Login
Download

Skill UI

Browse and discover 9347+ curated skills
All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages
Total 5974 skills
Default Newest Most Downloaded

WPA2 PSK Attack Workflow

offensive-wpa2-psk
SnailSploit/Claude-Red
98
A workflow for capturing PMKID or four-way handshakes from WPA/WPA2-Personal networks, converting captures to hashcat format, and cracking passwords with dictionaries, masks, and vendor default-key patterns.
View Details

WPA3 Attack Methodology

offensive-wpa3-sae
SnailSploit/Claude-Red
183
Covers WPA3/SAE attack techniques including transition-mode downgrade, Dragonblood side-channel analysis, SAE authentication flooding, H2E checks, and Wi-Fi 6E implications. Useful for assessing wireless security gaps and validating defensive hardening.
View Details

WPS PIN Attacks

offensive-wps
SnailSploit/Claude-Red
394
Methodology for assessing WPS-enabled routers using Pixie Dust offline recovery, online PIN brute force, lockout handling, and PBC edge cases. Useful for wireless security testing and understanding WPS exposure on consumer APs.
View Details

Access Control Bypass Techniques Guide

401-403-bypass-techniques
yaklang/hack-skills
351
A comprehensive playbook for bypassing 401/403 Forbidden errors. Covers advanced techniques like path normalization tricks (encoding, traversal), HTTP method tampering, IP spoofing headers, and protocol downgrade attacks. Essential knowledge for penetration testing and security auditing.
View Details

Advanced Kerberos Attack Playbook for Active Directory

active-directory-kerberos-attacks
yaklang/hack-skills
274
A comprehensive guide covering advanced Kerberos attacks against Active Directory environments. Techniques include AS-REP roasting, Kerberoasting, forging golden, silver, diamond, and sapphire tickets, and exploiting delegation abuse. Designed for penetration testers and red teams to simulate sophisticated domain compromise scenarios.
View Details

Advanced Android Security Testing Playbook

android-pentesting-tricks
yaklang/hack-skills
263
A comprehensive playbook for expert-level Android application security testing. It covers advanced exploitation techniques, including SSL pinning bypass (using Frida/Objection), detecting component exposure (activities, providers, services), and exploiting WebView vulnerabilities (RCE, XSS). Essential for authorized mobile penetration testing assessments.
View Details

Anti-Debugging Detection And Bypass Playbook

anti-debugging-techniques
yaklang/hack-skills
75
A comprehensive playbook for defeating anti-debugging mechanisms in protected binaries. Covers advanced techniques across both Linux (ptrace, /proc/self/status, timing checks) and Windows (PEB flags, NtQueryInformationProcess). Provides detailed detection methods and corresponding bypass strategies (e.g., patching, hooking, kernel modules) essential for advanced binary reverse engineering.
View Details

API Authentication And JWT Abuse Testing

api-auth-and-jwt-abuse
yaklang/hack-skills
452
A comprehensive playbook for security testing APIs relying on JWT, bearer tokens, or API keys. It covers token validation weaknesses (e.g., 'alg:none', RS256 confusion), claim misuse, header spoofing, rate limit bypass, and mass assignment vulnerabilities. Ideal for penetration testers assessing authentication boundaries.
View Details

API Authorization and BOLA Testing

api-authorization-and-bola
yaklang/hack-skills
497
This comprehensive playbook guides security testers through deep API authorization checks, focusing specifically on BOLA (Broken Object Level Authorization) and BFLA (Broken Function Level Authorization). Use this skill to test scenarios where object identifiers, nested resources, or privileged functions are exposed, ensuring thorough checks for mass assignment and privilege escalation.
View Details

API Reconnaissance and Documentation Review

api-recon-and-docs
yaklang/hack-skills
216
A comprehensive playbook for API reconnaissance and documentation review. Use this skill early in the testing process to enumerate all reachable endpoints, extract schemas, identify hidden versions (e.g., v1, v2, mobile), and discover undocumented parameters or fields across REST, GraphQL, and mobile APIs. Essential for mapping the full attack surface before deeper exploitation.
View Details

Arbitrary Write To Code Execution Playbook

arbitrary-write-to-rce
yaklang/hack-skills
489
This expert playbook details advanced techniques for converting an arbitrary memory write primitive into full Remote Code Execution (RCE). It covers targeting multiple system structures across different glibc versions, including GOT entries, __malloc_hook, __free_hook, _IO_FILE vtables, and function arrays. Essential for exploiting modern, hardened binaries and mastering advanced binary exploitation.
View Details

Authentication and Authorization Security Router

auth-sec
yaklang/hack-skills
389
This guide serves as the core entry point for comprehensive security testing of identity and access control mechanisms. It is designed to help testers systematically identify vulnerabilities across login flows, session management, object authorization (IDOR), and modern protocols like JWT, OAuth, CORS, and SAML. Use this when planning security audits for any web application with user accounts.
View Details
Prev123...489490491492493494495496497498Next
Language
简体中文
English