From ebb8f1993764ca0efbb6c5adc3befe40d4c7b2cc Mon Sep 17 00:00:00 2001 From: zebbern <185730623+zebbern@users.noreply.github.com> Date: Tue, 20 Jan 2026 08:27:53 +0100 Subject: [PATCH] feat: add author metadata to zebbern security skills (#8) Added metadata block with author: zebbern and version: 1.1 to all 29 security skills originally from claude-code-guide repository: - active-directory-attacks, api-fuzzing-bug-bounty, aws-penetration-testing - broken-authentication, burp-suite-testing, cloud-penetration-testing - ethical-hacking-methodology, file-path-traversal, html-injection-testing - idor-testing, linux-privilege-escalation, linux-shell-scripting - metasploit-framework, network-101, pentest-checklist, pentest-commands - privilege-escalation-methods, red-team-tools, scanning-tools - shodan-reconnaissance, smtp-penetration-testing, sql-injection-testing - sqlmap-database-pentesting, ssh-penetration-testing, top-web-vulnerabilities - windows-privilege-escalation, wireshark-analysis, wordpress-penetration-testing - xss-html-injection --- skills/active-directory-attacks/SKILL.md | 3 +++ skills/api-fuzzing-bug-bounty/SKILL.md | 3 +++ skills/aws-penetration-testing/SKILL.md | 3 +++ skills/broken-authentication/SKILL.md | 3 +++ skills/burp-suite-testing/SKILL.md | 3 +++ skills/cloud-penetration-testing/SKILL.md | 3 +++ skills/ethical-hacking-methodology/SKILL.md | 3 +++ skills/file-path-traversal/SKILL.md | 3 +++ skills/html-injection-testing/SKILL.md | 3 +++ skills/idor-testing/SKILL.md | 3 +++ skills/linux-privilege-escalation/SKILL.md | 3 +++ skills/linux-shell-scripting/SKILL.md | 3 +++ skills/metasploit-framework/SKILL.md | 3 +++ skills/network-101/SKILL.md | 3 +++ skills/pentest-checklist/SKILL.md | 3 +++ skills/pentest-commands/SKILL.md | 3 +++ skills/privilege-escalation-methods/SKILL.md | 3 +++ skills/red-team-tools/SKILL.md | 3 +++ skills/scanning-tools/SKILL.md | 3 +++ skills/shodan-reconnaissance/SKILL.md | 3 +++ skills/smtp-penetration-testing/SKILL.md | 3 +++ skills/sql-injection-testing/SKILL.md | 3 +++ skills/sqlmap-database-pentesting/SKILL.md | 3 +++ skills/ssh-penetration-testing/SKILL.md | 3 +++ skills/top-web-vulnerabilities/SKILL.md | 3 +++ skills/windows-privilege-escalation/SKILL.md | 3 +++ skills/wireshark-analysis/SKILL.md | 3 +++ skills/wordpress-penetration-testing/SKILL.md | 3 +++ skills/xss-html-injection/SKILL.md | 3 +++ 29 files changed, 87 insertions(+) diff --git a/skills/active-directory-attacks/SKILL.md b/skills/active-directory-attacks/SKILL.md index 7386fc4a..654fbae3 100644 --- a/skills/active-directory-attacks/SKILL.md +++ b/skills/active-directory-attacks/SKILL.md @@ -1,6 +1,9 @@ --- name: Active Directory Attacks description: This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing. +metadata: + author: zebbern + version: "1.1" --- # Active Directory Attacks diff --git a/skills/api-fuzzing-bug-bounty/SKILL.md b/skills/api-fuzzing-bug-bounty/SKILL.md index f2e52c61..7f5f17cd 100644 --- a/skills/api-fuzzing-bug-bounty/SKILL.md +++ b/skills/api-fuzzing-bug-bounty/SKILL.md @@ -1,6 +1,9 @@ --- name: API Fuzzing for Bug Bounty description: This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques. +metadata: + author: zebbern + version: "1.1" --- # API Fuzzing for Bug Bounty diff --git a/skills/aws-penetration-testing/SKILL.md b/skills/aws-penetration-testing/SKILL.md index b3d7cd9b..644bdc1d 100644 --- a/skills/aws-penetration-testing/SKILL.md +++ b/skills/aws-penetration-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: AWS Penetration Testing description: This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment. +metadata: + author: zebbern + version: "1.1" --- # AWS Penetration Testing diff --git a/skills/broken-authentication/SKILL.md