This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters.
>_
Quick Install
npxskills add zebbern/claude-code-guide--skill "Red Team Tools and Methodology"
Instructions
Loading…
Tags & Topics
aiai-agentai-agent-toolsclaudeclaude-aiclaude-api
Red Team Tools and Methodology
Purpose
Implement proven methodologies and tool workflows from top security researchers for effective reconnaissance, vulnerability discovery, and bug bounty hunting. Automate common tasks while maintaining thorough coverage of attack surfaces.
Inputs/Prerequisites
Target scope definition (domains, IP ranges, applications)
Linux-based attack machine (Kali, Ubuntu)
Bug bounty program rules and scope
Tool dependencies installed (Go, Python, Ruby)
API keys for various services (Shodan, Censys, etc.)
Outputs/Deliverables
Comprehensive subdomain enumeration
Live host discovery and technology fingerprinting
Identified vulnerabilities and attack vectors
Automated recon pipeline outputs
Documented findings for reporting
Core Workflow
1. Project Tracking and Acquisitions
Set up reconnaissance tracking:
# Create project structure
mkdir -p target/{recon,vulns,reports}
cd target
# Find acquisitions using Crunchbase
# Search manually for subsidiary companies
# Get ASN for targets
amass intel -org "Target Company" -src
# Alternative ASN lookup
curl -s "https://bgp.he.net/search?search=targetcompany&commit=Search"
# Check which hosts are live with httprobe
cat domains.txt | httprobe -c 80 --prefer-https | anew hosts.txt
# Use httpx for more details
cat domains.txt | httpx -title -tech-detect -status-code -o live_hosts.txt
# Alternative with massdns
massdns -r resolvers.txt -t A -o S domains.txt > resolved.txt
# Enumerate API endpoints
ffuf -u https://target.com/api/FUZZ -w /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt
# Test API versions
ffuf -u https://target.com/api/v1/FUZZ -w api_wordlist.txt
ffuf -u https://target.com/api/v2/FUZZ -w api_wordlist.txt
# Check for hidden methods
for method in GET POST PUT DELETE PATCH; do
curl -X $method https://target.com/api/users -v
done