ReddRadar
Topic: claude
14,433 skills in this topic.
-
csrf
Exploit Cross-Site Request Forgery (CSRF) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
deserialization-java
Exploit Java deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
credential-recovery
Offline credential and file recovery with hashcat and john. Use when any skill captures hashes (NTLM, Kerberos TGS/AS-REP, shadow, MSCACHE2) or encrypted files (ZIP, Office, PDF, KeePass, SSH key, 7z, RAR). Trigger phrases: "recover this hash", "offline recovery", "john", "hashcat", "zip2john", "password-protected file". Do NOT use for online password attacks (spraying, brute force against services) — use password-spraying instead.
blacklanternsecurity/red-run 126
-
xmpp-enumeration
XMPP/Jabber service enumeration for Openfire, ejabberd, Prosody, and other XMPP servers. Trigger when ports 5222 (client), 5223 (legacy TLS), or 5269 (server-to-server) are found open. Covers authentication testing, user enumeration, MUC room discovery, and server fingerprinting. Do NOT use for AD enumeration or credential spraying — route those to the appropriate skills.
blacklanternsecurity/red-run 126
-
smb-exploitation
Exploit remote SMB vulnerabilities for unauthenticated code execution on Windows hosts.
blacklanternsecurity/red-run 126
-
smb-enumeration
SMB share enumeration, access testing, password policy extraction, and content searching. Enumerates shares via null session, guest, and authenticated access. Covers share listing, per-share access testing, MANSPIDER content search, and SMB vulnerability detection (signing, EternalBlue). Use after network-recon identifies SMB ports (139/445).
blacklanternsecurity/red-run 126
-
remote-access-enumeration
Enumeration of remote access services: FTP, SSH, RDP, VNC, and WinRM. Checks anonymous access, default credentials, version vulnerabilities, and authentication methods. Use after network-recon identifies remote access ports.
blacklanternsecurity/red-run 126
-
pivoting-tunneling
Network pivoting, port forwarding, and tunneling through compromised hosts to reach internal networks.
blacklanternsecurity/red-run 126
-
idor
Exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
jwt-attacks
Exploit JWT (JSON Web Token) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
lfi
Guide Local File Inclusion (LFI) and Remote File Inclusion (RFI) exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
oauth-attacks
Exploit OAuth 2.0 and OpenID Connect vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
password-reset-poisoning
Exploit password reset vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
-
php-code-injection
Exploit PHP code evaluation injection via eval(), assert(), preg_replace /e, create_function(), call_user_func(), usort() callbacks, and runtime function creation (runkit, uopz). Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct PHP code evaluation of user input.
blacklanternsecurity/red-run 126
-
python-code-injection
Exploit Python eval(), exec(), and compile() injection in web applications. Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct Python code evaluation of user input.
blacklanternsecurity/red-run 126
-
request-smuggling
Guide HTTP request smuggling exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
smb-share-webshell
Deploy webshells to IIS, Apache, or Tomcat web roots via SMB share write access. Use when a domain user has write access to a file share that maps to a web server's document root — write a webshell via smbclient/net use, then trigger it via HTTP for RCE. Covers PHP, ASPX, and JSP webshells, .NET impersonation for same-host lateral movement, and internal site discovery.
blacklanternsecurity/red-run 126
-
source-code-review
Security-focused source code review. Identifies hardcoded credentials, injection sinks, authentication weaknesses, and framework-specific vulnerabilities. Use when application source code is available for review.
blacklanternsecurity/red-run 126
-
container-escapes
Container escape, Docker breakout, and Kubernetes exploitation.
blacklanternsecurity/red-run 126
-
database-enumeration
Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
-
infrastructure-enumeration
Enumeration of infrastructure services: DNS, SMTP, SNMP, IPMI, NFS, TFTP, RPC/MSRPC, and HTTP/HTTPS surface detection. Checks zone transfers, open relays, default community strings, cipher zero, NFS exports, and web technology fingerprinting. Use after network-recon identifies infrastructure ports.
blacklanternsecurity/red-run 126
-
sql-injection-error
Guide error-based SQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
sql-injection-stacked
Guide stacked query SQL injection and second-order injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
ssrf
Guide server-side request forgery (SSRF) exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126