技能 Security Scanning Tools
🛡️

Security Scanning Tools

低風險 ⚙️ 外部命令🌐 網路存取

Master Security Scanning and Vulnerability Assessment

Security professionals need comprehensive guidance on industry-standard scanning tools. This skill provides structured documentation for network discovery, vulnerability assessment, and compliance auditing with proper authorization frameworks.

支援: Claude Codex Code(CC)
⚠️ 66
1

下載技能 ZIP

2

在 Claude 中上傳

前往 設定 → 功能 → 技能 → 上傳技能

3

開啟並開始使用

測試它

正在使用「Security Scanning Tools」。 Perform a quick network scan of 192.168.1.0/24

預期結果:

Nmap scan report showing discovered hosts, open ports (22/SSH, 80/HTTP, 443/HTTPS), service versions, and OS detection results with timing information.

正在使用「Security Scanning Tools」。 Scan web application for SQL injection vulnerabilities

預期結果:

Burp Suite Scanner report listing identified SQL injection points with severity ratings, affected parameters, and remediation recommendations for each finding.

安全審計

低風險
v1 • 2/25/2026

This skill provides educational documentation for legitimate security assessment tools. Static analyzer flagged 184 patterns but nearly all are FALSE POSITIVES: backtick detections are markdown code blocks (```bash), sudo commands are standard tool prerequisites, and IPs are RFC 1918 examples. The skill includes proper authorization warnings and legal considerations. Metasploit is documented for vulnerability validation in authorized contexts only.

1
已掃描檔案
590
分析行數
5
發現項
1
審計總數

高風險問題 (1)

SKILL.md:328-351
Metasploit Framework Documentation
Skill documents Metasploit Framework usage for vulnerability validation. While Metasploit is a dual-use tool, the documentation includes proper context about authorization requirements and is intended for legitimate security assessment.
低風險問題 (2)
SKILL.md:257-278
Wireless Attack Techniques Documented
Documentation includes deauthentication attacks and WPA/WEP cracking using Aircrack-ng. These are standard penetration testing techniques but require careful handling.
SKILL.md:115-424
Privilege Escalation Commands
Multiple sudo commands documented for running security tools. These are legitimate requirements for tools like Nessus, Aircrack-ng, and Lynis, not malicious privilege escalation.

風險因素

⚙️ 外部命令 (1)
SKILL.md:42-580
🌐 網路存取 (1)
SKILL.md:44-536
審計者: claude

品質評分

38
架構
90
可維護性
87
內容
50
社群
76
安全
70
規範符合性

你能建構什麼

Network Security Assessment

Security analysts performing authorized network audits can use this skill to select appropriate scanning tools, configure scan parameters, and interpret results for vulnerability reports.

Penetration Testing Engagement

Penetration testers conducting authorized assessments can reference tool selection guidance, scanning methodologies, and reporting templates for client engagements.

Compliance Audit Preparation

IT auditors and compliance officers can use the compliance scanning sections to validate systems against PCI-DSS, HIPAA, and CIS benchmark requirements.

試試這些提示

Basic Network Scan 
Show me how to perform a basic network discovery scan using Nmap for the subnet 192.168.1.0/24, including host discovery and common port enumeration.
Web Application Assessment 
I need to assess a web application at https://example.com for OWASP Top 10 vulnerabilities. What tools should I use and what is the recommended scanning workflow?
Vulnerability Validation 
My Nessus scan identified potential SMB vulnerabilities. How can I use Metasploit to safely validate these findings in an authorized engagement?
Cloud Security Audit 
I need to perform a comprehensive AWS security assessment covering IAM, S3, and EC2 configurations. What Prowler commands should I run and how do I interpret the compliance results?

最佳實務

  • Always obtain written authorization before scanning any systems you do not own
  • Start with passive reconnaissance and non-intrusive scans before escalating to active testing
  • Document all scanning activities including scope, tools used, and findings for client reporting

避免

  • Scanning production systems without explicit written authorization from system owners
  • Running aggressive scans (T5 timing, full port ranges) on critical infrastructure without impact assessment
  • Reporting automated scanner results without manual validation to eliminate false positives

常見問題

Do I need special permissions to use these security scanning tools?
Yes. You must have written authorization from system owners before scanning any networks or applications you do not own. Unauthorized scanning may violate computer crime laws.
Which tool should I use for my first security assessment?
Start with Nmap for network discovery. It is well-documented, widely used, and provides foundational scanning capabilities. Progress to Nessus or OpenVAS for vulnerability assessment once comfortable.
Can these tools damage the systems I scan?
Aggressive scanning can potentially cause service disruption. Always start with non-intrusive scans, avoid production systems during business hours, and coordinate with system administrators.
How do I reduce false positives in vulnerability scans?
Enable credentialed scanning when possible, manually verify critical findings, use multiple scanning tools for cross-validation, and understand the specific checks each tool performs.
What is the difference between passive and active scanning?
Passive scanning observes network traffic without sending probes (e.g., Kismet). Active scanning sends packets to target systems (e.g., Nmap). Passive is stealthier but less comprehensive.
Are these tools legal to install and learn?
Yes. Installing and learning these tools on your own systems or lab environments is legal. Only the unauthorized use against systems you do not own is illegal.

開發者詳情

作者

zebbern

授權

MIT

儲存庫

https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/scanning-tools

引用

main

檔案結構

📄 SKILL.md