b/skills/broken-authentication/SKILL.md index 908919c1..ff3c8cd8 100644 --- a/skills/broken-authentication/SKILL.md +++ b/skills/broken-authentication/SKILL.md @@ -1,6 +1,9 @@ --- name: Broken Authentication Testing description: This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications. +metadata: + author: zebbern + version: "1.1" --- # Broken Authentication Testing diff --git a/skills/burp-suite-testing/SKILL.md b/skills/burp-suite-testing/SKILL.md index 67b6b29c..cb97ab42 100644 --- a/skills/burp-suite-testing/SKILL.md +++ b/skills/burp-suite-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: Burp Suite Web Application Testing description: This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing. +metadata: + author: zebbern + version: "1.1" --- # Burp Suite Web Application Testing diff --git a/skills/cloud-penetration-testing/SKILL.md b/skills/cloud-penetration-testing/SKILL.md index b065f113..dd91a0ae 100644 --- a/skills/cloud-penetration-testing/SKILL.md +++ b/skills/cloud-penetration-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: Cloud Penetration Testing description: This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms. +metadata: + author: zebbern + version: "1.1" --- # Cloud Penetration Testing diff --git a/skills/ethical-hacking-methodology/SKILL.md b/skills/ethical-hacking-methodology/SKILL.md index cef277a4..999334d7 100644 --- a/skills/ethical-hacking-methodology/SKILL.md +++ b/skills/ethical-hacking-methodology/SKILL.md @@ -1,6 +1,9 @@ --- name: Ethical Hacking Methodology description: This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques. +metadata: + author: zebbern + version: "1.1" --- # Ethical Hacking Methodology diff --git a/skills/file-path-traversal/SKILL.md b/skills/file-path-traversal/SKILL.md index b2e35f00..af4fa47b 100644 --- a/skills/file-path-traversal/SKILL.md +++ b/skills/file-path-traversal/SKILL.md @@ -1,6 +1,9 @@ --- name: File Path Traversal Testing description: This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies. +metadata: + author: zebbern + version: "1.1" --- # File Path Traversal Testing diff --git a/skills/html-injection-testing/SKILL.md b/skills/html-injection-testing/SKILL.md index c547948b..afc3b660 100644 --- a/skills/html-injection-testing/SKILL.md +++ b/skills/html-injection-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: HTML Injection Testing description: This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies. +metadata: + author: zebbern + version: "1.1" --- # HTML Injection Testing diff --git a/skills/idor-testing/SKILL.md b/skills/idor-testing/SKILL.md index 13c354ed..945e16d0 100644 --- a/skills/idor-testing/SKILL.md +++ b/skills/idor-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: IDOR Vulnerability Testing description: This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications. +metadata: + author: zebbern + version: "1.1" --- # IDOR Vulnerability Testing diff --git a/skills/linux-privilege-escalation/SKILL.md b/skills/linux-privilege-escalation/SKILL.md index 15b652d6..39db53b2 100644 --- a/skills/linux-privilege-escalation/SKILL.md +++ b/skills/linux-privilege-escalation/SKILL.md @@ -1,6 +1,9 @@ --- name: Linux Privilege Escalation description: This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". It provides comprehensive techniques for identifying and exploiting privilege escalation paths on Linux systems. +metadata: + author: zebbern + version: "1.1" --- # Linux Privilege Escalation diff --git a/skills/linux-shell-scripting/SKILL.md b/skills/linux-shell-scripting/SKILL.md index 255bcfc1..e0fd143a 100644 --- a/skills/linux-shell-scripting/SKILL.md +++ b/skills/linux-shell-scripting/SKILL.md @@ -1,6 +1,9 @@ --- name: Linux Production Shell Scripts description: