pentest-recon-surface-analysis | Skill Performance & Reviews | TopRankSkills

TopRank Skills

Home / Skills / tools / pentest-recon-surface-analysis

pentest-recon-surface-analysis

maintained by NeverSight

star 66 account_tree 19 verified_user MIT License
bolt View GitHub

name: pentest-recon-surface-analysis description: "Security assessment skill for reconnaissance, endpoint/service enumeration, and attack-surface mapping. Use when prompts include recon, enumerate, map endpoints, discover assets, inventory interfaces, fingerprint technologies, or identify control-plane surfaces. Do not use when the request is exploit development, payload execution, or final report writing only."

Recon & Surface Analysis

Activation Triggers (Positive)

  • recon
  • enumerate
  • surface map
  • asset inventory
  • endpoint discovery
  • technology fingerprinting
  • control plane mapping

Exclusion Triggers (Negative)

  • build exploit
  • weaponize payload
  • write final report
  • only validate known vulnerability

Output Schema

  • Surface inventory: asset, interface, auth state, confidence
  • Entry-point matrix: input, trust boundary, initial risk hypothesis
  • Prioritized next tests: ordered by likely impact and test cost

Instructions

  1. Build an explicit target model first: interfaces, trust boundaries, and identity contexts.
  2. Enumerate only what is necessary to expose actionable attack paths.
  3. Normalize findings into a deduplicated inventory before deeper testing.
  4. Label each surface with attacker preconditions and probable abuse class.
  5. Mark unknowns that block progression and propose the minimum test to resolve each.
  6. Hand off precise, testable targets to downstream skills.

Should Do

  • Keep reconnaissance hypothesis-driven, not tool-driven.
  • Capture reproducible evidence for each discovered surface.
  • Prioritize externally reachable and privilege-sensitive paths.

Should Not Do

  • Do not claim vulnerabilities at recon stage without abuse validation.
  • Do not perform heavy fuzzing or exploit attempts here.
  • Do not include organization-specific URLs, identifiers, or credentials in reusable guidance.

chat Comments (0)

chat_bubble_outline

No comments yet. Be the first to share your thoughts!

Skill Details

GitHub Stars 66
GitHub Forks 19
Created Mar 2026
Last Updated 3 months ago
tools tools debugging

Related Skills

fabric
chevron_right
typescript-expert
chevron_right
break-loop
chevron_right
burp-suite
chevron_right
page-behavior-audit
chevron_right

Build your own?

Join 12,000+ developers contributing to the Claude ecosystem.