🎯

red-team-tools

Name: red-team-tools
Author: sickn33

Riesgo bajo ⚙️ Comandos externos🌐 Acceso a red

Run Automated Red Team Reconnaissance

Bug bounty hunters and penetration testers need efficient reconnaissance workflows to enumerate targets and discover vulnerabilities. This skill provides automated pipelines using industry-standard tools like Amass, Subfinder, httpx, Nuclei, and ffuf for comprehensive security testing.

Soporta: Claude Codex Code(CC)

📊 69 Adecuado

Descargar el ZIP de la skill

Subir en Claude

Ve a Configuración → Capacidades → Skills → Subir skill

Activa y empieza a usar

Pruébalo

Usando "red-team-tools". subfinder -d target.com | httpx -title -status-code

Resultado esperado:

Subdomain enumeration results showing live hosts with HTTP titles and status codes for quick prioritization

Usando "red-team-tools". nuclei -l live_hosts.txt -t cves/ -o cve_results.txt

Resultado esperado:

CVE vulnerability scan results with severity ratings, matched templates, and affected endpoints

Auditoría de seguridad

Riesgo bajo

v1 • 2/24/2026

This skill provides legitimate red team methodology and bug bounty hunting workflows. Static findings flagged shell commands and network access, but these are standard security testing patterns (Amass, Subfinder, Nuclei, httpx, ffuf) used by authorized security professionals. No malicious intent detected. All flagged patterns represent legitimate defensive security tooling.

Archivos escaneados

316

Líneas analizadas

hallazgos

Auditorías totales

Problemas de riesgo medio (2)

SKILL.md:39-312

Shell Command Execution in Documentation

The skill contains bash commands using external security tools. This is expected behavior for a red team methodology skill - tools like amass, subfinder, httpx, nuclei, and ffuf are industry-standard for authorized security testing. No user input is directly executed; commands use hardcoded tool invocations.

SKILL.md:51-199

Network Access for Reconnaissance

The skill references network access to external services (Shodan API, BGP lookup, Wayback Machine) which are standard recon resources for security testing. URLs and API endpoints shown are legitimate recon targets.

Auditado por: claude

Puntuación de calidad

Arquitectura

100

Mantenibilidad

Contenido

Comunidad

Seguridad

Cumplimiento de la especificación

Lo que puedes crear

Quick Subdomain Recon

Rapidly enumerate subdomains and check which ones are live, useful for initial target assessment during bug bounty hunts.

Full Vulnerability Assessment

Comprehensive scan from subdomain enumeration through technology fingerprinting to nuclei vulnerability scanning.

XSS Hunting Pipeline

Automated pipeline to discover parameters and test for XSS vulnerabilities using multiple techniques.

Prueba estos prompts

Quick Subdomain Scan

Run a quick subdomain enumeration for [TARGET_DOMAIN] using subfinder and check which hosts are live with httpx. Output the results to a file.

Full Recon Pipeline

Execute a complete reconnaissance workflow for [TARGET_DOMAIN]: 1) Run amass passive enum, 2) Use subfinder for additional subdomains, 3) Check live hosts with httprobe, 4) Run nuclei vulnerability scan on live hosts.

XSS Vulnerability Hunt

Help me set up an XSS hunting pipeline for [TARGET_DOMAIN]: 1) Use waybackurls to collect URLs, 2) Extract parameters, 3) Test with dalfox, 4) Verify findings with curl.

API Endpoint Discovery

Enumerate API endpoints for [TARGET_DOMAIN] using ffuf with common API wordlists. Test for both v1 and v2 API versions and check for hidden HTTP methods.

Mejores prácticas

Always respect bug bounty program scope and rules before testing any target
Use rate limiting and appropriate concurrency settings to avoid triggering blocks
Verify all findings manually before submitting bug bounty reports to reduce duplicates

Evitar

Running automated tools without understanding what each command does
Ignoring program scope boundaries and testing out-of-scope targets
Submitting findings without manual verification, creating noise for program triage teams

Preguntas frecuentes

What tools need to be installed before using this skill?

This skill assumes you have Go, Python, and Ruby installed. Key tools include Amass, Subfinder, httpx, Nuclei, ffuf, Dalfox, and waybackurls. Most can be installed via go install or apt.

Is this skill safe to use on any target?

No. Only use this skill on targets where you have explicit authorization. Always check bug bounty program scope and rules before running any reconnaissance.

How do I avoid getting rate limited or blocked?

Use the built-in rate limiting features of tools, reduce concurrency settings, and consider using proxy rotation for extended scans. The skill includes recommendations for these settings.

Can this skill find all vulnerabilities?

No automated tool can find all vulnerabilities. This skill provides efficient reconnaissance and automated scanning, but manual testing is still required for comprehensive assessments.

Do I need API keys for full functionality?

Some features like Shodan and Censys integration require API keys. Many recon techniques work without keys, but paid services provide additional coverage.

How do I verify findings before reporting?

Manually reproduce each finding by visiting the affected endpoint. Use curl or browser developer tools to confirm the vulnerability exists and document steps to reproduce.

Detalles del desarrollador

Autor

sickn33

Licencia

MIT

Repositorio

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tools

Ref.

main

Estructura de archivos

📄 SKILL.md