This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration. +metadata: + author: zebbern + version: "1.1" --- # Linux Production Shell Scripts diff --git a/skills/metasploit-framework/SKILL.md b/skills/metasploit-framework/SKILL.md index b7c860af..2282770a 100644 --- a/skills/metasploit-framework/SKILL.md +++ b/skills/metasploit-framework/SKILL.md @@ -1,6 +1,9 @@ --- name: Metasploit Framework description: This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments. +metadata: + author: zebbern + version: "1.1" --- # Metasploit Framework diff --git a/skills/network-101/SKILL.md b/skills/network-101/SKILL.md index 357f979a..6db8ec59 100644 --- a/skills/network-101/SKILL.md +++ b/skills/network-101/SKILL.md @@ -1,6 +1,9 @@ --- name: Network 101 description: This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs. +metadata: + author: zebbern + version: "1.1" --- # Network 101 diff --git a/skills/pentest-checklist/SKILL.md b/skills/pentest-checklist/SKILL.md index f02c9b19..bbf7ff77 100644 --- a/skills/pentest-checklist/SKILL.md +++ b/skills/pentest-checklist/SKILL.md @@ -1,6 +1,9 @@ --- name: Pentest Checklist description: This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements. +metadata: + author: zebbern + version: "1.1" --- # Pentest Checklist diff --git a/skills/pentest-commands/SKILL.md b/skills/pentest-commands/SKILL.md index da2b5f4a..5fdf22aa 100644 --- a/skills/pentest-commands/SKILL.md +++ b/skills/pentest-commands/SKILL.md @@ -1,6 +1,9 @@ --- name: Pentest Commands description: This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references. +metadata: + author: zebbern + version: "1.1" --- # Pentest Commands diff --git a/skills/privilege-escalation-methods/SKILL.md b/skills/privilege-escalation-methods/SKILL.md index 1f8a3579..bfe17dc5 100644 --- a/skills/privilege-escalation-methods/SKILL.md +++ b/skills/privilege-escalation-methods/SKILL.md @@ -1,6 +1,9 @@ --- name: Privilege Escalation Methods description: This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems. +metadata: + author: zebbern + version: "1.1" --- # Privilege Escalation Methods diff --git a/skills/red-team-tools/SKILL.md b/skills/red-team-tools/SKILL.md index a5b26b9e..e3d2e677 100644 --- a/skills/red-team-tools/SKILL.md +++ b/skills/red-team-tools/SKILL.md @@ -1,6 +1,9 @@ --- name: Red Team Tools and Methodology description: This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters. +metadata: + author: zebbern + version: "1.1" --- # Red Team Tools and Methodology diff --git a/skills/scanning-tools/SKILL.md b/skills/scanning-tools/SKILL.md index 518186cd..b784b60f 100644 --- a/skills/scanning-tools/SKILL.md +++ b/skills/scanning-tools/SKILL.md @@ -1,6 +1,9 @@ --- name: Security Scanning Tools description: This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies. +metadata: + author: zebbern + version: "1.1" --- # Security Scanning Tools diff --git a/skills/shodan-reconnaissance/SKILL.md b/skills/shodan-reconnaissance/SKILL.md index ae88845c..3bb1bdaf 100644 --- a/skills/shodan-reconnaissance/SKILL.md +++ b/skills/shodan-reconnaissance/SKILL.md @@ -1,6 +1,9 @@ --- name: Shodan Reconnaissance and Pentesting description: This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using Shodan," "scan IP ranges with Shodan," or "discover IoT devices and open ports." It provides comprehensive guidance for using Shodan's search engine, CLI, and API for penetration testing reconnaissance. +metadata: + author: zebbern + version: "1.1" --- # Shodan Reconnaissance and Pentesting diff --git a/skills/smtp-penetration-testing/SKILL.md b/skills/smtp-penetration-testing/SKILL.md index c82b5d68..980d5052 100644 --- a/skills/smtp-penetration-testing/SKILL.md +++ b/skills/smtp-penetration-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: