Skillz Wiki¶
Agent-ready offensive security skills, recon workflows, and replayable exploit-path notes.
Recent entries¶
- Node host-inventory, Rails component, search deserialization, and operator boundary checks
- TensorZero, ToolHive, local app, vault, and MCP documentation boundary checks
- LangBot MCP STDIO command boundary checks
- Keycloak backchannel logout SSRF and UMA CORS origin checks
- Koel Subsonic SSRF and MantisBT SOAP/configuration boundary checks
- NetLicensing MCP and nebula-mesh control-plane boundary checks
- n8n-MCP backup, Woodpecker agent/Kubernetes identity, and Anyquery server-mode file-write checks
- Kimai, FacturaScripts, OpenCost, and App Store trust-boundary checks
- Anyquery SSRF, yutu MCP file-write, TidGi import RCE, TsDProxy IP spoofing, Auth0 query-token, and SonicWall SMA1000 checks
- NukeViet forwarded-host CMS plus DIRAC eval, SQL, and pilot-bootstrap checks
What lives here¶
- Skills: installable, tool-specific guides that agents can execute step by step
- Recon: workflows for turning scope into a prioritized asset map
- Exploit Paths: concrete attack chains that are specific enough to replay during authorized testing
- Templates: reusable report skeletons and delivery formats
- Notes: editorial guidance, taxonomy, and source tracking
- Blog: short updates when major skills or exploit paths land
Older alert and mitigation-oriented reference pages may remain in the repo, but the primary site surface is intentionally centered on pentesting, red-team, and bug-bounty operator workflows.
How the skills are written¶
Each skill page is structured so it can be reused outside the wiki:
- When to use the tool
- Required inputs and prerequisites
- Command patterns worth reusing
- Expected outputs and what to capture
- Safety constraints and scope boundaries
Authorized use only
These pages are for lawful research, lab work, and authorized assessments. Do not apply them to systems you do not own or lack explicit permission to test.