@rfxlamia/skillkit 1.0.0

package/skills/red-teaming/references/tools-frameworks.md

@@ -0,0 +1,446 @@
+# Tools & Frameworks Reference
+
+## Table of Contents
+
+1. [Overview](#overview)
+2. [MITRE ATT&CK Ecosystem](#mitre-attck-ecosystem)
+3. [Command & Control (C2) Frameworks](#command--control-c2-frameworks)
+4. [Exploitation Frameworks](#exploitation-frameworks)
+5. [Credential Attacks](#credential-attacks)
+6. [Phishing & Social Engineering](#phishing--social-engineering)
+7. [OSINT & Reconnaissance](#osint--reconnaissance)
+8. [AI/LLM Red Teaming Tools](#aillm-red-teaming-tools)
+9. [Network Security Tools](#network-security-tools)
+10. [Defensive Tools (Blue Team)](#defensive-tools-blue-team)
+11. [Tool Selection Criteria](#tool-selection-criteria)
+12. [Critical Reminders](#critical-reminders)
+
+## Overview
+
+Comprehensive reference for red teaming tools across cybersecurity and AI/LLM domains. Organized by function and use case.
+
+## MITRE ATT&CK Ecosystem
+
+### ATT&CK Navigator
+- **Purpose**: Visual red team planning and heat mapping
+- **URL**: https://mitre-attack.github.io/attack-navigator/
+- **Features**:
+  - Layer-based technique mapping
+  - APT group TTP visualization
+  - Detection coverage heat maps
+  - Export to JSON, SVG, Excel
+- **Use Case**: Plan red team operations, visualize detection gaps
+
+### Atomic Red Team
+- **Purpose**: Pre-built ATT&CK technique tests
+- **Developer**: Red Canary (open source)
+- **GitHub**: https://github.com/redcanaryco/atomic-red-team
+- **Features**:
+  - 200+ technique tests
+  - Cross-platform (Windows, Linux, macOS)
+  - ~5 minutes per test
+  - Invoke-Atomic PowerShell framework
+- **Use Case**: Quick technique validation, purple teaming
+
+### CALDERA
+- **Purpose**: Automated adversary emulation
+- **Developer**: MITRE (open source)
+- **GitHub**: https://github.com/mitre/caldera
+- **Features**:
+  - Autonomous red team operations
+  - Plugin architecture (OT protocols, Atomic Red Team integration)
+  - AI planning engine
+  - Web-based management
+- **Use Case**: Automated red team campaigns, continuous testing
+
+### ATT&CK Evaluations
+- **Purpose**: Independent product testing
+- **URL**: https://attackevals.mitre-engenuity.org/
+- **Features**:
+  - Standardized adversary emulation
+  - EDR/XDR evaluation
+  - Public methodology and results
+- **Use Case**: Evaluate security product effectiveness
+
+## Command & Control (C2) Frameworks
+
+### Cobalt Strike
+- **Type**: Commercial ($3,500/user/year)
+- **Strengths**: 
+  - Industry standard for red teams and APTs
+  - Malleable C2 profiles (traffic shaping)
+  - Beacon implant with many post-exploitation features
+  - Sleep obfuscation, AMSI bypass
+- **Weaknesses**: 
+  - Well-signatured by defenders
+  - Expensive
+  - Frequently cracked versions used by criminals (bad optics)
+- **Use Case**: Professional red team engagements
+
+### Sliver
+- **Type**: Open source (GPL-3.0)
+- **Developer**: BishopFox
+- **GitHub**: https://github.com/BishopFox/sliver
+- **Strengths**:
+  - Modern architecture (Go-based)
+  - Strong encryption (mTLS, WireGuard, HTTP(S))
+  - Cross-platform implants
+  - Multi-player support
+  - Active development
+- **Weaknesses**:
+  - Less mature than Cobalt Strike
+  - Smaller community
+- **Use Case**: Budget-conscious red teams, modern C2 requirements
+
+### Empire/Starkiller
+- **Type**: Open source
+- **GitHub**: https://github.com/BC-SECURITY/Empire
+- **Strengths**:
+  - PowerShell and Python agents
+  - Modular post-exploitation
+  - Starkiller GUI (user-friendly)
+- **Weaknesses**:
+  - PowerShell heavily monitored
+  - Less stealthy than alternatives
+- **Use Case**: Windows-heavy environments, PowerShell red teams
+
+### Mythic
+- **Type**: Open source
+- **GitHub**: https://github.com/its-a-feature/Mythic
+- **Strengths**:
+  - Web-based collaborative UI
+  - Plugin architecture for agents
+  - Logging and reporting built-in
+  - Docker-based deployment
+- **Weaknesses**:
+  - Requires setup effort
+  - Less documentation than Cobalt Strike
+- **Use Case**: Team-based red team operations, custom agent development
