HACK.SKILLS - Hacker Arsenal for Agents

English | 中文

Master Entry → Category Entries → Deep Topic Skills
One master entry, six category entries, and 100 deep topic skills across 14 security domains.

An Agent Skills knowledge base covering web security, API security, authentication & authorization, OS privilege escalation (Linux/Windows/macOS), Active Directory attacks, mobile security, binary exploitation (Pwn), reverse engineering, cryptography attacks, blockchain & smart contract security, AI/ML & LLM security, network protocols & pivoting, and digital forensics — built for bug bounty, penetration testing, CTF competitions, and authorized security research.

The current branch has converged to a standard directory structure: every skill lives in its own directory, uniformly using skills/{semantic-identifier}/SKILL.md. The design goal is not to expose every minor tip as an entry point, but to compress what the loader truly needs to see into one master entry, six category entries, and deep topic skills drilled down on demand.

The objective is straightforward: organize security knowledge that is genuinely useful in real engagements and easy to audit and maintain into a set of installable, searchable, and composable HackSkills.

Knowledge Sources & Distillation Boundaries

This repository is not a mirror of external materials — it is a distillation layer aimed at Agents.

Primary reference sources (all publicly available, used strictly for educational distillation):

Source	What It Provides	How We Use It
`swisskyrepo/PayloadsAllTheThings`	64 vulnerability categories, payload families, bypass techniques, exploit chains	Distilled into scenario-based indices, method matrices, per-engine/per-database payload sections
`PentesterSpecialDict`	OS-specific payload dictionaries, Java middleware path fuzzing lists, file extension databases	Distilled into parameter naming patterns, endpoint frequency tables, middleware fingerprint matrices
`Dictionary-Of-Pentesting`	BugBounty bypass techniques (12 topics), cloud metadata endpoints, XXE payload collections, one-liner toolchains	Distilled into bypass pattern matrices, cloud metadata endpoint tables, WAF vendor bypass sections
`Hello-CTF`	CTF web security tutorials with hands-on tricks for PHP/Python/Java challenges	Distilled into CTF-specific technique sections (handler bypass, filter chain tricks, Flask PIN)
`ctf-wiki`	CTF competition knowledge base covering Pwn, Crypto, Reverse Engineering, Forensics, and Misc	Distilled into binary exploitation techniques (stack/heap/kernel), crypto attack patterns (RSA/lattice/symmetric), RE methodology, steganography, and traffic analysis skills
`hacktricks`	Penetration testing encyclopedia covering web tricks, Linux/Windows/macOS privilege escalation, Active Directory, containers, mobile, and AI security	Distilled into OS-specific privilege escalation playbooks, AD attack chains (Kerberos/ACL/ADCS), mobile pentesting checklists, container escape techniques, and network pivoting strategies
Public security research papers and CVE advisories	Methodology frameworks, vulnerability pattern taxonomies, statistical distributions	Distilled into attack pattern matrices, systematic testing checklists, decision trees

Processing principles:

No direct copying of large dictionaries or full payload lists.
Prioritize distilling into routable, composable, and auditable security skills.
Use small, stable samples, taxonomies, and cross-references to improve Agent stability in real security scenarios.
No customer-specific information, no vendor-identifiable case details, purely educational methodology.

Quick Start

The preferred entry point is hack:

npx skills add yaklang/hack-skills

If your tooling supports pulling a single SKILL.md directly, you can also use:

frontmatter name: hack
raw URL: https://raw.githubusercontent.com/yaklang/hack-skills/main/skills/hack/SKILL.md

After installing, the recommended order is simple: start from the master entry, then move into category entries, and only then drill into deep topic skills.

Loader Priority

Layer	Role	Recommended Exposure	Representative Skill
Master Entry	Global routing, test sequencing, cross-category switching	Expose first	hack
Category Entry	Route by attack surface to stable topic families	Expose first	recon-for-sec, api-sec, auth-sec
Deep Topic	Provide complete attack playbooks and execution details	Load on demand	xss-cross-site-scripting, sqli-sql-injection

Main Entry Points

Type	Skill	Purpose	When to Use First
Master Entry	hack	Global routing, phase assessment, cross-category switching	New target, unknown attack surface
Category Entry	recon-for-sec	Asset discovery, technology identification	Just received the target
Category Entry	api-sec	REST, GraphQL, mobile backend routing	Observed API interfaces
Category Entry	auth-sec	Authentication, sessions, OAuth, JWT, authorization	Login, tokens, object IDs
Category Entry	injection-checking	XSS, SQLi, SSRF, XXE, SSTI, CMDi, NoSQL routing	Input enters interpreter
Category Entry	file-access-vuln	Upload, download, LFI, path control	File operations
Category Entry	business-logic-vuln	Race conditions, pricing, workflow, state machines	Business process testing

