recon-skills: An Open‑Source Library of 156 Penetration‑Testing Skills

recon-skills is a community‑maintained open‑source repository that bundles 156 offensive security skills—validated on over 600 real targets across more than 45 industries—covering information gathering, vulnerability discovery, attack‑chain construction, and anti‑detection techniques, with full manuals and quick‑start instructions.

Black & White Path
Black & White Path
Black & White Path
recon-skills: An Open‑Source Library of 156 Penetration‑Testing Skills

Tool Background

recon-skills is an open‑source penetration‑testing skill library created and maintained by security researcher uphiago. It originated from the author’s experience in multiple real‑world engagements and now contains 156 executable offensive security skills spanning reconnaissance, vulnerability discovery, and attack‑chain construction.

Each skill entry includes applicable scenarios, prerequisites, concrete commands, and verification steps, allowing direct use in live assessments.

Core Capabilities

Scale and Real‑World Validation

The project comprises 156 structured skills that have been confirmed effective on more than 600 real targets. Coverage spans over 45 industries and includes ten verified attack chains such as CORS + XMLRPC → RCE and SSRF → IMDS.

Anti‑Detection and Fingerprint Evasion

Using a custom C++ modification of Chromium, the library implements 18 browser‑fingerprint markers to bypass Cloudflare, reCAPTCHA, and similar defenses. Automated behavior simulation covers Bayesian mouse‑movement curves, keystroke emulation, and variable scrolling patterns. TLS/HTTP2 fingerprint simulation supports 20 browser profiles, including JA4 TLS validation.

Industry Attack Templates

The repo provides 54 vulnerability‑discovery skills (hunt‑* series), 24 industry‑specific reconnaissance templates, 48 executable scripts (40 Python, 7 Shell, 1 JavaScript), 18 WordPress attack patterns, and deep cloud‑IAM enumeration capabilities.

Skill Catalog Overview

Skills are organized into six categories:

recon (information gathering) : 34 skills covering CORS exploits, XMLRPC penetration, JS sensitive data extraction, mail security, S3/MinIO XSS, Hikvision SCADA enumeration, browser‑fingerprint evasion, etc.

redteam (red‑team skills) : 109 skills including 54 vulnerability‑discovery modules, 24 industry‑specific reconnaissance modules, and 29 operational/methodology skills.

meta (meta‑methodology) : 6 skills offering reconnaissance manuals, attack‑pattern references, cross‑wave analysis, Google Dorks catalog, and industry reconnaissance methodology.

chains (attack chains) : 2 skills for cross‑chain techniques and a complete WordPress takeover chain.

auth (authentication attacks) : 1 skill supporting SAML SSO attacks.

infra (infrastructure) : 1 skill for Docker privilege escalation.

Vulnerability Statistics

By Severity

Critical: 14 vulnerabilities (e.g., RLS write‑gap privilege escalation, MySQL exposure, PHPInfo + open registration, CORS + XMLRPC + upload → RCE).

High: 30 vulnerabilities (e.g., CORS credential reflection, XMLRPC multicall, staging takeover, schema enumeration, metric exposure).

Medium: 18 vulnerabilities (e.g., WordPress user enumeration, WooCommerce API leaks, plugin version disclosures).

Industry Distribution

Locksmith services show the highest vulnerability rate at 33%, primarily WP REST API + XMLRPC issues. Legal firms have a 25% rate, dominated by WP REST API user enumeration. Pool services, landscaping, and pest control each hover around 20%, mainly CORS credential reflection. HVAC/Piping sectors exhibit a 14% rate, often a combination of CORS and WordPress user enumeration.

Quick Start

recon-skills runs on Linux, with Kali Linux recommended. Required tools include Python 3.x, nmap, curl, Bash, and optionally Docker and Wireshark for traffic analysis.

Deployment is straightforward: clone the repository, read SOUL.md and AGENTS.md for methodology, then explore the recon/ and redteam/ directories for applicable modules.

# Clone the repository
git clone [email protected]:uphiago/recon-skills.git
cd recon-skills

# Read methodology documents
cat SOUL.md
cat AGENTS.md

# List skill directories
ls recon/
ls redteam/
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

open sourcepenetration testingsecurity toolsinformation gatheringred teamrecon-skillsvulnerability enumeration
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.