Sponsored by

Find leads on Reddit on auto pilot

Topic: pentest

57 skills in this topic.

wstg-injection WSTG input validation and injection testing - SQLi, XSS, SSTI, SSRF, command injection, XXE
CyberStrikeus/CyberStrike 166
wstg-recon-config WSTG reconnaissance, configuration, error handling, and cryptography testing techniques
CyberStrikeus/CyberStrike 166
wstg-logic-client-api WSTG business logic, client-side, and API security testing
CyberStrikeus/CyberStrike 166
kerberos-attacks Kerberos protocol attack techniques and exploitation
CyberStrikeus/CyberStrike 166
recon-methodology Bug bounty and pentest reconnaissance methodology
CyberStrikeus/CyberStrike 166
wstg-auth-session WSTG identity, authentication, authorization, and session management testing
CyberStrikeus/CyberStrike 166
ad-security Active Directory security testing and attack techniques
CyberStrikeus/CyberStrike 166
bun-file-io Use this when you are working on file operations like reading, writing, scanning, or deleting files. It summarizes the preferred file APIs and patterns used in this repo. It also notes when to use filesystem helpers for directories.
CyberStrikeus/CyberStrike 166
certificate-transparency Queries CT logs for certificates and extracts SANs for subdomain discovery
transilienceai/communitytools 129
ai-threat-testing Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
transilienceai/communitytools 129
cloud-infra-detector Detects cloud providers (AWS, Azure, GCP) and PaaS platforms
transilienceai/communitytools 129
security-posture-analyzer Analyzes security headers, CSP, HSTS, WAF presence, and security.txt
transilienceai/communitytools 129
source-code-scanning Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
transilienceai/communitytools 129
social-engineering Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
transilienceai/communitytools 129
skiller
transilienceai/communitytools 129
code-repository-intel Scans GitHub/GitLab for public repos, dependencies, and CI configurations
transilienceai/communitytools 129
frontend-inferencer Infers frontend technologies including React, Angular, Vue, jQuery, Bootstrap, etc.
transilienceai/communitytools 129
hackthebox HackTheBox platform automation - login via Playwright, browse challenges/machines/labs, manage VPN connections, solve challenges using pentest skills, log all proceedings, and feed learnings back into skill improvement.
transilienceai/communitytools 129
hackerone HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
transilienceai/communitytools 129
github-workflow GitHub workflow automation — branching, committing, pushing, pull requests, issues, and code review. Use when asked to commit, push, create PRs/branches/issues, or manage git workflow.
transilienceai/communitytools 129
evidence_formatter
transilienceai/communitytools 129
report_exporter
transilienceai/communitytools 129
web-app-logic Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.
transilienceai/communitytools 129
authentication Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
transilienceai/communitytools 129