Search Skills

Scans container images and SBOMs for vulnerabilities, providing CVSS, EPSS, and CISA KEV metrics for security prioritization and remediation.

Provides SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards.

Advanced tool for authorized password auditing, hash cracking, and security assessments using multiple algorithms and attack modes.

Performs multi-language SAST scans, secret detection in git history, and vulnerability analysis for secure code development.

Automates vulnerability scanning for web applications and APIs using Nuclei templates, covering CVEs and OWASP Top 10 with customizable severity thresholds.

Automates dynamic security testing of web applications and APIs using OWASP ZAP, detecting OWASP Top 10 vulnerabilities and generating compliance reports.

Enables authorized penetration testing and vulnerability validation using Metasploit Framework for security assessments and red team operations.

High-performance web fuzzer for DAST testing, enabling directory enumeration, parameter fuzzing, and virtual host discovery to identify security vulnerabilities.

Generates SBOMs for container images and applications using Syft, enabling vulnerability scanning, license compliance, and supply chain security.

Enables forensic investigation and threat hunting by querying operating systems via SQL, collecting evidence and analyzing system artifacts across Linux, macOS, and Windows.

Validates Dockerfiles against security best practices and CIS benchmarks, detecting misconfigurations and hardcoded secrets for secure container builds.

Performs network reconnaissance, port scanning, service enumeration, and vulnerability detection using Nmap for security audits and compliance assessments.

Creates and manages vendor-agnostic security detection rules using Sigma for threat hunting, SIEM platform conversion, and MITRE ATT&CK mapping.

Scans web servers for vulnerabilities, misconfigurations, and outdated software to ensure security compliance and hardening.

Analyzes network traffic for security incidents, malware detection, and forensic investigations using tshark command-line interface.

Enables endpoint forensic analysis, threat hunting, and incident response through Velociraptor Query Language (VQL) for scalable security investigations.

Automates SQL injection vulnerability detection, exploitation, and database extraction for authorized web application security assessments.

Scans Infrastructure as Code (IaC) files for security misconfigurations, compliance violations, and secrets using Checkov.

Network utility for TCP/UDP communication, port scanning, file transfers, and authorized penetration testing including reverse shells and banner grabbing.

Scans open source dependencies for vulnerabilities, license risks, and supply chain threats using Synopsys Black Duck with CVE/CWE mappings and remediation guidance.

Automates security and code quality feedback in CI/CD by aggregating tool outputs into unified pull request comments.

Validates OpenAPI/AsyncAPI specifications against OWASP API Security Top 10 and organizational security policies to detect vulnerabilities and ensure compliance.

Interactive HTTPS proxy for intercepting, modifying, and replaying API traffic to test security vulnerabilities and debug communications.

Enforces security and compliance policies via Open Policy Agent (OPA), validating frameworks like GDPR and HIPAA, and integrating into CI/CD pipelines.