+
+## Exploitation Frameworks
+
+### Metasploit
+- **Type**: Open source (Rapid7)
+- **Website**: https://www.metasploit.com/
+- **Strengths**:
+  - 2,300+ exploits
+  - Meterpreter post-exploitation framework
+  - Database for session management
+  - Extensive community modules
+- **Weaknesses**:
+  - Well-signatured by AV/EDR
+  - Noisy by default
+- **Use Case**: Exploitation, post-exploitation, penetration testing
+
+### Covenant
+- **Type**: Open source
+- **GitHub**: https://github.com/cobbr/Covenant
+- **Strengths**:
+  - .NET-based C2
+  - Web-based UI
+  - Grunts (implants) with .NET in-memory execution
+- **Weaknesses**:
+  - Development slowed
+  - Smaller community
+- **Use Case**: .NET-focused red teams, post-exploitation
+
+### Merlin
+- **Type**: Open source
+- **GitHub**: https://github.com/Ne0nd0g/merlin
+- **Strengths**:
+  - Go-based agents (cross-platform)
+  - HTTP/2 C2 (stealthy)
+  - QUIC support
+- **Weaknesses**:
+  - Command-line interface only
+  - Less feature-rich than Cobalt Strike
+- **Use Case**: Stealthy C2, cross-platform red teams
+
+## Credential Attacks
+
+### Mimikatz
+- **Type**: Open source
+- **Developer**: Benjamin Delpy
+- **GitHub**: https://github.com/gentilkiwi/mimikatz
+- **Strengths**:
+  - Extract plaintext passwords, hashes, Kerberos tickets
+  - Pass-the-hash, pass-the-ticket
+  - Golden/Silver ticket creation
+- **Weaknesses**:
+  - Heavily signatured by AV/EDR
+  - Requires admin privileges
+- **Use Case**: Credential dumping, Kerberos attacks
+
+### BloodHound
+- **Type**: Open source
+- **GitHub**: https://github.com/BloodHoundAD/BloodHound
+- **Strengths**:
+  - Active Directory attack path visualization
+  - Graph-based analysis
+  - Identifies shortest path to Domain Admin
+- **Weaknesses**:
+  - Requires SharpHound data collection (can be detected)
+  - Learning curve for graph query language
+- **Use Case**: Active Directory enumeration and attack planning
+
+### Rubeus
+- **Type**: Open source
+- **GitHub**: https://github.com/GhostPack/Rubeus
+- **Strengths**:
+  - Kerberos abuse toolkit
+  - Kerberoasting, AS-REP roasting
+  - Ticket manipulation
+- **Weaknesses**:
+  - .NET executable (may be blocked by AppLocker)
+- **Use Case**: Kerberos-based attacks in Active Directory
+
+### Impacket
+- **Type**: Open source (Python library)
+- **GitHub**: https://github.com/fortra/impacket
+- **Strengths**:
+  - Python implementation of network protocols
+  - SMB, MSRPC, LDAP, Kerberos
+  - Standalone scripts (psexec.py, secretsdump.py, etc.)
+- **Weaknesses**:
+  - Python dependency (not always available on target)
+- **Use Case**: Network protocol exploitation, lateral movement
+
+## Phishing & Social Engineering
+
+### Gophish
+- **Type**: Open source
+- **Website**: https://getgophish.com/
+- **Strengths**:
+  - Full-featured phishing framework
+  - Email templates and landing pages
+  - Campaign tracking and reporting
+  - User-friendly web UI
+- **Weaknesses**:
+  - Server infrastructure required
+  - Email deliverability challenges
+- **Use Case**: Phishing campaigns, security awareness training
+
+### Social-Engineer Toolkit (SET)
+- **Type**: Open source (TrustedSec)
+- **GitHub**: https://github.com/trustedsec/social-engineer-toolkit
+- **Strengths**:
+  - Automated phishing and credential harvesting
+  - Mass mailer
+  - QR code attacks
+  - Wireless access point attacks
+- **Weaknesses**:
+  - Text-based menu interface
+  - Requires setup
+- **Use Case**: Multi-vector social engineering campaigns
+
+### EvilNginx
+- **Type**: Open source
+- **GitHub**: https://github.com/kgretzky/evilginx2
+- **Strengths**:
+  - Adversary-in-the-middle (AitM) phishing
+  - Bypass 2FA (session hijacking)
+  - Reverse proxy architecture
+- **Weaknesses**:
+  - Complex setup
+  - Requires custom phishlets
+- **Use Case**: Advanced phishing bypassing MFA
+
+## OSINT & Reconnaissance
+
+### theHarvester
+- **Type**: Open source
+- **GitHub**: https://github.com/laramies/theHarvester
+- **Strengths**:
+  - Email, subdomain, name enumeration
+  - Multiple search engines (Google, Bing, Shodan, etc.)
