MCP App StoreMCP App Store
from decepticon4,318
Directory, vhost and API enumeration hub with CMS scanning, WAF detection, auth mapping and cookie auditing — a reconnaissance orchestration skillset.
This skill organizes web-application reconnaissance into a hub of focused sub-skills. It documents workflows for directory and vhost discovery, API endpoint fuzzing, CMS fingerprinting, WAF detection, authentication-surface mapping, and cookie/session audits. The SKILL.md provides orchestration rules, deduplication patterns for HTTP probes, and output file conventions for downstream analysis.
Use when conducting authorized web application security testing or research where automated enumeration is required. It is intended for controlled pentesting contexts — do not run against targets without permission. The skill is a coordinator that loads specialized sub-skills depending on tags like sqli, lfi, or auth.
Intended for advanced agent frameworks and tooling used in security research (autonomous pentest agents, langchain-driven orchestrators, or other recon-capable agents). Use only in authorized environments.
This skill has not been reviewed by our automated audit pipeline yet.
Scanner Skill — Decepticon
High-volume codebase scanner that shards work, ranks suspicious locations, and promotes a concise set of candidates for deeper analysis.
AD Overview (Decepticon)
Playbook and workflows for Active Directory offensive operations: BloodHound ingestion, Kerberoasting, ADCS ESC scanning, DCSync and LAPS extraction.
APT29 (Cozy Bear) Adversary Emulation Profile
Adversary-emulation profile that maps APT29 (Cozy Bear) ATT&CK TTPs to Decepticon tooling for realistic, cloud- and identity-focused red-team exercises.
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.
radar — Smart Contract AST & Security Analysis
Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.