Complete Skill Index (100 Skills)

Reconnaissance & Methodology

Skill	SKILL.md	SCENARIOS.md	Key Content
hack	161 lines	-	Master router, phenomenon-to-skill mapping, expert intuitions
recon-for-sec	28 lines	-	Category router for reconnaissance phase
recon-and-methodology	389 lines	-	Methodology framework, Java middleware fingerprint matrix, leak detection checklist

API Security

Skill	SKILL.md	SCENARIOS.md	Key Content
api-sec	48 lines	-	Category router for API testing
api-recon-and-docs	60 lines	-	API discovery, OpenAPI/Swagger, hidden endpoints
api-authorization-and-bola	47 lines	-	BOLA/BFLA, mass assignment, object-level authz
api-auth-and-jwt-abuse	75 lines	-	JWT attacks, API key abuse, token manipulation
graphql-and-hidden-parameters	49 lines	-	GraphQL introspection, batching, hidden param discovery

Authentication & Authorization

Skill	SKILL.md	SCENARIOS.md	Key Content
auth-sec	40 lines	-	Category router for auth testing
authbypass-authentication-flaws	441 lines	-	Password reset 22-pattern matrix, captcha bypass 20 methods, insecure randomness (UUID v1/mt_rand/ObjectId)
jwt-oauth-token-attacks	301 lines	-	JWT alg confusion, key confusion, claim tampering, JWKS abuse
oauth-oidc-misconfiguration	45 lines	-	OAuth flow hijacking, OIDC misconfiguration
saml-sso-assertion-attacks	40 lines	-	SAML assertion manipulation, SSO bypass
idor-broken-object-authorization	336 lines	-	8-category systematic IDOR testing, ORM filter chain leaks (Django/Prisma/Ransack)

Injection Attacks

Skill	SKILL.md	SCENARIOS.md	Key Content
injection-checking	49 lines	-	Category router for injection testing
xss-cross-site-scripting	368 lines	278 lines	Polyglot payloads, WAF bypass by vendor (Cloudflare/Akamai/Incapsula/WordFence), CSP bypass, DOM clobbering, CSS injection data exfiltration
sqli-sql-injection	475 lines	575 lines	DB2/Cassandra/BigQuery/SQLite specifics, SQLite RCE, WAF bypass matrix, CTF techniques (handler/prepare/innodb)
ssrf-server-side-request-forgery	314 lines	226 lines	Cloud metadata 6-platform matrix, DNS rebinding, headless browser attacks, Gopher/Redis RCE chain
ssti-server-side-template-injection	340 lines	319 lines	15+ engine coverage (Jinja2/Twig/Pug/Handlebars/EJS/Razor/EEx/Smarty), blind SSTI, Flask PIN calculation
cmdi-command-injection	494 lines	-	WAF bypass (wildcards/xor/base64), PHP disable_functions 6 bypass paths, component RCE (ImageMagick/FFmpeg/ES)
nosql-injection	341 lines	-	Blind extraction automation scripts, duplicate key bypass, aggregation pipeline injection, $where JS execution
xxe-xml-external-entity	326 lines	112 lines	Local DTD injection (17+ paths for Windows/Linux/JAR), blind XXE, Gopher/FTP OOB
deserialization-insecure	714 lines	-	Java/PHP/Python + Ruby Marshal/YAML chains, .NET BinaryFormatter/ViewState/JSON.NET, Node.js node-serialize/funcster
expression-language-injection	243 lines	-	SpEL, OGNL, Java EL injection with RCE chains
jndi-injection	265 lines	-	JNDI/LDAP/RMI exploitation, Log4Shell patterns
crlf-injection	175 lines	-	Header injection, HTTP response splitting
request-smuggling	298 lines	-	CL.TE/TE.CL/TE.TE with 8 obfuscation variants, HTTP/2 downgrade, client-side desync
prototype-pollution	190 lines	-	Express black-box probing keys, EJS/Kibana gadget chains, CVE-2019-7609
type-juggling	291 lines	-	PHP loose comparison table, magic hash (MD5/SHA1/SHA256), HMAC 0e brute-force, CTF patterns
http-parameter-pollution	208 lines	-	Server behavior matrix (9 platforms), HPP+WAF bypass combos
xslt-injection	281 lines	-	Three RCE chains (PHP/Java/.NET), EXSLT file write, vendor detection
csv-formula-injection	144 lines	-	DDE/rundll32 payloads, Google Sheets IMPORT* exfiltration

