@Dinosn: uphiago/recon-skills: 144 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets…

X AI KOLs Timeline Tools

Summary

A GitHub repository providing 144 offensive security skills for reconnaissance and penetration testing, field-validated across 600+ targets in 45+ sectors, covering web enumeration, email security, Google dorks, cloud IAM, and more.

uphiago/recon-skills: 144 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with web enum, email sec, google dorks, cloud IAM, WordPress full compromise ch... https://t.co/pUvq61RPyT
Original Article
View Cached Full Text

Cached at: 06/27/26, 05:51 AM

uphiago/recon-skills: 144 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with web enum, email sec, google dorks, cloud IAM, WordPress full compromise ch… https://t.co/pUvq61RPyT


uphiago/recon-skills

Source: https://github.com/uphiago/recon-skills

🛡️ Recon & Pentest Skill Pack

144 skills for autonomous offensive reconnaissance at scale. Built from 600+ company targets, 11 rounds of field recon, and a pentest playbook validated across government, healthtech, fintech, e-commerce, ISP, and SMB sectors.

📖 Blog & research: hiago.sh — Pentest Playbook, field notes, and tooling.


📦 What’s Inside (144 skills)

recon-skills/
├── SOUL.md                  — Philosophy & agent operating instructions
├── AGENTS.md                — Complete catalog + HARDLINE skill standards
├── recon/          (24)     — WordPress/CORS/XMLRPC recon, source leaks, JS secrets, web enum, email sec, staging hunt, port scans
├── redteam/        (104)    — 51 hunt-* (xss, sqli, ssrf, rce, ato, idor, cors, firebase, supabase, k8s, etc) + 24 sector recon + 29 methodology/ops
├── meta/           (6)      — Recon playbook, sector methodology, attack patterns, wave delta, google dorks, pentest playbook
├── chains/         (2)      — Cross-attack chaining, WordPress full compromise
├── auth/           (1)      — SAML SSO attacks
├── infra/          (1)      — Docker privilege escalation
├── attacks/        (2)      — Flask Werkzeug debugger RCE
├── agentiko-hermes/        — Hermes agent operating spec
└── agentiko-worker/         — Worker runtime spec + references

🔥 Key Skills

CategorySkillWhat It Does
metarecon-playbook4-phase pipeline: target gen → quick filter → WP deep check → deep invade
reconcors-credential-wordpress8 CORS variants (V1-V8) with real confirmed targets
reconxmlrpc-exploitationSystem.multicall, pingback SSRF, IMDS role guessing, wp.uploadFile
reconweb-enumeration200+ sensitive file paths, .env extraction, path traversal, vhost enum
reconjs-secrets-extraction12 regex patterns for API keys, JWTs, Firebase, Supabase in JS bundles
reconemail-securityDMARC/SPF/DKIM checks, SMTP spoofing, header analysis
chainscross-attack-chainsAttack chain methodology — CORS+XMLRPC→RCE, SSRF→IMDS, etc
chainswordpress-full-compromiseKill chains for full WordPress takeover
metaattack-patterns-reference25 patterns (P-01 to P-25), 18 WP abuse patterns, 8 CORS variants
metacross-wave-delta-analysisCompare waves → NEW / REGRESSION / PERSISTENT / CHANGE
metasector-recon-methodologyTier-based sector selection + per-sector vulnerability baselines
metagoogle-dorks-catalog100+ dork patterns by service type + GitHub code search
redteamhunt-* (51 skills)One per vuln class: xss, sqli, ssrf, rce, ato, idor, cors, firebase, supabase, k8s, llm-ai, etc
redteamparallel-recon-triad3 parallel subagents every 20min: Deep Invade + Expand + Skill Evolution
redteamops-proxynsKernel-level proxy via network namespaces — Tor for all traffic
redteamcloud-iam-deepAWS/GCP/Azure IAM enumeration, SA key abuse, Cloud Run, Artifact Registry

📊 Field Results

MetricValue
Unique domains tested600+
Vulnerable companies found80+
Sectors tested45+
CORS variants cataloged8 (V1-V8)
Attack patterns cataloged25 (P-01 to P-25)
WP abuse patterns18 (WP-01 to WP-18)
Attack chains confirmed10
Recon rounds completed11
Executable scripts48 (40 .py, 7 .sh, 1 .js)
Hunt skills expanded (2025-2026)7 (smuggling, mfa, saml, ato, api, llm, race)

Finding Distribution

SeverityCountCommon Patterns
Critical8MySQL exposed, PHPInfo + open reg, CORS + XMLRPC + upload → RCE
High24CORS credential reflection, XMLRPC multicall, staging takeover
Medium18WP user enum, WooCommerce API, plugin version disclosure

Top Patterns by Sector

SectorVuln RateTop Finding
Law Firms~25%WP REST API user enumeration
Landscaping~20%CORS credential reflection
Pool Services~20%CORS + XMLRPC open
Pest Control~20%CORS credential reflection
HVAC/Plumbing~14%CORS + WP user enumeration
Locksmiths~33%WP REST API + XMLRPC
Window Cleaning~25%CORS + XMLRPC
Bakeries~18%Source leaks + CORS wildcard
Septic Services~25%Source leaks + CORS

🚀 Getting Started

git clone [email protected]:uphiago/recon-skills.git
cd recon-skills
cat SOUL.md          # Read the philosophy
cat AGENTS.md        # Read the standards & catalog
ls recon/            # Browse recon skills
ls redteam/          # Browse hunt skills

Each skill directory has a SKILL.md with:

  • When to Use
  • Prerequisites
  • How to Run (copy-paste commands)
  • Procedure (numbered steps with exact commands)
  • Pitfalls
  • Verification

🧠 Design Principles

  • Terminal-native — every command runs via curl, nmap, python3. No browser automation.
  • Self-contained — each SKILL.md is a complete operational package.
  • Field-validated — techniques confirmed on real targets before shipping.
  • Chain everything — one finding is Medium. Two chained is Critical.
  • Cross-reference, don’t duplicate — hosting tables belong in one place.

⭐ Star History

Star History Chart

📄 License

MIT — Use freely, contribute back.

Similar Articles

mukul975/Anthropic-Cybersecurity-Skills

GitHub Trending (daily)

An open-source repository containing 754 structured cybersecurity skills for AI agents, covering 26 security domains and mapped to multiple industry frameworks, enabling agents to perform expert-level security analysis.

trimstray/the-book-of-secret-knowledge

GitHub Trending (daily)

A curated GitHub repository collecting inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, and CLI/web tools for system administrators, DevOps, pentesters, and security researchers.