npm - @rfxlamia/skillkit - Versions diffs - 1.0.0 → 1.2.0 - Mend

@rfxlamia/skillkit 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

package/skills/skills/red-teaming/references/tools-frameworks.md ADDED Viewed

@@ -0,0 +1,446 @@
+# Tools & Frameworks Reference
+## Table of Contents
+1. [Overview](#overview)
+2. [MITRE ATT&CK Ecosystem](#mitre-attck-ecosystem)
+3. [Command & Control (C2) Frameworks](#command--control-c2-frameworks)
+4. [Exploitation Frameworks](#exploitation-frameworks)
+5. [Credential Attacks](#credential-attacks)
+6. [Phishing & Social Engineering](#phishing--social-engineering)
+7. [OSINT & Reconnaissance](#osint--reconnaissance)
+8. [AI/LLM Red Teaming Tools](#aillm-red-teaming-tools)
+9. [Network Security Tools](#network-security-tools)
+10. [Defensive Tools (Blue Team)](#defensive-tools-blue-team)
+11. [Tool Selection Criteria](#tool-selection-criteria)
+12. [Critical Reminders](#critical-reminders)
+## Overview
+Comprehensive reference for red teaming tools across cybersecurity and AI/LLM domains. Organized by function and use case.
+## MITRE ATT&CK Ecosystem
+### ATT&CK Navigator
+- **Purpose**: Visual red team planning and heat mapping
+- **URL**: https://mitre-attack.github.io/attack-navigator/
+- **Features**:
+  - Layer-based technique mapping
+  - APT group TTP visualization
+  - Detection coverage heat maps
+  - Export to JSON, SVG, Excel
+- **Use Case**: Plan red team operations, visualize detection gaps
+### Atomic Red Team
+- **Purpose**: Pre-built ATT&CK technique tests
+- **Developer**: Red Canary (open source)
+- **GitHub**: https://github.com/redcanaryco/atomic-red-team
+- **Features**:
+  - 200+ technique tests
+  - Cross-platform (Windows, Linux, macOS)
+  - ~5 minutes per test
+  - Invoke-Atomic PowerShell framework
+- **Use Case**: Quick technique validation, purple teaming
+### CALDERA
+- **Purpose**: Automated adversary emulation
+- **Developer**: MITRE (open source)
+- **GitHub**: https://github.com/mitre/caldera
+- **Features**:
+  - Autonomous red team operations
+  - Plugin architecture (OT protocols, Atomic Red Team integration)
+  - AI planning engine
+  - Web-based management
+- **Use Case**: Automated red team campaigns, continuous testing
+### ATT&CK Evaluations
+- **Purpose**: Independent product testing
+- **URL**: https://attackevals.mitre-engenuity.org/
+- **Features**:
+  - Standardized adversary emulation
+  - EDR/XDR evaluation
+  - Public methodology and results
+- **Use Case**: Evaluate security product effectiveness
+## Command & Control (C2) Frameworks
+### Cobalt Strike
+- **Type**: Commercial ($3,500/user/year)
+- **Strengths**:
+  - Industry standard for red teams and APTs
+  - Malleable C2 profiles (traffic shaping)
+  - Beacon implant with many post-exploitation features
+  - Sleep obfuscation, AMSI bypass
+- **Weaknesses**:
+  - Well-signatured by defenders
+  - Expensive
+  - Frequently cracked versions used by criminals (bad optics)
+- **Use Case**: Professional red team engagements
+### Sliver
+- **Type**: Open source (GPL-3.0)
+- **Developer**: BishopFox
+- **GitHub**: https://github.com/BishopFox/sliver
+- **Strengths**:
+  - Modern architecture (Go-based)
+  - Strong encryption (mTLS, WireGuard, HTTP(S))
+  - Cross-platform implants
+  - Multi-player support
+  - Active development
+- **Weaknesses**:
+  - Less mature than Cobalt Strike