File & Path Attacks

Skill	SKILL.md	SCENARIOS.md	Key Content
file-access-vuln	32 lines	-	Category router for file access testing
path-traversal-lfi	603 lines	-	LFI-to-RCE 7 paths, PHP wrapper matrix (filter chains/oracle/phar), pearcmd 4 methods, parameter naming dictionary
upload-insecure-files	287 lines	158 lines	Success rate formula, editor path matrix, validation defect 5-dimension taxonomy, IIS/Apache/Nginx parsing tricks

Business Logic & Session

Skill	SKILL.md	SCENARIOS.md	Key Content
business-logic-vuln	32 lines	-	Category router for business logic testing
business-logic-vulnerabilities	339 lines	298 lines	Payment manipulation matrix (10 attacks), state machine bypass methodology, coupon/stock race
race-condition	286 lines	-	TOCTOU model, HTTP/1.1 last-byte sync, HTTP/2 single-packet attack, Turbo Intruder templates, CVE-2022-4037
csrf-cross-site-request-forgery	324 lines	-	JSON CSRF 3 techniques, multipart upload CSRF, CSPT2CSRF modern variant
clickjacking	163 lines	-	Frame-based attacks, X-Frame-Options/CSP bypass
cors-cross-origin-misconfiguration	50 lines	152 lines	Origin reflection, null origin, subdomain trust abuse
open-redirect	184 lines	-	Redirect chain abuse, tabnabbing (reverse tabnabbing)
web-cache-deception	211 lines	-	Path confusion, cache key manipulation

Advanced Web Security

Skill	Key Content
subdomain-takeover	Dangling DNS records (CNAME/NS/A), cloud service fingerprinting, verification bypass, multi-provider takeover playbooks
waf-bypass-techniques	Encoding chains, chunked transfer tricks, HTTP smuggling for WAF evasion, vendor-specific bypass matrices (Cloudflare/AWS WAF/Akamai/ModSecurity)
csp-bypass-advanced	Script gadgets, base-uri abuse, JSONP callback injection, trusted CDN exploitation, CSP nonce/hash leak, strict-dynamic bypass
http-host-header-attacks	Password reset poisoning, web cache poisoning via Host, routing-based SSRF, absolute-URL override tricks
dangling-markup-injection	HTML injection for data exfiltration without JavaScript, img/form/base tag abuse, CSP-safe data theft
dns-rebinding-attacks	DNS rebinding for internal network access, TTL manipulation, same-origin policy bypass, browser mitigation evasion
email-header-injection	SMTP header injection, CC/BCC manipulation, mail relay abuse, phishing via injected headers
http2-specific-attacks	HTTP/2 request smuggling (H2.CL/H2.TE), HPACK header compression attacks, stream multiplexing abuse, HTTP/2→HTTP/1.1 downgrade
prototype-pollution-advanced	Server-side gadget chain discovery, framework-specific PP→RCE (Express/Fastify/Next.js), AST injection, prototype poisoning in build tools
401-403-bypass-techniques	Path normalization tricks, HTTP verb tampering, header-based bypass (X-Original-URL/X-Rewrite-URL), proxy misconfiguration, IP-based ACL evasion

Infrastructure & Network

Skill	Key Content
unauthorized-access-common-services	Service exposure checklist, reverse proxy misconfiguration (Nginx off-by-slash, X-Forwarded-For trust, Caddy template injection)
insecure-source-code-management	.git/.svn/.hg/.bzr recovery, 403 vs 404 detection, backup file patterns
dependency-confusion	npm/pip/gem public registry hijacking, manifest identification, scope/namespace defense
websocket-security	CSWSH, Origin validation, wsrepl/ws-harness tooling
network-protocol-attacks	ARP spoofing, DNS poisoning, LLMNR/NBT-NS poisoning, DHCP starvation, IPv6 attacks, protocol-level MitM
tunneling-and-pivoting	SSH tunneling (local/remote/dynamic), SOCKS proxy chains, chisel/ligolo-ng, port forwarding, DNS/ICMP tunneling
reverse-shell-techniques	Multi-language shell generation, encrypted reverse shells (OpenSSL/ncat), staged/stageless payloads, firewall evasion, web shells

