Sponsored by

Find leads on Reddit on auto pilot

Topic: red-team

873 skills in this topic.

unknown-vector-analysis Analyze custom applications, scripts, and binaries that standard technique skills could not exploit. Performs source code review, attack surface mapping, CVE research, and PoC adaptation. Route here when ANY technique agent returns saying standard patterns do not match, the target uses a custom/unknown application, or no existing technique skill covers the vector. Trigger phrases: "standard patterns don't match", "custom script", "unknown binary", "no matching technique", "unrecognized application". Do NOT use for known vulnerability classes that have dedicated technique skills — route to those instead.
blacklanternsecurity/red-run 126
retrospective Post-engagement lessons-learned retrospective. Reads the engagement directory, analyzes skill routing decisions, identifies knowledge gaps and missing skills, and produces an actionable improvement report.
blacklanternsecurity/red-run 126
2fa-bypass Bypass two-factor authentication (2FA/MFA) during authorized penetration testing.
blacklanternsecurity/red-run 126
ajp-ghostcat Exploit Apache JServ Protocol (AJP) misconfigurations and Ghostcat (CVE-2020-1938) for file read and remote code execution on Apache Tomcat. Use when port 8009 is open or AJP connector is exposed.
blacklanternsecurity/red-run 126
deserialization-dotnet Exploit .NET deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
deserialization-php Exploit PHP deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
file-upload-bypass Guide file upload restriction bypass during authorized penetration testing.
blacklanternsecurity/red-run 126
ldap-injection Exploit LDAP injection vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
nosql-injection Guide NoSQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
race-condition Exploit race conditions and TOCTOU vulnerabilities in web applications during authorized penetration testing.
blacklanternsecurity/red-run 126
sql-injection-blind Guide blind SQL injection exploitation (boolean-based, time-based, and out-of-band) during authorized penetration testing.
blacklanternsecurity/red-run 126
sql-injection-union Guide UNION-based SQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
xss-dom Guide DOM-based XSS exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
xxe Guide XML External Entity (XXE) injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
container-escapes Container escape, Docker breakout, and Kubernetes exploitation.
blacklanternsecurity/red-run 126
database-enumeration Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
infrastructure-enumeration Enumeration of infrastructure services: DNS, SMTP, SNMP, IPMI, NFS, TFTP, RPC/MSRPC, and HTTP/HTTPS surface detection. Checks zone transfers, open relays, default community strings, cipher zero, NFS exports, and web technology fingerprinting. Use after network-recon identifies infrastructure ports.
blacklanternsecurity/red-run 126
network-recon Network reconnaissance, host discovery, port scanning, and OS fingerprinting. Produces a port/service map that the orchestrator uses to route to service-specific enumeration skills.
blacklanternsecurity/red-run 126
pivoting-tunneling Network pivoting, port forwarding, and tunneling through compromised hosts to reach internal networks.
blacklanternsecurity/red-run 126
remote-access-enumeration Enumeration of remote access services: FTP, SSH, RDP, VNC, and WinRM. Checks anonymous access, default credentials, version vulnerabilities, and authentication methods. Use after network-recon identifies remote access ports.
blacklanternsecurity/red-run 126
smb-enumeration SMB share enumeration, access testing, password policy extraction, and content searching. Enumerates shares via null session, guest, and authenticated access. Covers share listing, per-share access testing, MANSPIDER content search, and SMB vulnerability detection (signing, EternalBlue). Use after network-recon identifies SMB ports (139/445).
blacklanternsecurity/red-run 126
smb-exploitation Exploit remote SMB vulnerabilities for unauthenticated code execution on Windows hosts.
blacklanternsecurity/red-run 126
xmpp-enumeration XMPP/Jabber service enumeration for Openfire, ejabberd, Prosody, and other XMPP servers. Trigger when ports 5222 (client), 5223 (legacy TLS), or 5269 (server-to-server) are found open. Covers authentication testing, user enumeration, MUC room discovery, and server fingerprinting. Do NOT use for AD enumeration or credential spraying — route those to the appropriate skills.
blacklanternsecurity/red-run 126
credential-recovery Offline credential and file recovery with hashcat and john. Use when any skill captures hashes (NTLM, Kerberos TGS/AS-REP, shadow, MSCACHE2) or encrypted files (ZIP, Office, PDF, KeePass, SSH key, 7z, RAR). Trigger phrases: "recover this hash", "offline recovery", "john", "hashcat", "zip2john", "password-protected file". Do NOT use for online password attacks (spraying, brute force against services) — use password-spraying instead.
blacklanternsecurity/red-run 126