Fähigkeiten Red Team Tools and Methodology

🎯

Red Team Tools and Methodology

Name: Red Team Tools and Methodology
Author: sickn33

Niedriges Risiko ⚙️ Externe Befehle🌐 Netzwerkzugriff

Run Professional Bug Bounty Reconnaissance

Security researchers need structured methodology to discover vulnerabilities efficiently. This skill provides proven workflows from top bug bounty hunters for subdomain enumeration, live host discovery, and vulnerability scanning.

Unterstützt: Claude Codex Code(CC)

⚠️ 68 Schlecht

Die Skill-ZIP herunterladen

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

Einschalten und loslegen

Teste es

Verwendung von "Red Team Tools and Methodology". Show me subdomain enumeration commands for example.com

Erwartetes Ergebnis:

Here are the recommended subdomain enumeration commands:

1. Passive enumeration:
amass enum -passive -d example.com -src
subfinder -d example.com
assetfinder --subs-only example.com

2. Active enumeration:
amass enum -active -d example.com

3. Combine results:
cat *.txt | sort -u > all_subs.txt

Verwendung von "Red Team Tools and Methodology". How do I set up automated reconnaissance?

Erwartetes Ergebnis:

Here is a basic automated recon script structure:

1. Subdomain enumeration: subfinder -d $domain
2. Live host check: cat subs.txt | httpx
3. URL collection: cat live.txt | waybackurls
4. Vulnerability scan: nuclei -l live.txt

Each step feeds into the next for an automated pipeline.

Sicherheitsaudit

Niedriges Risiko

v1 • 2/24/2026

This skill provides documentation for legitimate security testing tools and methodologies used in authorized bug bounty programs. The detected 'external_commands' are standard reconnaissance tools (amass, subfinder, httpx, nuclei) documented for educational purposes. The 'network' findings are example URLs and public reconnaissance services. No malicious code, exploits, or unauthorized access methods are present. The skill appropriately includes constraints for authorized testing within scope.

Gescannte Dateien

311

Analysierte Zeilen

befunde

Gesamtzahl Audits

Probleme mit mittlerem Risiko (2)

SKILL.md:37-310

External Command Documentation

Skill documents usage of security testing tools (amass, subfinder, httpx, nuclei). These are standard legitimate tools used in authorized bug bounty programs. No command injection vulnerability exists - these are documentation examples for running security tools.

SKILL.md:49 SKILL.md:189-197

Network Reconnaissance URLs

Contains example URLs and public reconnaissance services (BGP.he.net). These are standard resources used in authorized security testing.

Probleme mit niedrigem Risiko (1)

SKILL.md:33-311

Reconnaissance Methodology Documentation

Skill documents reconnaissance techniques including subdomain enumeration and network scanning. This is standard bug bounty methodology and requires authorization via bug bounty program scope.

Auditiert von: claude

Qualitätsbewertung

Architektur

100

Wartbarkeit

Inhalt

Community

Sicherheit

Spezifikationskonformität

Was du bauen kannst

Set Up Bug Bounty Recon Pipeline

Automate the initial reconnaissance phase when starting a new bug bounty program engagement.

Learn Professional Testing Workflows

Study documented methodologies from experienced security professionals to improve testing efficiency.

Reference Security Tool Commands

Quickly look up correct syntax and options for common security testing tools during engagements.

Probiere diese Prompts

Beginner Subdomain Discovery

Show me how to enumerate subdomains for target.com using passive reconnaissance tools.

Live Host Identification

What is the workflow for discovering live web hosts from a list of subdomains?

Automated Vulnerability Scanning

Set up a comprehensive Nuclei scan workflow for discovered hosts.

XSS Hunting Pipeline

Build an automated XSS testing pipeline using paramspider, Gxss, and dalfox.

Bewährte Verfahren

Always verify you have authorization before testing any target
Respect bug bounty program rules and scope limitations
Use rate limiting to avoid blocking or DoS
Manually verify automated tool findings before reporting

Vermeiden

Testing systems outside of authorized scope
Running high-intensity fuzzing without permission
Skipping manual verification of automated scanner results
Ignoring program rules about rate limits and testing restrictions

Häufig gestellte Fragen

Do I need special tools installed?

Yes, this skill documents commands for tools like Amass, Subfinder, httpx, Nuclei, and ffuf. You will need to install these tools on your system.

Can I use this skill for penetration testing?

Yes, the methodology applies to both bug bounty and penetration testing engagements. Always ensure you have authorization.

Does this skill run scans automatically?

No, this skill provides methodology and command references. You must execute the commands yourself with your own tools.

Are API keys required?

Some advanced features require API keys for services like Shodan, Censys, or paid data sources. The skill works without them but with limited functionality.

What is the target audience for this skill?

Bug bounty hunters, penetration testers, red team members, and security researchers who want structured testing methodologies.

Is this skill legal to use?

The methodology is legal when used for authorized security testing. Always obtain proper authorization through bug bounty programs or penetration testing contracts.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/red-team-tools

Ref

main

Dateistruktur

📄 SKILL.md