ReddRadar
Topic: hackerone
57 skills in this topic.
-
tls-certificate-analysis
Analyzes TLS certificates for issuer, SAN, and JARM fingerprints
transilienceai/communitytools 129
-
web-app-logic
Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.
transilienceai/communitytools 129
-
osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
transilienceai/communitytools 129
-
api-security
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
transilienceai/communitytools 129
-
authentication
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
transilienceai/communitytools 129
-
client-side
Client-side vulnerability testing - XSS (reflected/stored/DOM), CSRF, CORS misconfiguration, Clickjacking, DOM-based attacks, and Prototype Pollution.
transilienceai/communitytools 129
-
cloud-containers
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
transilienceai/communitytools 129
-
coordination
Pentest engagement orchestration - workflow management, test planning, reporting, and output structure coordination.
transilienceai/communitytools 129
-
cve-poc-generator
CVE research, standalone PoC script and report generation. Given a CVE ID, researches NVD and advisories, generates a safe Python PoC, and writes a detailed vulnerability report.
transilienceai/communitytools 129
-
github-workflow
GitHub workflow automation — branching, committing, pushing, pull requests, issues, and code review. Use when asked to commit, push, create PRs/branches/issues, or manage git workflow.
transilienceai/communitytools 129
-
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
transilienceai/communitytools 129
-
hackthebox
HackTheBox platform automation - login via Playwright, browse challenges/machines/labs, manage VPN connections, solve challenges using pentest skills, log all proceedings, and feed learnings back into skill improvement.
transilienceai/communitytools 129
-
infrastructure
Network infrastructure testing - port scanning, DNS attacks, MITM, VLAN hopping, IPv6, SMB/NetBIOS, sniffing, and DoS assessment.
transilienceai/communitytools 129
-
injection
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
transilienceai/communitytools 129
-
code-repository-intel
Scans GitHub/GitLab for public repos, dependencies, and CI configurations
transilienceai/communitytools 129
-
reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
transilienceai/communitytools 129
-
skiller
transilienceai/communitytools 129
-
social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
transilienceai/communitytools 129
-
source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
transilienceai/communitytools 129
-
system
System exploitation testing - Active Directory attacks, privilege escalation (Linux/Windows), and exploit development.
transilienceai/communitytools 129
-
techstack-identification
OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.
transilienceai/communitytools 129
-
api-portal-discovery
Discovers public API portals, developer docs, and OpenAPI/Swagger endpoints
transilienceai/communitytools 129
-
backend-inferencer
Infers backend technologies including servers, languages, frameworks, databases, and CMS
transilienceai/communitytools 129
-
ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
transilienceai/communitytools 129