Z
zebbern
@mayurrathi
⭐ 40.7k GitHub stars

Red Team Tools

Red Team Tools is an code AI skill with a core value of This skill should be used when the user asks to \"follow red team methodology\", \"perform bug bounty hunting\", \"automate reconnaissance\", \"hunt for XSS vulnerabilities\", \"enumerate su. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

This skill should be used when the user asks to \"follow red team methodology\", \"perform bug bounty hunting\", \"automate reconnaissance\", \"hunt for XSS vulnerabilities\", \"enumerate su...

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/red-team-tools && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/red-team-tools/SKILL.md -o ./skills/red-team-tools/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# Red Team Tools and Methodology


Purpose


Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining thorough coverage of attack surfaces.


Inputs/Prerequisites


- Target scope definition (domains, IP ranges, applications)

- Linux-based attack machine (Kali, Ubuntu)

- Bug bounty program rules and scope

- Tool dependencies installed (Go, Python, Ruby)

- API keys for various services (Shodan, Censys, etc.)


Outputs/Deliverables


- Comprehensive subdomain enumeration

- Live host discovery and technology fingerprinting

- Identified vulnerabilities and attack vectors

- Automated recon pipeline outputs

- Documented findings for reporting


Core Workflow


1. Project Tracking and Acquisitions


Set up reconnaissance tracking:


bash
# Create project structure
mkdir -p target/{recon,vulns,reports}
cd target

# Find acquisitions using Crunchbase
# Search manually for subsidiary companies

# Get ASN for targets
amass intel -org "Target Company" -src

# Alternative ASN lookup
curl -s "https://bgp.he.net/search?search=targetcompany&commit=Search"

2. Subdomain Enumeration


Comprehensive subdomain discovery:


bash
# Create wildcards file
echo "target.com" > wildcards

# Run Amass passively
amass enum -passive -d target.com -src -o amass_passive.txt

# Run Amass actively
amass enum -active -d target.com -src -o amass_active.txt

# Use Subfinder
subfinder -d target.com -silent -o subfinder.txt

# Asset discovery
cat wildcards | assetfinder --subs-only | anew domains.txt

# Alternative subdomain tools
findomain -t target.com -o

# Generate permutations with dnsgen
cat domains.txt | dnsgen - | httprobe > permuted.txt

# Combine all sources
cat amass_*.txt subfinder.txt | sort -u > all_subs.txt

3. Live Host Discovery


Identify responding hosts:


bash
# Check which hosts are live with httprobe
cat domains.txt | httprobe -c 80 --prefer-https | anew hosts.txt

# Use httpx for more details
cat domains.txt | httpx -title -tech-detect -status-code -o live_hosts.txt

# Alternative with massdns
massdns -r resolvers.txt -t A -o S domains.txt > resolved.txt

4. Technology Fingerprinting


Identify technologies for targeted attacks:


bash
# Whatweb scanning
whatweb -i hosts.txt -a 3 -v > tech_stack.txt

# Nuclei technology detection
nuclei -l hosts.txt -t technologies/ -o tech_nuclei.txt

# Wappalyzer (if available)
# Browser extension for manual review

5. Content Discovery


Find hidden endpoints and files:


bash
# Directory bruteforce with ffuf
ffuf -ac -v -u https://target.com/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt

# Historical URLs from Wayback
waybackurls target.com | tee wayback.txt

# Find all URLs with gau
gau target.com | tee all_urls.txt

# Parameter discovery
cat all_urls.txt | grep "=" | sort -u > params.txt

# Generate custom wordlist from historical data
cat all_urls.txt | unfurl paths | sort -u > custom_wordlist.txt

6. Application Analysis (Jason Haddix Method)


**Heat Map Priority Areas:**


1. **File Uploads** - Test for injection, XXE, SSRF, shell upload

2. **Content Types** - Filter Burp for multipart forms

3. **APIs** - Look for hidden methods, lack of auth

4. **Profile Sections** - Stored XSS, custom fields

5. **Integrations** - SSRF through third parties

6. **Error Pages** - Exotic injection points


**Analysis Questions:**

- How does the app pass data? (Params, API, Hybrid)

- Where does the app talk about users? (UID, UUID endpoints)

- Does the site have multi-tenancy or user levels?

- Does it have a unique threat model?

- How does the site handle XSS/CSRF?

- Has the site had past writeups/exploits?


7. Automated XSS Hunting


bash
# ParamSpider for parameter extraction
python3 paramspider.py --domain target.com -o params.txt

# Filter with Gxss
cat params.txt | Gxss -p test

# Dalfox

🎯 Best For

  • Claude users
  • Software engineers
  • Development teams
  • Tech leads

💡 Use Cases

  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Red Team Tools to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Is Red Team Tools compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Red Team Tools?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Red Team Tools?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/red-team-tools/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills