crtvrffnrt

pentest-recon-surface-analysis

by crtvrffnrt

"Security assessment skill for reconnaissance, endpoint/service enumeration, and attack-surface mapping. Use when prompts include recon, enumerate, map endpoints, discover assets, inventory interfaces, fingerprint technologies, or identify control-plane surfaces. Do not use when the request is exploit development, payload execution, or final report writing only."

Cross-Site Scripting (XSS) Assessment

by crtvrffnrt

pentest-web-application-logic-mapper

by crtvrffnrt

"Security assessment skill for mapping application business logic, state machines, and hidden API surfaces. Use when prompts include spider, crawl, state machine, hidden surface, workflow mapping, or hidden API discovery. Do not use for exploit development or final reporting only."

pentest-hacktricks-finder

by crtvrffnrt

Search and retrieve pentesting, red teaming, and security research information from the HackTricks wiki (book.hacktricks.wiki). Use for payloads, methodologies, bypasses, and edge-case behaviors across web, network, cloud, and application security topics.

pentest-authentication-authorization-review

by crtvrffnrt

"Security assessment skill for authentication and authorization controls. Use when prompts include session handling, token abuse, MFA weaknesses, account takeover, IDOR/BOLA/BFLA, privilege escalation, tenant isolation, or identity boundary validation. Do not use when the task is generic recon, pure parser fuzzing, or final report composition only."

pentest-gemini-az

by crtvrffnrt

Use when users need an Azure, Microsoft 365, or Entra ID companion that reads, lists, changes, and manages resources using the current Azure CLI session, with az rest as the default execution path.

pentest-gemini-sub-htb

by crtvrffnrt

Use when users ask for Hack The Box machine compromise workflows from recon to foothold and privilege escalation.

pentest-business-logic-abuse

by crtvrffnrt

"Security assessment skill for business workflow abuse, state-machine manipulation, and control-plane logic flaws. Use when prompts include workflow bypass, race condition, replay, quota abuse, order-of-operations flaws, delegated execution abuse, or unauthorized state transitions. Do not use for pure input injection fuzzing, broad recon, or standalone report formatting tasks."

pentest-evidence-structuring-report-synthesis

by crtvrffnrt

"Security assessment skill for structuring evidence, deduplicating findings, and producing decision-ready security reports. Use when prompts include write report, consolidate findings, severity ranking, remediation guidance, executive summary, or technical appendix generation. Do not use for live exploit execution, reconnaissance, or payload experimentation tasks."

pentest-input-protocol-manipulation

by crtvrffnrt

"Security assessment skill for input validation abuse and protocol-level manipulation. Use when prompts include injection, parser differential testing, request smuggling, method tampering, header confusion, serialization abuse, or payload mutation for exploitability testing. Do not use when the task is mainly authz boundary review, business workflow abuse, or report synthesis."

pentest-exploit-execution-payload-control

by crtvrffnrt

"Security assessment skill for deterministic exploit execution from validated primitives. Use when prompts include exploit implementation, payload hardening, chaining confirmed weaknesses, post-exploitation proof, or controlled impact demonstration. Do not use for early-stage reconnaissance, speculative hypothesis generation, or report-only requests."

pentest-outbound-interaction-oob-detection

by crtvrffnrt

"Security assessment skill for outbound interaction and out-of-band (OOB) validation. Use when prompts include SSRF callback confirmation, blind XSS beacons, webhook abuse, XXE/OOB behavior, DNS/HTTP callback correlation, or asynchronous server-side interaction proof. Do not use when vulnerabilities are fully in-band and require no external callback correlation."