Linux & Container Security

Skill	Key Content
linux-privilege-escalation	SUID/SGID abuse, kernel exploits, sudo misconfig, cron jobs, Linux Capabilities, writable service files, NFS no_root_squash
container-escape-techniques	Docker socket abuse, privileged container escape, cgroup breakout, runc vulnerabilities, mounted sensitive paths
linux-security-bypass	SELinux/AppArmor bypass, seccomp filter evasion, namespace abuse, LD_PRELOAD tricks
linux-lateral-movement	SSH key harvesting, credential reuse, service exploitation, NFS/shared mount abuse, cron-based persistence
kubernetes-pentesting	Pod security policy bypass, RBAC abuse, ServiceAccount token theft, etcd access, container image backdoors, kubelet API

Windows & Active Directory

Skill	Key Content
windows-privilege-escalation	Token manipulation, service misconfig, DLL hijacking, UAC bypass, AlwaysInstallElevated, unquoted service paths, PrintSpoofer/Potato
active-directory-kerberos-attacks	Kerberoasting, AS-REP Roasting, Golden/Silver Ticket, delegation abuse (unconstrained/constrained/RBCD), Diamond Ticket
active-directory-acl-abuse	ACL/DACL exploitation, DCSync, object ownership abuse, WriteDACL/GenericAll/GenericWrite attack paths, BloodHound integration
active-directory-certificate-services	ESC1–ESC8 attack patterns, certificate template abuse, PKINIT exploitation, Shadow Credentials, CA persistence
ntlm-relay-coercion	PetitPotam, PrinterBug, NTLM relay chains, coercion techniques, WebDAV relay, NTLM downgrade
windows-lateral-movement	PsExec, WMI, WinRM, DCOM, Pass-the-Hash/Pass-the-Ticket, RDP hijacking, scheduled tasks, service deployment
windows-av-evasion	AMSI bypass, ETW patching, API unhooking, shellcode loaders, Living-off-the-Land (LOLBins), payload encryption/obfuscation

macOS Security

Skill	Key Content
macos-security-bypass	Gatekeeper bypass, TCC abuse, SIP/AMFI considerations, LaunchAgent/LaunchDaemon persistence, quarantine flag evasion
macos-process-injection	Dylib injection/hijacking, task_for_pid, XPC exploitation, Electron app injection, DYLD_INSERT_LIBRARIES

Mobile Security

Skill	Key Content
android-pentesting-tricks	APK analysis & reverse engineering, Frida hooking, Intent exploitation, root detection bypass, Content Provider leaks, WebView attacks
ios-pentesting-tricks	IPA analysis, Objective-C runtime manipulation, jailbreak detection bypass, Keychain access, URL scheme abuse, binary protections
mobile-ssl-pinning-bypass	Certificate pinning bypass for Android/iOS, Frida/Objection scripts, dynamic instrumentation, network security config manipulation

Binary Exploitation (Pwn)

Skill	Key Content
stack-overflow-and-rop	Buffer overflow, ROP chain construction, ret2libc, SROP (Sigreturn-Oriented Programming), stack pivoting, one-gadget
heap-exploitation	Use-after-free, double free, tcache poisoning, fastbin attack, House of series techniques, safe-linking bypass
format-string-exploitation	Format string read/write primitives, GOT overwrite, arbitrary address write, FORTIFY_SOURCE bypass
kernel-exploitation	Kernel ROP, ret2usr, SMEP/SMAP/KPTI bypass, kernel race conditions, modprobe_path overwrite, msg_msg exploitation
browser-exploitation-v8	V8 engine exploitation, JIT compilation bugs, type confusion, OOB read/write, sandbox escape chains, wasm abuse
sandbox-escape-techniques	Browser sandbox escape, seccomp bypass, IPC abuse, kernel exploitation for sandbox breakout, policy file manipulation
binary-protection-bypass	ASLR/NX/PIE/Canary/Full RELRO bypass techniques, information leak exploitation, partial overwrite, GOT dereference
arbitrary-write-to-rce	Write primitive to code execution (GOT/__free_hook/__malloc_hook), FSOP, _IO_FILE exploitation, exit handler overwrite

