🎯

red-team-tools

Name: red-team-tools
Author: sickn33

Risque faible ⚙️ Commandes externes🌐 Accès réseau

Run Automated Red Team Reconnaissance

Bug bounty hunters and penetration testers need efficient reconnaissance workflows to enumerate targets and discover vulnerabilities. This skill provides automated pipelines using industry-standard tools like Amass, Subfinder, httpx, Nuclei, and ffuf for comprehensive security testing.

Prend en charge: Claude Codex Code(CC)

📊 69 Adéquat

Télécharger le ZIP du skill

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

Activez et commencez à utiliser

Tester

Utilisation de "red-team-tools". subfinder -d target.com | httpx -title -status-code

Résultat attendu:

Subdomain enumeration results showing live hosts with HTTP titles and status codes for quick prioritization

Utilisation de "red-team-tools". nuclei -l live_hosts.txt -t cves/ -o cve_results.txt

Résultat attendu:

CVE vulnerability scan results with severity ratings, matched templates, and affected endpoints

Audit de sécurité

Risque faible

v1 • 2/24/2026

This skill provides legitimate red team methodology and bug bounty hunting workflows. Static findings flagged shell commands and network access, but these are standard security testing patterns (Amass, Subfinder, Nuclei, httpx, ffuf) used by authorized security professionals. No malicious intent detected. All flagged patterns represent legitimate defensive security tooling.

Fichiers analysés

316

Lignes analysées

résultats

Total des audits

Problèmes à risque moyen (2)

SKILL.md:39-312

Shell Command Execution in Documentation

The skill contains bash commands using external security tools. This is expected behavior for a red team methodology skill - tools like amass, subfinder, httpx, nuclei, and ffuf are industry-standard for authorized security testing. No user input is directly executed; commands use hardcoded tool invocations.

SKILL.md:51-199

Network Access for Reconnaissance

The skill references network access to external services (Shodan API, BGP lookup, Wayback Machine) which are standard recon resources for security testing. URLs and API endpoints shown are legitimate recon targets.

Audité par: claude

Score de qualité

Architecture

100

Maintenabilité

Contenu

Communauté

Sécurité

Conformité aux spécifications

Ce que vous pouvez construire

Quick Subdomain Recon

Rapidly enumerate subdomains and check which ones are live, useful for initial target assessment during bug bounty hunts.

Full Vulnerability Assessment

Comprehensive scan from subdomain enumeration through technology fingerprinting to nuclei vulnerability scanning.

XSS Hunting Pipeline

Automated pipeline to discover parameters and test for XSS vulnerabilities using multiple techniques.

Essayez ces prompts

Quick Subdomain Scan

Run a quick subdomain enumeration for [TARGET_DOMAIN] using subfinder and check which hosts are live with httpx. Output the results to a file.

Full Recon Pipeline

Execute a complete reconnaissance workflow for [TARGET_DOMAIN]: 1) Run amass passive enum, 2) Use subfinder for additional subdomains, 3) Check live hosts with httprobe, 4) Run nuclei vulnerability scan on live hosts.

XSS Vulnerability Hunt

Help me set up an XSS hunting pipeline for [TARGET_DOMAIN]: 1) Use waybackurls to collect URLs, 2) Extract parameters, 3) Test with dalfox, 4) Verify findings with curl.

API Endpoint Discovery

Enumerate API endpoints for [TARGET_DOMAIN] using ffuf with common API wordlists. Test for both v1 and v2 API versions and check for hidden HTTP methods.

Bonnes pratiques

Always respect bug bounty program scope and rules before testing any target
Use rate limiting and appropriate concurrency settings to avoid triggering blocks
Verify all findings manually before submitting bug bounty reports to reduce duplicates

Éviter

Running automated tools without understanding what each command does
Ignoring program scope boundaries and testing out-of-scope targets
Submitting findings without manual verification, creating noise for program triage teams

Foire aux questions

What tools need to be installed before using this skill?

This skill assumes you have Go, Python, and Ruby installed. Key tools include Amass, Subfinder, httpx, Nuclei, ffuf, Dalfox, and waybackurls. Most can be installed via go install or apt.

Is this skill safe to use on any target?

No. Only use this skill on targets where you have explicit authorization. Always check bug bounty program scope and rules before running any reconnaissance.

How do I avoid getting rate limited or blocked?

Use the built-in rate limiting features of tools, reduce concurrency settings, and consider using proxy rotation for extended scans. The skill includes recommendations for these settings.

Can this skill find all vulnerabilities?

No automated tool can find all vulnerabilities. This skill provides efficient reconnaissance and automated scanning, but manual testing is still required for comprehensive assessments.

Do I need API keys for full functionality?

Some features like Shodan and Censys integration require API keys. Many recon techniques work without keys, but paid services provide additional coverage.

How do I verify findings before reporting?

Manually reproduce each finding by visiting the affected endpoint. Use curl or browser developer tools to confirm the vulnerability exists and document steps to reproduce.

Détails du développeur

Auteur

sickn33

Licence

MIT

Dépôt

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/red-team-tools

Réf

main

Structure de fichiers

📄 SKILL.md