+  - Smaller community
+- **Use Case**: Budget-conscious red teams, modern C2 requirements
+### Empire/Starkiller
+- **Type**: Open source
+- **GitHub**: https://github.com/BC-SECURITY/Empire
+- **Strengths**:
+  - PowerShell and Python agents
+  - Modular post-exploitation
+  - Starkiller GUI (user-friendly)
+- **Weaknesses**:
+  - PowerShell heavily monitored
+  - Less stealthy than alternatives
+- **Use Case**: Windows-heavy environments, PowerShell red teams
+### Mythic
+- **Type**: Open source
+- **GitHub**: https://github.com/its-a-feature/Mythic
+- **Strengths**:
+  - Web-based collaborative UI
+  - Plugin architecture for agents
+  - Logging and reporting built-in
+  - Docker-based deployment
+- **Weaknesses**:
+  - Requires setup effort
+  - Less documentation than Cobalt Strike
+- **Use Case**: Team-based red team operations, custom agent development
+## Exploitation Frameworks
+### Metasploit
+- **Type**: Open source (Rapid7)
+- **Website**: https://www.metasploit.com/
+- **Strengths**:
+  - 2,300+ exploits
+  - Meterpreter post-exploitation framework
+  - Database for session management
+  - Extensive community modules
+- **Weaknesses**:
+  - Well-signatured by AV/EDR
+  - Noisy by default
+- **Use Case**: Exploitation, post-exploitation, penetration testing
+### Covenant
+- **Type**: Open source
+- **GitHub**: https://github.com/cobbr/Covenant
+- **Strengths**:
+  - .NET-based C2
+  - Web-based UI
+  - Grunts (implants) with .NET in-memory execution
+- **Weaknesses**:
+  - Development slowed
+  - Smaller community
+- **Use Case**: .NET-focused red teams, post-exploitation
+### Merlin
+- **Type**: Open source
+- **GitHub**: https://github.com/Ne0nd0g/merlin
+- **Strengths**:
+  - Go-based agents (cross-platform)
+  - HTTP/2 C2 (stealthy)
+  - QUIC support
+- **Weaknesses**:
+  - Command-line interface only
+  - Less feature-rich than Cobalt Strike
+- **Use Case**: Stealthy C2, cross-platform red teams
+## Credential Attacks
+### Mimikatz
+- **Type**: Open source
+- **Developer**: Benjamin Delpy
+- **GitHub**: https://github.com/gentilkiwi/mimikatz
+- **Strengths**:
+  - Extract plaintext passwords, hashes, Kerberos tickets
+  - Pass-the-hash, pass-the-ticket
+  - Golden/Silver ticket creation
+- **Weaknesses**:
+  - Heavily signatured by AV/EDR
+  - Requires admin privileges
+- **Use Case**: Credential dumping, Kerberos attacks
+### BloodHound
+- **Type**: Open source
+- **GitHub**: https://github.com/BloodHoundAD/BloodHound
+- **Strengths**:
+  - Active Directory attack path visualization
+  - Graph-based analysis
+  - Identifies shortest path to Domain Admin
+- **Weaknesses**:
+  - Requires SharpHound data collection (can be detected)
+  - Learning curve for graph query language
+- **Use Case**: Active Directory enumeration and attack planning
+### Rubeus
+- **Type**: Open source
+- **GitHub**: https://github.com/GhostPack/Rubeus
+- **Strengths**:
+  - Kerberos abuse toolkit
+  - Kerberoasting, AS-REP roasting
+  - Ticket manipulation
+- **Weaknesses**:
+  - .NET executable (may be blocked by AppLocker)
+- **Use Case**: Kerberos-based attacks in Active Directory
+### Impacket
+- **Type**: Open source (Python library)
+- **GitHub**: https://github.com/fortra/impacket
+- **Strengths**:
+  - Python implementation of network protocols
+  - SMB, MSRPC, LDAP, Kerberos
+  - Standalone scripts (psexec.py, secretsdump.py, etc.)
