@aegis-scan/skills 0.5.2 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/package.json +1 -1
  2. package/sbom.cdx.json +1 -1
  3. package/skills/offensive/airecon-fork/payloads-command-injection/SKILL.md +5 -0
  4. package/skills/offensive/airecon-fork/payloads-lfi/SKILL.md +5 -0
  5. package/skills/offensive/airecon-fork/payloads-sqli/SKILL.md +5 -0
  6. package/skills/offensive/airecon-fork/payloads-ssrf/SKILL.md +5 -0
  7. package/skills/offensive/airecon-fork/payloads-ssti/SKILL.md +5 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aegis-scan/skills",
3
- "version": "0.5.2",
3
+ "version": "0.5.4",
4
4
  "description": "AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.",
5
5
  "license": "MIT",
6
6
  "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",
package/sbom.cdx.json CHANGED
@@ -1 +1 @@
1
- {"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:2146f20c-6185-4b02-892f-cf9baa11a1f5","version":1,"metadata":{"timestamp":"2026-05-16T10:00:40Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.5.2","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.5.2","bom-ref":"pkg:npm/@aegis-scan/skills@0.5.2","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.5.2"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-16T10:00:40Z","text":"This Software Bill-of-Materials (SBOM) document was created on Saturday, May 16, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.5.2'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}
1
+ {"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:47290283-58dc-4ced-9944-3e6120a50801","version":1,"metadata":{"timestamp":"2026-05-16T12:48:55Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"skills","group":"@aegis-scan","version":"0.5.4","description":"AEGIS Skills — opt-in skill library for Claude Code and compatible AI agents. Offensive red-team methodology from curated sources, attribution preserved per-file. Multi-source-ready architecture with placeholder directories for future defensive (AEGIS-native) and MITRE-mapped extensions. Third sibling in the AEGIS full-repertoire toolkit alongside @aegis-scan/cli and @aegis-wizard/cli.","purl":"pkg:npm/%40aegis-scan/skills@0.5.4","bom-ref":"pkg:npm/@aegis-scan/skills@0.5.4","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/skills/node_modules/@types/node/package.json\\npackages/skills/node_modules/typescript/package.json\\npackages/skills/node_modules/vitest/package.json"}]},"components":[{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/vitest/package.json"}],"concludedValue":"packages/skills/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/typescript/package.json"}],"concludedValue":"packages/skills/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/skills/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/skills/node_modules/@types/node/package.json"}],"concludedValue":"packages/skills/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/skills@0.5.4"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.5","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.5","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.5","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-16T12:48:55Z","text":"This Software Bill-of-Materials (SBOM) document was created on Saturday, May 16, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'skills' with version '0.5.4'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 3 source files."}]}
package/skills/offensive/airecon-fork/payloads-command-injection/SKILL.md CHANGED
@@ -1,5 +1,10 @@
1
1
  <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
2
 
3
+ ---
4
+ name: payloads-command-injection
5
+ description: Comprehensive Unix/Linux and Windows command-injection payload library for offensive testing. Covers metacharacter chaining (semicolon / pipe / ampersand / backtick / dollar-paren), blind / time-based / out-of-band variants, filter-bypass tricks (IFS substitution, brace expansion, hex/octal encoding), and shell-specific quirks (bash / sh / cmd / powershell). Use during authorized pentest / CTF when probing user-input boundaries that flow into shell-exec calls.
6
+ ---
7
+
3
8
  # Full Command Injection Payload Library
4
9
 
5
10
  ## Unix/Linux Command Injection
package/skills/offensive/airecon-fork/payloads-lfi/SKILL.md CHANGED
@@ -1,5 +1,10 @@
1
1
  <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
2
 
3
+ ---
4
+ name: payloads-lfi
5
+ description: 300+ Local-File-Inclusion / Remote-File-Inclusion payload reference for offensive testing of file-path parameter handling. Covers path-traversal variants (dot-segment / encoded-slash / Windows-backslash), null-byte tricks, PHP wrappers (php://filter, php://input, expect://, data://), log-poisoning vectors, /proc filesystem disclosure, and RFI staging via external URL. Use during authorized pentest / CTF when probing endpoints that read files based on user-supplied paths.
6
+ ---
7
+
3
8
  # Full LFI/RFI Payload Library (300+ payloads)
4
9
 
5
10
  ## Basic LFI Payloads
package/skills/offensive/airecon-fork/payloads-sqli/SKILL.md CHANGED
@@ -1,5 +1,10 @@
1
1
  <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
2
 
3
+ ---
4
+ name: payloads-sqli
5
+ description: 400+ SQL-injection payload reference for offensive testing across MySQL / PostgreSQL / MSSQL / Oracle / SQLite dialects. Covers error-based / boolean-based blind / time-based blind / UNION-based / out-of-band exfiltration variants, WAF-bypass tricks (comment-stuffing, case-permutation, hex-encoding, double-encoding), and second-order patterns. Use during authorized pentest / CTF when probing endpoints that interpolate user-input into SQL queries.
6
+ ---
7
+
3
8
  # Full SQL Injection Payload Library (400+ payloads)
4
9
 
5
10
  ## Error-Based Payloads
package/skills/offensive/airecon-fork/payloads-ssrf/SKILL.md CHANGED
@@ -1,5 +1,10 @@
1
1
  <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
2
 
3
+ ---
4
+ name: payloads-ssrf
5
+ description: Server-Side-Request-Forgery payload reference for offensive testing of URL-fetching endpoints. Covers RFC-1918 / link-local / IPv6-loopback targets, cloud metadata endpoints (AWS IMDSv1 + IMDSv2, GCP, Azure, DigitalOcean), DNS-rebinding triggers, URL-parser-confusion (userinfo, fragment, path-confusion across libraries), and redirect-chain pivots. Use during authorized pentest / CTF when probing user-input that flows into outbound HTTP / file:// / gopher:// fetches.
6
+ ---
7
+
3
8
  # SSRF Payloads
4
9
 
5
10
  ## Basic SSRF
package/skills/offensive/airecon-fork/payloads-ssti/SKILL.md CHANGED
@@ -1,5 +1,10 @@
1
1
  <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
2
 
3
+ ---
4
+ name: payloads-ssti
5
+ description: Server-Side-Template-Injection payload reference for offensive testing of template-engine boundaries. Covers Jinja2 / Mako / Tornado (Python), Twig / Smarty (PHP), Velocity / Freemarker / Spring SpEL (Java), ERB / Slim (Ruby), Handlebars / EJS / Pug (JS), and detection-probes for engine fingerprinting. Includes filter-bypass tricks (attribute-chaining to __class__ / __globals__, Unicode normalization, comment-injection). Use during authorized pentest / CTF when probing user-input that flows into server-rendered templates.
6
+ ---
7
+
3
8
  # Full SSTI (Server-Side Template Injection) Payload Library
4
9
 
5
10
  ## Jinja2 (Python)