Sponsored by

Find leads on Reddit on auto pilot

Topic: security

1,299 skills in this topic.

xxe Guide XML External Entity (XXE) injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
container-escapes Container escape, Docker breakout, and Kubernetes exploitation.
blacklanternsecurity/red-run 126
database-enumeration Database service enumeration and quick-win access checks for MSSQL, MySQL, PostgreSQL, Oracle, MongoDB, and Redis. Checks default/empty passwords, unauthenticated access, and command execution capabilities. Use after network-recon identifies database ports.
blacklanternsecurity/red-run 126
infrastructure-enumeration Enumeration of infrastructure services: DNS, SMTP, SNMP, IPMI, NFS, TFTP, RPC/MSRPC, and HTTP/HTTPS surface detection. Checks zone transfers, open relays, default community strings, cipher zero, NFS exports, and web technology fingerprinting. Use after network-recon identifies infrastructure ports.
blacklanternsecurity/red-run 126
remote-access-enumeration Enumeration of remote access services: FTP, SSH, RDP, VNC, and WinRM. Checks anonymous access, default credentials, version vulnerabilities, and authentication methods. Use after network-recon identifies remote access ports.
blacklanternsecurity/red-run 126
smb-enumeration SMB share enumeration, access testing, password policy extraction, and content searching. Enumerates shares via null session, guest, and authenticated access. Covers share listing, per-share access testing, MANSPIDER content search, and SMB vulnerability detection (signing, EternalBlue). Use after network-recon identifies SMB ports (139/445).
blacklanternsecurity/red-run 126
smb-exploitation Exploit remote SMB vulnerabilities for unauthenticated code execution on Windows hosts.
blacklanternsecurity/red-run 126
xmpp-enumeration XMPP/Jabber service enumeration for Openfire, ejabberd, Prosody, and other XMPP servers. Trigger when ports 5222 (client), 5223 (legacy TLS), or 5269 (server-to-server) are found open. Covers authentication testing, user enumeration, MUC room discovery, and server fingerprinting. Do NOT use for AD enumeration or credential spraying — route those to the appropriate skills.
blacklanternsecurity/red-run 126
credential-recovery Offline credential and file recovery with hashcat and john. Use when any skill captures hashes (NTLM, Kerberos TGS/AS-REP, shadow, MSCACHE2) or encrypted files (ZIP, Office, PDF, KeePass, SSH key, 7z, RAR). Trigger phrases: "recover this hash", "offline recovery", "john", "hashcat", "zip2john", "password-protected file". Do NOT use for online password attacks (spraying, brute force against services) — use password-spraying instead.
blacklanternsecurity/red-run 126
browser-exploitation Exploit browser-based attack surfaces: malicious extension crafting for bot interaction scenarios, Chrome DevTools Protocol abuse on exposed debug ports, and browser profile/cache data extraction from compromised hosts.
blacklanternsecurity/red-run 126
command-injection Guide OS command injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
deserialization-java Exploit Java deserialization vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
idor Exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
jwt-attacks Exploit JWT (JSON Web Token) vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
oauth-attacks Exploit OAuth 2.0 and OpenID Connect vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
password-reset-poisoning Exploit password reset vulnerabilities during authorized penetration testing.
blacklanternsecurity/red-run 126
php-code-injection Exploit PHP code evaluation injection via eval(), assert(), preg_replace /e, create_function(), call_user_func(), usort() callbacks, and runtime function creation (runkit, uopz). Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct PHP code evaluation of user input.
blacklanternsecurity/red-run 126
python-code-injection Exploit Python eval(), exec(), and compile() injection in web applications. Distinct from OS command injection (shell operators) and SSTI (template engines) — this targets direct Python code evaluation of user input.
blacklanternsecurity/red-run 126
source-code-review Security-focused source code review. Identifies hardcoded credentials, injection sinks, authentication weaknesses, and framework-specific vulnerabilities. Use when application source code is available for review.
blacklanternsecurity/red-run 126
sql-injection-error Guide error-based SQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
sql-injection-stacked Guide stacked query SQL injection and second-order injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
ssti-twig Guide Twig/PHP server-side template injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
tomcat-manager-deploy Deploy WAR files via Apache Tomcat Manager for remote code execution. Use when Tomcat Manager is accessible with valid credentials (manager-script or manager-gui role). Covers WAR generation, deployment via text API and HTML interface, reverse shell delivery, and cleanup. Common initial access vector after credential discovery via LFI, default creds, or config file exposure.
blacklanternsecurity/red-run 126
web-discovery Discover web application injection points and route to the correct exploitation skill during authorized penetration testing.
blacklanternsecurity/red-run 126