+- **Weaknesses**:
+  - Python dependency (not always available on target)
+- **Use Case**: Network protocol exploitation, lateral movement
+## Phishing & Social Engineering
+### Gophish
+- **Type**: Open source
+- **Website**: https://getgophish.com/
+- **Strengths**:
+  - Full-featured phishing framework
+  - Email templates and landing pages
+  - Campaign tracking and reporting
+  - User-friendly web UI
+- **Weaknesses**:
+  - Server infrastructure required
+  - Email deliverability challenges
+- **Use Case**: Phishing campaigns, security awareness training
+### Social-Engineer Toolkit (SET)
+- **Type**: Open source (TrustedSec)
+- **GitHub**: https://github.com/trustedsec/social-engineer-toolkit
+- **Strengths**:
+  - Automated phishing and credential harvesting
+  - Mass mailer
+  - QR code attacks
+  - Wireless access point attacks
+- **Weaknesses**:
+  - Text-based menu interface
+  - Requires setup
+- **Use Case**: Multi-vector social engineering campaigns
+### EvilNginx
+- **Type**: Open source
+- **GitHub**: https://github.com/kgretzky/evilginx2
+- **Strengths**:
+  - Adversary-in-the-middle (AitM) phishing
+  - Bypass 2FA (session hijacking)
+  - Reverse proxy architecture
+- **Weaknesses**:
+  - Complex setup
+  - Requires custom phishlets
+- **Use Case**: Advanced phishing bypassing MFA
+## OSINT & Reconnaissance
+### theHarvester
+- **Type**: Open source
+- **GitHub**: https://github.com/laramies/theHarvester
+- **Strengths**:
+  - Email, subdomain, name enumeration
+  - Multiple search engines (Google, Bing, Shodan, etc.)
+  - Fast reconnaissance
+- **Weaknesses**:
+  - API rate limits
+- **Use Case**: Initial OSINT, target profiling
+### Shodan
+- **Type**: Commercial (free tier available)
+- **Website**: https://www.shodan.io/
+- **Strengths**:
+  - Internet-connected device search engine
+  - Identify exposed services and vulnerabilities
+  - API access
+- **Weaknesses**:
+  - Paid features for advanced queries
+- **Use Case**: External asset discovery, vulnerability research
+### Amass
+- **Type**: Open source (OWASP)
+- **GitHub**: https://github.com/owasp-amass/amass
+- **Strengths**:
+  - DNS enumeration and network mapping
+  - Subdomain discovery
+  - ASN mapping
+- **Weaknesses**:
+  - Slow for large domains
+- **Use Case**: External attack surface mapping
+### SpiderFoot
+- **Type**: Open source
+- **Website**: https://www.spiderfoot.net/
+- **Strengths**:
+  - Automated OSINT collection
+  - 200+ data sources
+  - Web UI and correlation engine
+- **Weaknesses**:
+  - Resource-intensive
+- **Use Case**: Comprehensive OSINT investigations
+## AI/LLM Red Teaming Tools
+### DeepTeam
+- **Type**: Open source (Python framework)
+- **GitHub**: https://github.com/confident-ai/deepteam
+- **Strengths**:
+  - 40+ vulnerabilities (OWASP Top 10 LLM aligned)
+  - 10+ attack methods (single-turn & multi-turn)
+  - LLM-as-judge evaluation
+  - YAML-based configuration
+  - CLI and programmatic API
+- **Weaknesses**:
+  - Requires API keys for evaluation models
+  - Python dependency
+- **Use Case**: Comprehensive LLM security testing, CI/CD integration
+### Promptfoo
+- **Type**: Open source
+- **Website**: https://www.promptfoo.dev/
+- **GitHub**: https://github.com/promptfoo/promptfoo
+- **Strengths**:
+  - 20+ red team vulnerability categories
+  - Custom evaluation metrics
+  - Supports multiple LLM providers
+  - Web UI for results visualization
+- **Weaknesses**:
+  - Node.js dependency
+- **Use Case**: LLM application testing, prompt optimization
+### FLIRT (Feedback Loop In-context Red Teaming)
+- **Type**: Research tool
+- **Paper**: https://arxiv.org/abs/2308.04265
+- **Strengths**:
+  - Iterative attack refinement
+  - Uses feedback to improve attacks
+  - High success rate
+- **Weaknesses**:
+  - Research prototype (not production-ready)
+- **Use Case**: Academic research, advanced red teaming
+### AdvPrompter
+- **Type**: Research tool
+- **Strengths**:
+  - LLM-based adversarial prompt generation
+  - Optimizes for effectiveness and speed
+  - Generates human-readable attacks
+- **Weaknesses**:
