Search Skills
Search across 54932 indexed skills
cicd-pipeline-attack
CI/CD 系统是现代软件工程的核心基础设施——它们拥有代码仓库的读写权限、持有云平台的部署凭据、能够直接修改生产环境。一旦攻陷流水线,攻击者可以同时获得代码控制权、Secrets 访问权和云环境穿透能力,其影响范围远超单台服务器的沦陷。 本技能以决策树形式组织 CI/CD 攻击方法论。各平台的详细...
k8s-container-escape
K8s 集群一旦被突破,攻击面极大——从单个 Pod 可以横向扩展到整个集群的所有节点和服务。 容器逃逸详细手法(挂载逃逸/内核漏洞/特权容器/cgroup)→ 读 references/escape-techniques.md 集群层面攻击(API Server/etcd/RBAC/横向移动)→ ...
python-web-debug
Python Web 框架的 Debug 模式是开发者留下的最危险的配置错误之一——Werkzeug debugger 直接提供交互式 Python shell(RCE),Django DEBUG=True 泄露完整配置和源码路径,FastAPI /docs 暴露所有 API 接口。 | 信号 | ...
githacker-git-leak
GitHacker 专注于 .git 目录泄露的完整恢复——不仅拿到源码,还能恢复 stash、所有分支/标签、reflog。开发者删过的密码和调试代码往往藏在这些地方。 项目地址:https://github.com/WangYihang/GitHacker pip install GitHack...
php-bypass
当你已获取 webshell(能执行 PHP 代码)但无法执行系统命令时,本 skill 指导你突破 disablefunctions 和 openbasedir 限制。 方法 A-G 完整绕过代码 → references/disable-functions-bypass.md openbased...
recon-full
本技能是渗透测试的标准第一步,目标是从域名/IP 出发,尽可能多地发现资产和漏洞。 确认测试目标的范围,和任务描述,尽量不要超出目标范围 如果任务强调不测试子域名,则跳过 Phase 1: 子域名枚举步骤 如果任务强调不测试其他端口,则跳过 Phase 2: 端口扫描步骤 用 dns 枚举工具获取更...
debug-buttercup
Pods in the crs namespace are in CrashLoopBackOff, OOMKilled, or restarting Multiple services restart simultaneously (cascade failure) Redis is unresp...
next-best-practices
Apply these rules when writing or reviewing Next.js code. See file-conventions.md for: Project structure and special files Route segments (dynamic, ca...
aflpp
AFL++ is a fork of the original AFL fuzzer that offers better fuzzing performance and more advanced features while maintaining stability. A major bene...
atheris
Atheris is a coverage-guided Python fuzzer built on libFuzzer. It enables fuzzing of both pure Python code and Python C extensions with integrated Add...
ai-engineering-toolkit
A collection of 6 structured, expert-level workflows that turn your AI coding assistant into a senior AI engineering partner. Each skill encodes a rep...
mise-configurator
This skill generates clean, production-ready mise.toml configurations for local development environments and CI/CD pipelines. It helps standardize run...