Skill UI

This skill provides comprehensive methods for collecting and synthesizing Open-Source Intelligence (OSINT) regarding threat actors, malicious infrastructure, and attack campaigns. It utilizes public data sources, passive reconnaissance tools (like WHOIS, Certificate Transparency), and specialized platforms (Maltego, Shodan, SpiderFoot) to map adversary context and perform pre-engagement intelligence gathering for authorized red team assessments. Emphasis is placed on passive collection techniques to ensure legality and operational security.

This guide details how to conduct comprehensive external reconnaissance using Open Source Intelligence (OSINT) techniques. It teaches testers to passively map an organization's entire digital footprint, including enumerating subdomains, discovering internet-facing infrastructure (via Shodan/Censys), identifying personnel data, and analyzing leaked credentials from public sources. Ideal for the initial phases of penetration testing or red team engagements.

This skill provides advanced techniques and code examples for monitoring, mapping, and pivoting across adversary-controlled infrastructure. It leverages Passive DNS, Certificate Transparency logs, Shodan/Censys scanning, and network fingerprinting (JARM/JA3S) to discover C2 servers, phishing domains, and exploitable assets over time, which is crucial for advanced security operations and threat intelligence gathering.