+  - Research prototype
+- **Use Case**: Automated attack generation research
+### GRT (Gandalf Red Team)
+- **Type**: Community challenge platform
+- **Website**: https://gandalf.lakera.ai/
+- **Strengths**:
+  - Gamified LLM red teaming
+  - Levels of difficulty
+  - Community leaderboard
+- **Weaknesses**:
+  - Limited to specific scenarios
+- **Use Case**: LLM security training, skill building
+### JailbreakBench
+- **Type**: Open benchmark
+- **Website**: https://jailbreakbench.github.io/
+- **Strengths**:
+  - Standardized jailbreak evaluation
+  - Public leaderboard
+  - Reproducible testing
+- **Weaknesses**:
+  - Limited to jailbreak testing
+- **Use Case**: LLM robustness benchmarking
+## Network Security Tools
+### Nmap
+- **Type**: Open source
+- **Website**: https://nmap.org/
+- **Strengths**:
+  - Port scanning and service detection
+  - OS fingerprinting
+  - NSE (Nmap Scripting Engine) for automation
+- **Use Case**: Network reconnaissance, vulnerability scanning
+### Burp Suite
+- **Type**: Commercial (free Community edition)
+- **Website**: https://portswigger.net/burp
+- **Strengths**:
+  - Web application security testing
+  - Proxy, scanner, intruder, repeater
+  - Extensible with BApps
+- **Use Case**: Web application penetration testing
+### Wireshark
+- **Type**: Open source
+- **Website**: https://www.wireshark.org/
+- **Strengths**:
+  - Network protocol analyzer
+  - Packet capture and dissection
+  - Display filters and analysis
+- **Use Case**: Network traffic analysis, protocol debugging
+## Defensive Tools (Blue Team)
+### Velociraptor
+- **Type**: Open source
+- **Website**: https://www.rapid7.com/products/velociraptor/
+- **Strengths**:
+  - Endpoint visibility and forensics
+  - Hunt malicious activity
+  - Incident response platform
+- **Use Case**: Detection engineering, threat hunting
+### Sigma
+- **Type**: Open source (detection rule format)
+- **GitHub**: https://github.com/SigmaHQ/sigma
+- **Strengths**:
+  - Generic signature format for SIEM
+  - 3,000+ detection rules
+  - Convert to Splunk, Elastic, QRadar
+- **Use Case**: Detection rule development and sharing
+### YARA
+- **Type**: Open source
+- **Website**: https://virustotal.github.io/yara/
+- **Strengths**:
+  - Malware identification and classification
+  - Pattern matching for files and processes
+  - Widely adopted
+- **Use Case**: Malware detection, threat intelligence
+## Tool Selection Criteria
+### For Cybersecurity Red Teaming
+- **Initial Access**: Metasploit, Cobalt Strike, custom exploits
+- **C2 Infrastructure**: Sliver (budget), Cobalt Strike (professional), Mythic (team)
+- **Credential Attacks**: Mimikatz, BloodHound, Rubeus, Impacket
+- **Phishing**: Gophish (standard), EvilNginx (advanced MFA bypass)
+- **OSINT**: theHarvester (quick), Amass (comprehensive), Shodan (external)
+### For AI/LLM Red Teaming
+- **Comprehensive Testing**: DeepTeam (production), Promptfoo (development)
+- **Research**: FLIRT, AdvPrompter, academic frameworks
+- **Benchmarking**: JailbreakBench, public leaderboards
+- **Training**: GRT (Gandalf), capture-the-flag platforms
+## Critical Reminders
+- **Licensing**: Verify tool licenses (commercial vs. open source)
+- **Legal Use**: Only use tools for authorized red team operations
+- **Detection**: Most tools are well-signatured; customize for stealth
+- **Updates**: Tools evolve rapidly; stay current with latest versions
+- **Operational Security**: Protect red team infrastructure and tool chains
+- **Blue Team Value**: Share tool knowledge with defenders for detection engineering

package/skills/skills/releasing/.skillkit-mode ADDED Viewed

	@@ -0,0 +1 @@
1	+ fast

package/skills/skills/releasing/SKILL.md ADDED Viewed

@@ -0,0 +1,225 @@
+---
+name: releasing
+description: >
+  Automate the full release workflow: version bumping (major/minor/patch), changelog generation,
+  git tagging, pushing, and GitHub release creation. Handles semver across Node.js, Python, Rust,
+  Go, and generic projects. Enforces mandatory confirmations before irreversible actions (push, release).