Reverse Engineering

Skill	Key Content
anti-debugging-techniques	ptrace detection, timing checks, self-modifying code, anti-VM techniques, debug flag inspection, exception-based anti-debug
code-obfuscation-deobfuscation	Control flow flattening, opaque predicates, string encryption, obfuscation tool analysis (OLLVM/Themida/VMProtect), automated deobfuscation
symbolic-execution-tools	angr, Z3, Triton for automated vulnerability discovery, constraint solving, path exploration, concolic execution
vm-and-bytecode-reverse	Custom VM/bytecode analysis, Python/Java/.NET decompilation, VM handler reconstruction, opcode mapping

Cryptography Attacks

Skill	Key Content
rsa-attack-techniques	Wiener attack, Boneh-Durfee, Hastad broadcast, common modulus, Coppersmith (small roots), Franklin-Reiter, padding oracle (PKCS#1 v1.5)
symmetric-cipher-attacks	Padding oracle (CBC), bit-flipping, ECB cut-and-paste, meet-in-the-middle, known-plaintext, IV reuse exploitation
lattice-crypto-attacks	LLL/BKZ lattice reduction, Hidden Number Problem, NTRU attacks, CVP/SVP solving, knapsack cryptosystem attacks
hash-attack-techniques	Length extension attack, birthday attack, hash collision exploitation, bcrypt/scrypt/argon2 analysis, HMAC timing
classical-cipher-analysis	Frequency analysis, Vigenère/Kasiski, Hill cipher, substitution cipher, transposition cipher, Enigma-style analysis, automated solving

Blockchain & Smart Contract

Skill	SKILL.md	Supplementary	Key Content
smart-contract-vulnerabilities	314 lines	460 lines	Reentrancy (4 variants), integer overflow, delegatecall storage collision, signature replay, CREATE2 exploitation, flash loan patterns
defi-attack-patterns	355 lines	-	Flash loan oracle manipulation, MEV sandwich/JIT/liquidation, first depositor vault attack, governance flash borrow, bridge exploits, fee-on-transfer tokens

AI/ML & LLM Security

Skill	SKILL.md	Supplementary	Key Content
llm-prompt-injection	357 lines	306 lines	Direct/indirect injection, RAG poisoning, tool/function abuse, markdown exfiltration, MCP security risks, encoding bypass
ai-ml-security	425 lines	-	Pickle RCE in model files, adversarial examples (FGSM/PGD/C&W), training data poisoning, model extraction, membership inference, agent security

Forensics & Steganography

Skill	Key Content
memory-forensics-volatility	Volatility framework, process/module analysis, network artifact extraction, malware detection, registry hive analysis, timeline reconstruction
steganography-techniques	LSB extraction, file format analysis, audio/image stego tools (zsteg/stegsolve/steghide), EXIF metadata, multi-layer embedding
traffic-analysis-pcap	Wireshark/tshark analysis, protocol dissection, data extraction from captures, encrypted traffic identification, stream reconstruction

