ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
authenticating
Authentication testing skill - automates signup, login, 2FA bypass, CAPTCHA solving, and bot detection evasion using Playwright MCP. Tests authentication security controls. Includes behavioral biometrics simulation, OTP handling, and automated account creation for security assessments.
common-appsec-patterns
Application security testing coordinator for common vulnerability patterns including XSS, injection flaws, and client-side security issues. Orchestrates specialized testing agents to identify and validate common application security weaknesses.
cve-testing
CVE vulnerability testing coordinator that identifies technology stacks, researches known vulnerabilities, and tests applications for exploitable CVEs using public exploits and proof-of-concept code.
domain-assessment
Domain reconnaissance coordinator that orchestrates subdomain discovery and port scanning to build comprehensive domain attack surface inventory
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
pentest
Penetration testing orchestrator that coordinates specialized attack agents. Provides attack indexes, methodology frameworks, and documentation. Execution delegated to specialized agents (SQL Injection, XSS, SSRF, etc.). Use for engagement planning and attack coordination.
web-application-mapping
Comprehensive web application reconnaissance and mapping coordinator that orchestrates passive browsing, active endpoint discovery, attack surface analysis, and headless browser automation for complete application coverage.
api-portal-discovery
Discovers public API portals, developer docs, and OpenAPI/Swagger endpoints
backend-inferencer
Infers backend technologies including servers, languages, frameworks, databases, and CMS
cdn-waf-fingerprinter
Identifies CDNs (Cloudflare, Akamai, Fastly) and WAFs
certificate-transparency
Queries CT logs for certificates and extracts SANs for subdomain discovery
cloud-infra-detector
Detects cloud providers (AWS, Azure, GCP) and PaaS platforms
code-repository-intel
Scans GitHub/GitLab for public repos, dependencies, and CI configurations
devops-detector
Detects CI/CD tools, containerization, and orchestration from public signals
dns-intelligence
Extracts technology signals from DNS records (MX, TXT, NS, CNAME, SRV)
domain-discovery
Discovers official company domain via web search, WHOIS, and common TLD patterns
frontend-inferencer
Infers frontend technologies including React, Angular, Vue, jQuery, Bootstrap, etc.
html-content-analysis
Parses HTML for meta tags, generator comments, and script URL patterns
http-fingerprinting
Analyzes HTTP responses for technology signatures in headers, cookies, and error pages
ip-attribution
Maps IP addresses to cloud providers, ASNs, and organizations via WHOIS
javascript-dom-analysis
Detects frontend frameworks via global variables, DOM attributes, and bundle patterns
job-posting-analysis
Extracts technology requirements from job postings and career pages
security-posture-analyzer
Analyzes security headers, CSP, HSTS, WAF presence, and security.txt
subdomain-enumeration
Enumerates subdomains using CT logs, passive DNS, and search engine dorks
third-party-detector
Identifies third-party services including payments, analytics, auth, CRM, and support
tls-certificate-analysis
Analyzes TLS certificates for issuer, SAN, and JARM fingerprints
web-archive-analysis
Uses Wayback Machine to detect technology migrations over time