Summary
This is a full reconnaissance workflow that chains together subdomain enumeration, port scanning, breach lookups, and CVE correlation into one coordinated phase. It's built around tools like subfinder, amass, nmap, h8mail, and nuclei, moving methodically from passive intel gathering through active service discovery to credential hunting. The GitHub dorking section is especially thorough, with specific search patterns for leaked AWS keys and historical secrets in git logs. Use this at the start of an engagement when you need a complete attack surface map, or when you're preparing a target profile before exploitation. It outputs structured reports with prioritized attack vectors, which is helpful for deciding where to focus next. The social engineering recon techniques are a nice addition that goes beyond pure technical enumeration.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill recon-osint --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
