home/categories/testing-security

domain cluster

Testing & Security

QA, penetration testing, and code quality.

9326 اسکلزall categories

sorting

stars

current ordering strategy

query

all entries

refine the visible subset

security

1.1K

websocket-attack

WebSocket 安全测试。当目标使用 ws:// 或 wss:// 协议、页面 JS 中有 new WebSocket() 调用、或发现 101 Switching Protocols 响应时使用。覆盖 WS 劫持(CSWSH)、消息注入、认证绕过、信息泄露

wgpsec

testing-security

open

security

1.1K

efficiency-rules

渗透测试效率规则。防止盲目枚举、工具阻塞等低效行为，确保在有限时间内最大化漏洞发现数量。当开始渗透测试、发现扫描工具运行时间过长、陷入盲目爆破循环、或需要决策下一步攻击方向时使用。每轮渗透开始前建议阅读

wgpsec

testing-security

open

security

1.1K

supply-chain-audit

供应链安全审计。当指纹识别发现 WordPress/Jenkins/Struts/Django 等已知框架、或发现 /package.json /composer.json /package-lock.json /Gemfile 等依赖声明文件时使用。框架和组件版本直接关联 CVE——这是利用链的第一步，也是最容易忽略的攻击面

wgpsec

testing-security

open

security

1.1K

adcs-certipy-attack

Active Directory Certificate Services (ADCS) 证书攻击。当发现域内有 CA 服务器、ADCS Web Enrollment、证书模板配置错误时使用。覆盖 ESC1-ESC11 所有证书滥用路径、Certipy 工具链、证书伪造、NTLM 中继到 ADCS。发现 ADCS/CA/证书/certsrv 相关内容时一定要使用此技能

wgpsec

testing-security

open

security

1.1K

ntlm-relay-attack

NTLM 中继攻击方法论。当目标网络存在 NTLM 认证、可以触发 SMB/HTTP 认证请求、或获取到 NetNTLM Hash 时使用。覆盖 Responder 毒化、ntlmrelayx 中继、打印机 Bug 强制认证、RBCD 中继、Shadow Credentials、ADCS 中继。任何涉及 NTLM、Relay、Responder、中继攻击的场景都应使用此技能

wgpsec

testing-security

open

security

1.1K

oa-system-attack

国产 OA/内网系统漏洞利用。当在内网发现致远(Seeyon)、泛微(Weaver/E-cology)、用友(Yonyou/NC/U8)、蓝凌(Landray)、通达(Tongda)、万户(Ezoffice)、金蝶(Kingdee)、红帆(iOffice) 等国产 OA 系统时使用。覆盖各系统的典型漏洞、默认口令、RCE 路径。国内 HW/比赛内网中高频出现，一定要使用此技能

wgpsec

testing-security

open

security

1.1K

cred-spray

凭据喷洒与复用攻击。当已收集到用户名/密码/哈希后，需要验证凭据在其他服务/主机上是否有效时使用。覆盖密码喷洒策略（避免锁定）、凭据复用检测、PTH/PTK 攻击。用于扩大控制范围

wgpsec

testing-security

open

security

1.1K

post-exploit-windows

Windows 系统后渗透全流程。当通过 RCE/webshell/RDP 获取到 Windows shell 后使用。覆盖系统信息收集、UAC 绕过、本地提权、凭据提取(SAM/LSASS/浏览器)、域信息侦察。适用于独立主机和域环境

wgpsec

testing-security

open

security

1.1K

recon-full

主动式全流程资产侦察。当需要对目标进行从零到漏洞发现的完整侦察、渗透测试的第一阶段、或需要全面了解目标攻击面时使用。覆盖子域名枚举→端口扫描→存活检测→指纹识别→POC 扫描的完整链条

wgpsec

testing-security

open

security

1.1K

使用 gogo 进行端口扫描和指纹识别。gogo 是 chainreactors 出品的高速端口扫描器，支持主动/被动指纹识别、智能分组输出、自动 TLS 握手提取证书信息。和 fscan 的区别：gogo 专注于扫描精度和指纹覆盖（2000+ 指纹规则），而 fscan 兼顾弱口令和 POC。当需要精确识别目标服务和中间件版本（而不只是端口开放）时优先使用 gogo。涉及端口扫描、服务识别、指纹识别、资产发现的场景都应考虑此技能