Skill Selection Guide

Symptom	Recommended Entry	Notes
New target, insufficient information	recon-for-sec	Start with methodology and asset understanding
REST API, GraphQL, mobile backend	api-sec	Route to recon, authz, token, or GraphQL
Login, password reset, 2FA, JWT, OAuth	auth-sec	Distinguish auth, authz, and protocol config
HTML/JS reflection, template expressions	injection-checking	Determine XSS, SQLi, SSRF, XXE, SSTI first
File paths, downloads, uploads	file-access-vuln	Distinguish LFI/Traversal from Upload
Coupons, payments, state machines	business-logic-vuln	Model by business rules and race conditions
HTTP parsing anomalies	request-smuggling	Front/back-end framing disagreement
Node.js `__proto__` controllable	prototype-pollution	Client-side PP→XSS, Server-side PP→RCE
PHP weak comparison, 0e hash	type-juggling	Loose comparison auth bypass
.git/.svn/.env path accessible	insecure-source-code-management	Source code recovery
Internal package names in manifests	dependency-confusion	Supply chain hijacking
WebSocket protocol upgrade	websocket-security	CSWSH and WS injection
CSV/Excel export functionality	csv-formula-injection	DDE injection in exports
One-time operations (coupons, rewards)	race-condition	Limit-overrun via concurrent requests
Smart contract, Solidity, EVM audit	smart-contract-vulnerabilities	Reentrancy, overflow, access control, delegatecall
DeFi protocol, flash loan, oracle, MEV	defi-attack-patterns	Flash loan, sandwich, governance, bridge
LLM, chatbot, prompt injection, RAG	llm-prompt-injection	Direct/indirect injection, tool abuse, MCP
ML model, adversarial, model poisoning	ai-ml-security	Supply chain, adversarial examples, extraction, agents
WAF blocking payloads	waf-bypass-techniques	Encoding, chunked transfer, vendor-specific evasion
Subdomain dangling CNAME/DNS	subdomain-takeover	Cloud service takeover, NS delegation hijacking
CSP blocking XSS execution	csp-bypass-advanced	Script gadgets, JSONP, trusted CDN, strict-dynamic
401/403 on target endpoint	401-403-bypass-techniques	Path normalization, verb tampering, header tricks
HTTP/2 protocol endpoint	http2-specific-attacks	H2 smuggling, HPACK abuse, downgrade attacks
Linux host, SUID/sudo present	linux-privilege-escalation	Kernel, SUID, cron, capabilities, services
Docker/Kubernetes environment	container-escape-techniques	Docker socket, privileged escape, cgroup breakout
Kubernetes cluster access	kubernetes-pentesting	RBAC abuse, SA token, etcd, pod security bypass
Windows host, local admin needed	windows-privilege-escalation	Token, service, DLL hijack, UAC, Potato attacks
Active Directory, domain joined	active-directory-kerberos-attacks	Kerberoast, AS-REP roast, Golden/Silver Ticket
AD CS, certificate templates	active-directory-certificate-services	ESC1–ESC8, template abuse, Shadow Credentials
NTLM hash, relay opportunity	ntlm-relay-coercion	PetitPotam, PrinterBug, relay chains
Windows AV/EDR blocking execution	windows-av-evasion	AMSI bypass, unhooking, LOLBins, payload obfuscation
macOS endpoint access	macos-security-bypass	Gatekeeper, TCC, SIP considerations
Android/iOS application testing	android-pentesting-tricks	APK analysis, Frida, Intent, root detection bypass
SSL pinning blocking proxy	mobile-ssl-pinning-bypass	Frida/Objection scripts, dynamic instrumentation
Binary/ELF/PE exploitation	stack-overflow-and-rop	Buffer overflow, ROP, ret2libc, SROP
Heap corruption, UAF	heap-exploitation	tcache/fastbin attacks, House of techniques
Kernel-level exploitation	kernel-exploitation	Kernel ROP, SMEP/SMAP bypass, modprobe_path
Browser 0-day, V8/JSC	browser-exploitation-v8	JIT bugs, type confusion, sandbox escape
Obfuscated/packed binary	code-obfuscation-deobfuscation	Control flow, opaque predicates, VM protection
CTF crypto challenge (RSA)	rsa-attack-techniques	Wiener, Coppersmith, common modulus, padding oracle
CTF crypto challenge (AES/DES)	symmetric-cipher-attacks	Padding oracle, bit-flip, ECB mode attacks
CTF crypto challenge (lattice)	lattice-crypto-attacks	LLL/BKZ, Hidden Number Problem, knapsack
CTF classical cipher	classical-cipher-analysis	Frequency analysis, Vigenère, substitution
Memory dump analysis	memory-forensics-volatility	Volatility, process/network analysis, malware detect
Hidden data in images/audio	steganography-techniques	LSB, format analysis, stego tools
PCAP traffic capture	traffic-analysis-pcap	Wireshark, protocol dissection, stream extraction
Need to pivot through network	tunneling-and-pivoting	SSH tunnel, SOCKS proxy, chisel/ligolo-ng
Need reverse shell on target	reverse-shell-techniques	Multi-language shells, encrypted, staged payloads

Installation

General Installation

npx skills add yaklang/hack-skills

Raw URL Installation

curl -fsSL https://raw.githubusercontent.com/yaklang/hack-skills/main/skills/hack/SKILL.md

Local Use as a Knowledge Base

git clone https://github.com/yaklang/hack-skills.git
cd hack-skills

Design Principles

Security knowledge takes priority over fancy packaging.
Content auditability takes priority over quantity expansion.
Prioritize authorized testing, legitimate research, and defensive verification scenarios.
Directory names should convey security semantics at a glance.
No customer-specific information; all content is generic methodology for educational use.

Contributing

PRs are welcome. Key areas include:

New vulnerability categories and high-value cases
Better bug bounty and penetration testing methodologies
OS-specific privilege escalation paths and AD attack chains
CTF challenge techniques (Pwn, Crypto, RE, Forensics)
Edge conditions that Agents easily overlook
Risk annotations, terminology consistency, and content denoising

Contributions should ideally be verifiable, auditable, and helpful for Agents to reason and execute more robustly in real tasks.