Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining thorough coverage of attack surfaces.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionred-team-tools-and-methodologyExecute the skills CLI command in your project's root directory to begin installation:
Fetches red-team-tools-and-methodology from sickn33/antigravity-awesome-skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate red-team-tools-and-methodology. Access via /red-team-tools-and-methodology in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
31.1K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
31.1K
stars
Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining thorough coverage of attack surfaces.
Set up reconnaissance tracking:
# Create project structure
mkdir -p target/{recon,vulns,reports}
cd target
# Find acquisitions using Crunchbase
# Search manually for subsidiary companies
# Get ASN for targets
amass intel -org "Target Company" -src
# Alternative ASN lookup
curl -s "https://bgp.he.net/search?search=targetcompany&commit=Search"
Comprehensive subdomain discovery:
# Create wildcards file
echo "target.com" > wildcards
# Run Amass passively
amass enum -passive -d target.com -src -o amass_passive.txt
# Run Amass actively
amass enum -active -d target.com -src -o amass_active.txt
# Use Subfinder
subfinder -d target.com -silent -o subfinder.txt
# Asset discovery
cat wildcards | assetfinder --subs-only | anew domains.txt
# Alternative subdomain tools
findomain -t target.com -o
# Generate permutations with dnsgen
cat domains.txt | dnsgen - | httprobe > permuted.txt
# Combine all sources
cat amass_*.txt subfinder.txt | sort -u > all_subs.txt
Identify responding hosts:
# Check which hosts are live with httprobe
cat domains.txt | httprobe -c 80 --prefer-https | anew hosts.txt
# Use httpx for more details
cat domains.txt | httpx -title -tech-detect -status-code -o live_hosts.txt
# Alternative with massdns
massdns -r resolvers.txt -t A -o S domains.txt > resolved.txt
Identify technologies for targeted attacks:
# Whatweb scanning
whatweb -i hosts.txt -a 3 -v > tech_stack.txt
# Nuclei technology detection
nuclei -l hosts.txt -t technologies/ -o tech_nuclei.txt
# Wappalyzer (if available)
# Browser extension for manual review
Find hidden endpoints and files:
# Directory bruteforce with ffuf
ffuf -ac -v -u https://target.com/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
# Historical URLs from Wayback
waybackurls target.com | tee wayback.txt
# Find all URLs with gau
gau target.com | tee all_urls.txt
# Parameter discovery
cat all_urls.txt | grep "=" | sort -u > params.txt
# Generate custom wordlist from historical data
cat all_urls.txt | unfurl paths | sort -u > custom_wordlist.txt
Heat Map Priority Areas:
Analysis Questions:
# ParamSpider for parameter extraction
python3 paramspider.py --domain target.com -o params.txt
# Filter with Gxss
cat params.txt | Gxss -p test
# Dalfox for XSS testing
cat params.txt | dalfox pipe --mining-dict params.txt -o xss_results.txt
# Alternative workflow
waybackurls target.com | grep "=" | qsreplace '"><script>alert(1)</script>' | while read url; do
curl -s "$url" | grep -q 'alert(1)' && echo "$url"
done > potential_xss.txt
# Nuclei comprehensive scan
nuclei -l hosts.txt -t ~/nuclei-templates/ -o nuclei_results.txt
# Check for common CVEs
nuclei -l hosts.txt -t cves/ -o cve_results.txt
# Web vulnerabilities
nuclei -l hosts.txt -t vulnerabilities/ -o vuln_results.txt
Wordlists for API fuzzing:
# Enumerate API endpoints
ffuf -u https://target.com/api/FUZZ -w /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt
# Test API versions
ffuf -u https://target.com/api/v1/FUZZ -w api_wordlist.txt
ffuf -u https://target.com/api/v2/FUZZ -w api_wordlist.txt
# Check for hidden methods
for method in GET POST PUT DELETE PATCH; do
curl -X $method https://target.com/api/users -v
done
#!/bin/bash
domain=$1
if [[ -z $domain ]]; then
echo "Usage: ./recon.sh <domain>"
exit 1
fi
mkdir -p "$domain"
# Subdomain enumeration
echo "[*] Enumerating subdomains..."
subfinder -d "$domain" -silent > "$domain/subs.txt"
# Live host discovery
echo "[*] Finding live hosts..."
cat "$domain/subs.txt" | httpx -title -tech-detect -status-code > "$domain/live.txt"
# URL collection
echo "[*] Collecting URLs..."
cat "$domain/live.txt" | waybackurls > "$domain/urls.txt"
# Nuclei scanning
echo "[*] Running Nuclei..."
nuclei -l "$domain/live.txt" -o "$domain/nuclei.txt"
echo "[+] Recon complete!"
| Tool | Purpose |
|---|---|
| Amass | Subdomain enumeration |
| Subfinder | Fast subdomain discovery |
| httpx/httprobe | Live host detection |
| ffuf | Content discovery |
| Nuclei | Vulnerability scanning |
| Burp Suite | Manual testing |
| Dalfox | XSS automation |
| waybackurls | Historical URL mining |
/api/v1/users
/api/v1/admin
/api/v1/profile
/api/users/me
/api/config
/api/debug
/api/swagger
/api/graphql
<!-- Test encoding handling -->
<h1><img><table>
<script>
%3Cscript%3E
%253Cscript%253E
%26lt;script%26gt;
subfinder -d target.com | httpx -title | tee results.txt
waybackurls target.com | grep "=" | qsreplace "test" | httpx -silent | dalfox pipe
# Full recon chain
amass enum -d target.com | httpx | nuclei -t ~/nuclei-templates/
| Issue | Solution |
|---|---|
| Rate limited | Use proxy rotation, reduce concurren ✓ Make data-driven prioritization decisions faster Stakeholder CommunicationDraft PRDs, status updates, and stakeholder presentations Example Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement ✓ Save 3-5 hours/week on communication overhead Implementation GuidePrerequisites
Time Estimate 30-60 minutes to see productivity improvements Steps
Common Pitfalls
Best Practices✓ Do
✗ Don't
💡 Pro Tips
When to Use This✓ Use when Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work. ✗ Avoid when Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed. Learning Path
Related Skillsantigravity-design-expert182sickn33/antigravity-awesome-skills Frontendsame repo grill-me648mattpocock/skills Productivitysame category premortem214parcadei/continuous-claude-v3 Productivitysame category deslop159cursor/plugins Productivitysame category travel-planner136ailabs-393/ai-labs-claude-skills Productivitysame category framer-motion131pproenca/dot-skills Productivitysame category Reviews4.4★★★★★46 reviews
showing 1-10 of 46 1 / 5 DiscussionComments — not star reviews
|