pentest-recon-surface-analysis

Installation

SKILL.md

Recon & Surface Analysis

Activation Triggers (Positive)

recon
enumerate
surface map
asset inventory
endpoint discovery
technology fingerprinting
control plane mapping
ffuf
vhost fuzzing
subdomain enumeration

Exclusion Triggers (Negative)

build exploit
weaponize payload
write final report
only validate known vulnerability

Related skills

More from crtvrffnrt/skills

pentest-xss
Security assessment skill for Cross-Site Scripting (XSS) vulnerabilities. Use when investigating input sanitization, reflected, stored, DOM, or blind XSS. Focuses on discovery, exploitation, and payload optimization. Do not use for generic network recon or non-web injection types.
42
pentest-exploit-execution-payload-control
Security assessment skill for deterministic exploit execution from validated primitives. Use when prompts include exploit implementation, payload hardening, chaining confirmed weaknesses, post-exploitation proof, or controlled impact demonstration. Do not use for early-stage reconnaissance, speculative hypothesis generation, or report-only requests.
34
pentest-business-logic-abuse
Security assessment skill for business workflow abuse, state-machine manipulation, and control-plane logic flaws. Use when prompts include workflow bypass, race condition, replay, quota abuse, order-of-operations flaws, delegated execution abuse, or unauthorized state transitions. Do not use for pure input injection fuzzing, broad recon, or standalone report formatting tasks.
32
pentest-gemini-az
Use when users need an Azure, Microsoft 365, or Entra ID companion that reads, lists, changes, and manages resources using the current Azure CLI session, with `az rest` as the default execution path.
29
pentest-outbound-interaction-oob-detection
Security assessment skill for outbound interaction and out-of-band (OOB) validation. Use when prompts include SSRF callback confirmation, blind XSS beacons, webhook abuse, XXE/OOB behavior, DNS/HTTP callback correlation, or asynchronous server-side interaction proof. Do not use when vulnerabilities are fully in-band and require no external callback correlation.
28
pentest-evidence-structuring-report-synthesis
Security assessment skill for structuring evidence, deduplicating findings, and producing decision-ready security reports. Use when prompts include write report, consolidate findings, severity ranking, remediation guidance, executive summary, or technical appendix generation. Do not use for live exploit execution, reconnaissance, or payload experimentation tasks.
28

Installs

33

Repository

crtvrffnrt/skills

GitHub Stars

1

First Seen

Feb 19, 2026

Security Audits

Gen Agent Trust HubPass