting rate limited or blocked?

Use the built-in rate limiting features of tools, reduce concurrency settings, and consider using proxy rotation for extended scans. The skill includes recommendations for these settings.

Can this skill find all vulnerabilities?

No automated tool can find all vulnerabilities. This skill provides efficient reconnaissance and automated scanning, but manual testing is still required for comprehensive assessments.

Do I need API keys for full functionality?

Some features like Shodan and Censys integration require API keys. Many recon techniques work without keys, but paid services provide additional coverage.

How do I verify findings before reporting?

Manually reproduce each finding by visiting the affected endpoint. Use curl or browser developer tools to confirm the vulnerability exists and document steps to reproduce.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tools

Ref

main

Dateistruktur

📄 SKILL.md