wgpsec

testing-security

open

security

1.1K

hashcat-crack

使用 hashcat 进行密码哈希离线破解。当获取到密码哈希（NTLM/NTLMv2/Kerberos TGS/AS-REP/SHA/MD5/bcrypt/NetNTLMv2）需要还原明文密码时使用。hashcat 是 GPU 加速的密码破解工具，比 john 快几十倍。覆盖哈希类型识别、字典攻击、规则攻击、掩码攻击、组合攻击。拿到 hashdump/secretsdump/Kerberoast/AS-REP 输出后必用此技能

wgpsec

testing-security

open

security

1.1K

xray-scan

使用 xray 进行 Web 漏洞自动化扫描。当需要对 Web 应用进行全面漏洞扫描（XSS/SQLi/命令注入/SSRF/XXE/路径穿越/文件上传/弱口令等）时使用。xray 是长亭科技出品的综合性 Web 安全评估工具，支持主动扫描、被动代理扫描、基础爬虫扫描三种模式，内置丰富的检测插件和社区 POC。任何涉及 xray 漏洞扫描、Web 安全评估、被动代理扫描的场景都应使用此技能

wgpsec

testing-security

open

testing

1.1K

workflow-integration-testing

Write integration tests for Workflows using renderForTest and WorkflowTurbine. Use when testing full workflow runtime behavior, async operations, state changes over time, output emissions, multi-step user flows, or when user mentions "integration test", "renderForTest", or "WorkflowTurbine".

square

testing-security

open

testing

1.1K

workflow-testing

Write unit tests for StatefulWorkflow and StatelessWorkflow using testRender and RenderTester. Use for workflow unit testing, render testing, expectWorker, expectWorkflow, action verification, or WorkflowOutput assertions.

square

testing-security

open

testing

1.1K

ctf-misc

CTF 杂项挑战技术。当遇到编码谜题、Python/Bash 沙箱逃逸、RF/SDR 信号、游戏/VM 逆向、K8s RBAC、浮点数技巧、Z3 约束求解、博弈论等不属于 pwn/crypto/web/reverse/forensics/osint 的 CTF 挑战时使用。先排除其他分类后再使用本技能

wgpsec

testing-security

open

testing

1.1K

report-generate

渗透测试报告生成。当完成安全评估需要输出正式报告时使用。覆盖报告结构模板、风险评级标准（CVSS）、漏洞描述写法、修复建议规范。适用于正式渗透测试报告和红队评估报告

wgpsec

testing-security

open

code-quality

1.1K

rocq-build-troubleshoot

Fast workflow to diagnose and fix Rocq/Coq compile errors in this repository, especially missing imports after links/simulate splits and per-file compile checks.

formal-land

testing-security

open

code-quality

1.1K

write-judge-prompt

Design LLM-as-Judge evaluators for subjective criteria that code-based checks cannot handle. Use when a failure mode requires interpretation (tone, faithfulness, relevance, completeness). Do NOT use when the failure mode can be checked with code (regex, schema validation, execution tests). Do NOT use when you need to validate or calibrate the judge — use validate-evaluator instead.

hamelsmu

testing-security

open

testing

1.1K

clawteam-dev

This skill should be used when the user asks to "run e2e test", "test clawteam", "end-to-end test", "test agent team", "verify clawteam works", "dev test", or wants to validate the full ClawTeam lifecycle. Runs a complete end-to-end test: cleanup → create team → create tasks with dependencies → spawn agents → wait for completion → verify results → cleanup.

win4r

testing-security

open

security

1.1K

credential-access

Credential extraction and capture — LSASS dumping, SAM/SECURITY hive extraction, DPAPI decryption, NTLM relay, Responder poisoning, password spraying, hash cracking.

PurpleAILAB

testing-security

open

security

1.1K

privilege-escalation

Host privilege escalation — Windows token impersonation, UAC bypass, service abuse, DLL hijacking, Linux SUID/sudo/kernel exploits, automated enumeration.

PurpleAILAB

testing-security

open

testing

1.1K

write-ok

Write a deterministic OK file to out/ok.txt.

trpc-group

testing-security

open

code-quality

1.1K

implement

Implement features, fix bugs, or refactor source code. Use when asked to add functionality, modify source code, or improve code structure. Not for documentation-only changes.

adobe

testing-security

open

code-quality

1.1K

lint

Fix code style issues and ensure linting passes. Use when asked to fix lint errors, formatting issues, or when ktlint or Checkstyle violations are reported.

adobe

testing-security

open

Page 103 / 389