+  USE WHEN: user says "release", "bump version", "cut a release", "tag and release", "/releasing",
+  or asks to prepare a new version of their project.
+category: deployment
+---
+# Releasing
+Automate version bumps, changelog, git tags, and GitHub releases. Stop gates enforce confirmation before every irreversible action.
+## Workflow
+1. Detect ecosystem and current version
+2. Confirm bump type with user
+3. Execute release pipeline
+## Step 1: Pre-flight Checks
+Run all checks. Stop and report on any failure.
+```bash
+# Must be in a git repo
+git rev-parse --is-inside-work-tree
+# Must have clean working tree (no uncommitted changes)
+git status --porcelain
+# Must be on a releasable branch (main, master, or release/*)
+git branch --show-current
+# Must have a remote configured
+git remote -v
+# Check if gh CLI is available (needed for GitHub release)
+command -v gh
+```
+**Dirty tree:** Stop. User must commit or stash first.
+**Wrong branch:** Stop. Report branch, ask to continue.
+**No gh CLI:** Warn, skip GitHub release step.
+## Step 2: Detect Version
+Scan version files in priority order:
+| Priority | File | Ecosystem | Pattern |
+|----------|------|-----------|---------|
+| 1 | `package.json` | Node.js | `"version": "X.Y.Z"` |
+| 2 | `pyproject.toml` | Python | `version = "X.Y.Z"` |
+| 3 | `Cargo.toml` | Rust | `version = "X.Y.Z"` |
+| 4 | `setup.cfg` | Python (legacy) | `version = X.Y.Z` |
+| 5 | `VERSION` | Generic | Plain text `X.Y.Z` |
+| 6 | Latest git tag | Any | `vX.Y.Z` or `X.Y.Z` |
+For full detection patterns and edge cases, load `references/version-detection.md`.
+**Report to user:** "Current version: **X.Y.Z** (detected from `<file>`)"
+## Step 3: Determine Bump Type
+Use user-specified type if provided. Otherwise:
+**Stop Condition (Mandatory):** Ask user to choose bump type.
+- **patch** (X.Y.Z -> X.Y.Z+1) - Bug fixes, small changes
+- **minor** (X.Y.Z -> X.Y+1.0) - New features, backward compatible
+- **major** (X.Y.Z -> X+1.0.0) - Breaking changes
+Calculate and show the new version before proceeding.
+## Step 4: Update Version File
+Apply the version bump to the detected file:
+```bash
+# Node.js - use npm version without git tag (we handle tagging ourselves)
+npm version <patch|minor|major> --no-git-tag-version
+# Python (pyproject.toml) - sed replacement
+# Rust (Cargo.toml) - sed replacement
+# Generic - direct file write
+```
+**Important:** Only update the version file. Do NOT run `npm version` with default behavior (it creates its own tag).
