Skill Trust Index / detail

elementalsouls/Claude-OSINT/offensive-osint

0
dangerous analyzed 2h ago
WHY THIS SCORE

Claims

The skill acts as a comprehensive reference manual and operational arsenal for external red-team and bug-bounty reconnaissance. It provides concrete data (wordlists, regexes, dorks, paths) and tool references for passive and active discovery (OSINT), explicitly excluding active exploitation and post-exploitation phases.

Actual behavior

The skill is primarily a static knowledge base (manifest) that triggers based on context (e.g., 'external recon'). It references external tools and provides structured data (lists of ports, headers, secret patterns) to guide the agent. It includes a helper script `secret_scan.py` which is described as 'stdlib-only', implying it performs local file/string processing without external network calls or complex execution. The manifest explicitly defines authorization boundaries and confidence levels.

Findings

medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
hes `^ref:\s` | | `/.env` | Exposed `.env` |
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
`/.env` | Exposed `.env` | **CRITICAL** | M
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
grep -E '^ref:' # .env (CRITICAL) curl -sk
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
curl -sk -m 10 "$T/.env" | grep -E '^[[:spa
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
s_key_id='AKIA...', aws_secret_access_key='...').g
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
r/env,/.git/config,/.env -mc 200,301,403 ```
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
-` | **CRITICAL** | private_key | | 26 | EC Private
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
-` | **CRITICAL** | private_key | | 27 | OpenSSH Pr
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
-` | **CRITICAL** | private_key | | 28 | Generic Pr
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
-` | **CRITICAL** | private_key | | 29 | Generic AP
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
WT in a production `.env` file. - Pattern 16
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
URL signatures:** `/.env`, `/.git/`, databas
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
"{target}" filename:.env "{target}" filename
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
"{target}" filename:.env.example "{target}"
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
S_KEY_ID "{target}" AWS_SECRET_ACCESS_KEY "{target
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
id='<AKIA...>', aws_secret_access_key='<secret
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
ID="AKIA..." export AWS_SECRET_ACCESS_KEY="..." #
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
urce history."* | | .env exposed | *"Exposed
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
exposed | *"Exposed .env on {host} — grep fo
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
onstructable. | | `/.env` reachable on prod
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
**Common leaks:** `.env` files included in
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
all files. 4. Note `.env`, `package.json`/`s
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
A-Z]{16}\b"), ("AWS_SECRET_TYPED", SEV_CRI
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
9/+=]{40})"), ("AWS_SECRET_LOOSE", SEV_HIG
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
SEV_CRITICAL, "private_key", r"-----BEGIN RSA
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
SEV_CRITICAL, "private_key", r"-----BEGIN EC P
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
SEV_CRITICAL, "private_key", r"-----BEGIN OPEN
medium secret_access — references credentials / private keys / secrets (legitimate for some tools; see behavior)
SEV_CRITICAL, "private_key", r"-----BEGIN (DSA
medium suspicious_host — contacts a known exfiltration / drop host
ured | | Ngrok | `*.ngrok.io` | Tunnel not found
medium suspicious_host — contacts a known exfiltration / drop host
passwd OR pwd) site:pastebin.com "{domain}" site:gho
medium suspicious_host — contacts a known exfiltration / drop host
Search Bot](https://t.me/TGdb_bot) — basic Te
medium suspicious_host — contacts a known exfiltration / drop host
channels: `https://t.me/s/<channel>`. ---
medium suspicious_host — contacts a known exfiltration / drop host
channels: `https://t.me/s/<channel>`. - Invi
medium hidden_download — downloads files to disk
# .DS_Store (LOW) curl -sk -m 10 "$T/.DS_Store" -o /tmp/dsstore && fil
medium hidden_download — downloads files to disk
binary; check size) curl -sk -m 30 "$T/actuator/heapdump" -o /tmp/heap && file /
medium hidden_download — downloads files to disk
prefix}.${D} ===" curl -sk -m 10 "https://${prefix}.${D}/.well-known/openid-configuration" -o /dev/null -w '%{htt
medium hidden_download — downloads files to disk
echo "=== $p ===" curl -sk -m 10 "https://${H}${p}" -o /dev/null -w '%{htt
medium hidden_download — downloads files to disk
{P}" | tr '/:' '_') curl -sk -m 10 "$T$P" -o "evidence/$(date -u
medium hidden_download — downloads files to disk
E_IP="203.0.113.42" curl -sk -m 10 -H "Host: target.example.com" "https://${CANDIDATE_IP}/" -o /tmp/candidate.html
medium hidden_download — downloads files to disk
st, malformed Host) curl -sk -m 10 -H "Host: " "https://target.example/" -o /tmp/err.html curl
medium hidden_download — downloads files to disk
t.example" # Citrix curl -sk -m 10 "$T/vpn/index.html" -o /tmp/c1 -w '%{http_
medium hidden_download — downloads files to disk
rsion' /tmp/c1 # F5 curl -sk -m 10 "$T/tmui/login.jsp" -o /tmp/c2 -w '%{http_
medium hidden_download — downloads files to disk
reveals fed status curl -sk -m 10 "https://teams.microsoft.com/api/mt/emea/beta/users/<email>/externalsearchv3" ``
medium hidden_download — downloads files to disk
OAuth-Scopes header curl -sk -m 10 -I -H "$H" https://api.github.com/user | grep -i 'X-OAuth-Scopes' # All
low broad_perms — requests broad/elevated permissions
journalism. - [CyberSudo OSINT Toolkit](https
low broad_perms — requests broad/elevated permissions
sscan + banner-grab sudo masscan -p80,443 203
low broad_perms — requests broad/elevated permissions
# jq (JSON parsing) sudo apt install jq #

Attestation

signer 0xB62e1c338a83D3a6621f9127eEa5B000caCfCd01
digest 0x53a007ef4fd6aacb1af6a4d6cd568be1d214f00d5e2d4dd713a910b7fb506ca4
verify: GET /skill/verify?digest=…&signature=… · scheme eip191-sha256

← Back to the index