SMTP Penetration Testing description: This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security. +metadata: + author: zebbern + version: "1.1" --- # SMTP Penetration Testing diff --git a/skills/sql-injection-testing/SKILL.md b/skills/sql-injection-testing/SKILL.md index 55f5a2a2..f51e5f24 100644 --- a/skills/sql-injection-testing/SKILL.md +++ b/skills/sql-injection-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: SQL Injection Testing description: This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems. +metadata: + author: zebbern + version: "1.1" --- # SQL Injection Testing diff --git a/skills/sqlmap-database-pentesting/SKILL.md b/skills/sqlmap-database-pentesting/SKILL.md index a2acfabd..eb682bf7 100644 --- a/skills/sqlmap-database-pentesting/SKILL.md +++ b/skills/sqlmap-database-pentesting/SKILL.md @@ -1,6 +1,9 @@ --- name: SQLMap Database Penetration Testing description: This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities. +metadata: + author: zebbern + version: "1.1" --- # SQLMap Database Penetration Testing diff --git a/skills/ssh-penetration-testing/SKILL.md b/skills/ssh-penetration-testing/SKILL.md index 1f708d80..9cc9f998 100644 --- a/skills/ssh-penetration-testing/SKILL.md +++ b/skills/ssh-penetration-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: SSH Penetration Testing description: This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques. +metadata: + author: zebbern + version: "1.1" --- # SSH Penetration Testing diff --git a/skills/top-web-vulnerabilities/SKILL.md b/skills/top-web-vulnerabilities/SKILL.md index 3120fc7b..ecbbcc1b 100644 --- a/skills/top-web-vulnerabilities/SKILL.md +++ b/skills/top-web-vulnerabilities/SKILL.md @@ -1,6 +1,9 @@ --- name: Top 100 Web Vulnerabilities Reference description: This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories. +metadata: + author: zebbern + version: "1.1" --- # Top 100 Web Vulnerabilities Reference diff --git a/skills/windows-privilege-escalation/SKILL.md b/skills/windows-privilege-escalation/SKILL.md index 5f7534b3..bc014a83 100644 --- a/skills/windows-privilege-escalation/SKILL.md +++ b/skills/windows-privilege-escalation/SKILL.md @@ -1,6 +1,9 @@ --- name: Windows Privilege Escalation description: This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments. +metadata: + author: zebbern + version: "1.1" --- # Windows Privilege Escalation diff --git a/skills/wireshark-analysis/SKILL.md b/skills/wireshark-analysis/SKILL.md index 7a5d5f5e..9269ce18 100644 --- a/skills/wireshark-analysis/SKILL.md +++ b/skills/wireshark-analysis/SKILL.md @@ -1,6 +1,9 @@ --- name: Wireshark Network Traffic Analysis description: This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark. +metadata: + author: zebbern + version: "1.1" --- # Wireshark Network Traffic Analysis diff --git a/skills/wordpress-penetration-testing/SKILL.md b/skills/wordpress-penetration-testing/SKILL.md index a83ce657..0c70bb82 100644 --- a/skills/wordpress-penetration-testing/SKILL.md +++ b/skills/wordpress-penetration-testing/SKILL.md @@ -1,6 +1,9 @@ --- name: WordPress Penetration Testing description: This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies. +metadata: + author: zebbern + version: "1.1" --- # WordPress Penetration Testing diff --git a/skills/xss-html-injection/SKILL.md b/skills/xss-html-injection/SKILL.md index ace79f3d..cdde5603 100644 --- a/skills/xss-html-injection/SKILL.md +++ b/skills/xss-html-injection/SKILL.md @@ -1,6 +1,9 @@ --- name: Cross-Site Scripting and HTML Injection Testing description: This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications. +metadata: + author: zebbern + version: "1.1" --- # Cross-Site Scripting and HTML Injection Testing