+Also update `package-lock.json` if it exists (Node.js):
+```bash
+[ -f package-lock.json ] && npm install --package-lock-only
+```
+## Step 5: Update Changelog
+Check if `CHANGELOG.md` exists. If not, create it.
+Generate changelog entries from git log since last tag:
+```bash
+# Get last tag
+LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+# Get commits since last tag (or all commits if no tag)
+if [ -n "$LAST_TAG" ]; then
+  git log "$LAST_TAG"..HEAD --pretty=format:"- %s (%h)" --no-merges
+else
+  git log --pretty=format:"- %s (%h)" --no-merges
+fi
+```
+Prepend new section to CHANGELOG.md in this format:
+```markdown
+## [X.Y.Z] - YYYY-MM-DD
+### Changes
+- commit message 1 (abc1234)
+- commit message 2 (def5678)
+```
+**Categorize commits if conventional commits are used:**
+- `feat:` -> "Added"
+- `fix:` -> "Fixed"
+- `docs:` -> "Documentation"
+- `refactor:` -> "Changed"
+- `BREAKING CHANGE:` -> "Breaking Changes" (at top)
+- Other -> "Changes"
+## Step 6: Commit Version Bump
+```bash
+git add -A
+git commit -m "chore(release): v<NEW_VERSION>"
+```
+Show the commit to user for awareness.
+## Step 7: Create Git Tag
+```bash
+git tag -a "v<NEW_VERSION>" -m "Release v<NEW_VERSION>"
+```
+## Step 8: Push (with confirmation)
+**Stop Condition (Mandatory):** This is irreversible. Ask user before pushing.
+Show exactly what will be pushed:
+- Branch: `<branch_name>`
+- Remote: `<remote_name>` (`<remote_url>`)
+- Commits: list new commits
+- Tag: `v<NEW_VERSION>`
+Only after user confirms:
+```bash
+git push origin <branch_name>
+git push origin "v<NEW_VERSION>"
+```
+## Step 9: Create GitHub Release (with confirmation)
+Skip if `gh` CLI is not available.
+**Stop Condition (Mandatory):** Ask user before creating public release.
+```bash
+# Extract changelog for this version to use as release notes
+gh release create "v<NEW_VERSION>" \
+  --title "v<NEW_VERSION>" \
+  --notes "<changelog_for_this_version>" \
+  --latest
+```
+For pre-release versions (contains `-alpha`, `-beta`, `-rc`):
+```bash
+gh release create "v<NEW_VERSION>" \
+  --title "v<NEW_VERSION>" \
+  --notes "<changelog>" \
+  --prerelease
+```
+## Step 10: Post-release Verification
+Verify everything succeeded:
+```bash
+# Verify tag exists on remote
+git ls-remote --tags origin "v<NEW_VERSION>"
+# Verify GitHub release (if created)
+gh release view "v<NEW_VERSION>" --json tagName,isDraft,isPrerelease
+```
+Report final summary:
+```
+Release v<NEW_VERSION> complete:
+  Version file: <file> updated
+  Changelog: CHANGELOG.md updated
+  Tag: v<NEW_VERSION> created and pushed
+  GitHub Release: published (or: skipped)
+```
+## Quick Reference: Common Invocations
+| User says | Bump type | Notes |
+|-----------|-----------|-------|
+| "release patch" | patch | Fastest path |
+| "bump minor" | minor | New feature release |
+| "major release" | major | Breaking change |
+| "release" / "cut a release" | ask user | Must confirm type |
+| "release 2.0.0" | explicit | Use exact version given |
+| "prerelease" / "release beta" | prepatch with `-beta.1` | Mark as prerelease |
+## Error Recovery
+| Error | Recovery |
+|-------|----------|
+| Push rejected (behind remote) | `git pull --rebase` then retry push |
+| Tag already exists | Ask user: force-update tag or use different version? |
+| gh auth failed | Run `gh auth login` and retry |
+| Version file not found | Ask user which file contains the version |
+| Merge conflict in changelog | Open file for manual resolution, then continue |