Sponsored by

Find leads on Reddit on auto pilot

Agent skills
claude-code

Topic: claude-code

35,830 skills in this topic.

xmpp-enumeration XMPP/Jabber service enumeration for Openfire, ejabberd, Prosody, and other XMPP servers. Trigger when ports 5222 (client), 5223 (legacy TLS), or 5269 (server-to-server) are found open. Covers authentication testing, user enumeration, MUC room discovery, and server fingerprinting. Do NOT use for AD enumeration or credential spraying — route those to the appropriate skills.
blacklanternsecurity/red-run 126
credential-recovery Offline credential and file recovery with hashcat and john. Use when any skill captures hashes (NTLM, Kerberos TGS/AS-REP, shadow, MSCACHE2) or encrypted files (ZIP, Office, PDF, KeePass, SSH key, 7z, RAR). Trigger phrases: "recover this hash", "offline recovery", "john", "hashcat", "zip2john", "password-protected file". Do NOT use for online password attacks (spraying, brute force against services) — use password-spraying instead.
blacklanternsecurity/red-run 126
container-escapes Container escape, Docker breakout, and Kubernetes exploitation.
blacklanternsecurity/red-run 126
database-enumeration Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
infrastructure-enumeration Enumeration of infrastructure services: DNS, SMTP, SNMP, IPMI, NFS, TFTP, RPC/MSRPC, and HTTP/HTTPS surface detection. Checks zone transfers, open relays, default community strings, cipher zero, NFS exports, and web technology fingerprinting. Use after network-recon identifies infrastructure ports.
blacklanternsecurity/red-run 126
network-recon Network reconnaissance, host discovery, port scanning, and OS fingerprinting. Produces a port/service map that the orchestrator uses to route to service-specific enumeration skills.
blacklanternsecurity/red-run 126
pivoting-tunneling Network pivoting, port forwarding, and tunneling through compromised hosts to reach internal networks.
blacklanternsecurity/red-run 126
remote-access-enumeration Enumeration of remote access services: FTP, SSH, RDP, VNC, and WinRM. Checks anonymous access, default credentials, version vulnerabilities, and authentication methods. Use after network-recon identifies remote access ports.
blacklanternsecurity/red-run 126
smb-enumeration SMB share enumeration, access testing, password policy extraction, and content searching. Enumerates shares via null session, guest, and authenticated access. Covers share listing, per-share access testing, MANSPIDER content search, and SMB vulnerability detection (signing, EternalBlue). Use after network-recon identifies SMB ports (139/445).
blacklanternsecurity/red-run 126
password-reset-poisoning Exploit password reset vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
php-code-injection Exploit PHP code evaluation injection via eval(), assert(), preg_replace /e, create_function(), call_user_func(), usort() callbacks, and runtime function creation (runkit, uopz). Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct PHP code evaluation of user input.
blacklanternsecurity/red-run 126
python-code-injection Exploit Python eval(), exec(), and compile() injection in web applications. Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct Python code evaluation of user input.
blacklanternsecurity/red-run 126
request-smuggling Guide HTTP request smuggling exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
smb-share-webshell Deploy webshells to IIS, Apache, or Tomcat web roots via SMB share write access. Use when a domain user has write access to a file share that maps to a web server's document root — write a webshell via smbclient/net use, then trigger it via HTTP for RCE. Covers PHP, ASPX, and JSP webshells, .NET impersonation for same-host lateral movement, and internal site discovery.
blacklanternsecurity/red-run 126
source-code-review Security-focused source code review. Identifies hardcoded credentials, injection sinks, authentication weaknesses, and framework-specific vulnerabilities. Use when application source code is available for review.
blacklanternsecurity/red-run 126
sql-injection-error Guide error-based SQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
browser-exploitation Exploit browser-based attack surfaces: malicious extension crafting for bot interaction scenarios, Chrome DevTools Protocol abuse on exposed debug ports, and browser profile/cache data extraction from compromised hosts.
blacklanternsecurity/red-run 126
command-injection Guide OS command injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
cors-misconfiguration Exploit CORS (Cross-Origin Resource Sharing) misconfigurations during authorized penetration testing.
blacklanternsecurity/red-run 126
csrf Exploit Cross-Site Request Forgery (CSRF) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
deserialization-java Exploit Java deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
idor Exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
jwt-attacks Exploit JWT (JSON Web Token) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
lfi Guide Local File Inclusion (LFI) and Remote File Inclusion (RFI) exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126