+  - Fast reconnaissance
+- **Weaknesses**:
+  - API rate limits
+- **Use Case**: Initial OSINT, target profiling
+
+### Shodan
+- **Type**: Commercial (free tier available)
+- **Website**: https://www.shodan.io/
+- **Strengths**:
+  - Internet-connected device search engine
+  - Identify exposed services and vulnerabilities
+  - API access
+- **Weaknesses**:
+  - Paid features for advanced queries
+- **Use Case**: External asset discovery, vulnerability research
+
+### Amass
+- **Type**: Open source (OWASP)
+- **GitHub**: https://github.com/owasp-amass/amass
+- **Strengths**:
+  - DNS enumeration and network mapping
+  - Subdomain discovery
+  - ASN mapping
+- **Weaknesses**:
+  - Slow for large domains
+- **Use Case**: External attack surface mapping
+
+### SpiderFoot
+- **Type**: Open source
+- **Website**: https://www.spiderfoot.net/
+- **Strengths**:
+  - Automated OSINT collection
+  - 200+ data sources
+  - Web UI and correlation engine
+- **Weaknesses**:
+  - Resource-intensive
+- **Use Case**: Comprehensive OSINT investigations
+
+## AI/LLM Red Teaming Tools
+
+### DeepTeam
+- **Type**: Open source (Python framework)
+- **GitHub**: https://github.com/confident-ai/deepteam
+- **Strengths**:
+  - 40+ vulnerabilities (OWASP Top 10 LLM aligned)
+  - 10+ attack methods (single-turn & multi-turn)
+  - LLM-as-judge evaluation
+  - YAML-based configuration
+  - CLI and programmatic API
+- **Weaknesses**:
+  - Requires API keys for evaluation models
+  - Python dependency
+- **Use Case**: Comprehensive LLM security testing, CI/CD integration
+
+### Promptfoo
+- **Type**: Open source
+- **Website**: https://www.promptfoo.dev/
+- **GitHub**: https://github.com/promptfoo/promptfoo
+- **Strengths**:
+  - 20+ red team vulnerability categories
+  - Custom evaluation metrics
+  - Supports multiple LLM providers
+  - Web UI for results visualization
+- **Weaknesses**:
+  - Node.js dependency
+- **Use Case**: LLM application testing, prompt optimization
+
+### FLIRT (Feedback Loop In-context Red Teaming)
+- **Type**: Research tool
+- **Paper**: https://arxiv.org/abs/2308.04265
+- **Strengths**:
+  - Iterative attack refinement
+  - Uses feedback to improve attacks
+  - High success rate
+- **Weaknesses**:
+  - Research prototype (not production-ready)
+- **Use Case**: Academic research, advanced red teaming
+
+### AdvPrompter
+- **Type**: Research tool
+- **Strengths**:
+  - LLM-based adversarial prompt generation
+  - Optimizes for effectiveness and speed
+  - Generates human-readable attacks
+- **Weaknesses**:
+  - Research prototype
+- **Use Case**: Automated attack generation research
+
+### GRT (Gandalf Red Team)
+- **Type**: Community challenge platform
+- **Website**: https://gandalf.lakera.ai/
+- **Strengths**:
+  - Gamified LLM red teaming
+  - Levels of difficulty
+  - Community leaderboard
+- **Weaknesses**:
+  - Limited to specific scenarios
+- **Use Case**: LLM security training, skill building
+
+### JailbreakBench
+- **Type**: Open benchmark
+- **Website**: https://jailbreakbench.github.io/
+- **Strengths**:
+  - Standardized jailbreak evaluation
+  - Public leaderboard
+  - Reproducible testing
+- **Weaknesses**:
+  - Limited to jailbreak testing
+- **Use Case**: LLM robustness benchmarking
+
+## Network Security Tools
+
+### Nmap
+- **Type**: Open source
+- **Website**: https://nmap.org/
+- **Strengths**:
+  - Port scanning and service detection
+  - OS fingerprinting
+  - NSE (Nmap Scripting Engine) for automation
+- **Use Case**: Network reconnaissance, vulnerability scanning
+
+### Burp Suite
+- **Type**: Commercial (free Community edition)
+- **Website**: https://portswigger.net/burp
+- **Strengths**:
+  - Web application security testing
+  - Proxy, scanner, intruder, repeater
+  - Extensible with BApps
+- **Use Case**: Web application penetration testing
+
+### Wireshark
+- **Type**: Open source
+- **Website**: https://www.wireshark.org/
+- **Strengths**:
+  - Network protocol analyzer
+  - Packet capture and dissection
+  - Display filters and analysis
+- **Use Case**: Network traffic analysis, protocol debugging
+
+## Defensive Tools (Blue Team)
+
+### Velociraptor
+- **Type**: Open source
+- **Website**: https://www.rapid7.com/products/velociraptor/
+- **Strengths**:
+  - Endpoint visibility and forensics
+  - Hunt malicious activity
+  - Incident response platform
+- **Use Case**: Detection engineering, threat hunting
+
+### Sigma
+- **Type**: Open source (detection rule format)
+- **GitHub**: https://github.com/SigmaHQ/sigma
+- **Strengths**:
+  - Generic signature format for SIEM
+  - 3,000+ detection rules
+  - Convert to Splunk, Elastic, QRadar
+- **Use Case**: Detection rule development and sharing
+
+### YARA
+- **Type**: Open source
+- **Website**: https://virustotal.github.io/yara/
+- **Strengths**:
+  - Malware identification and classification
+  - Pattern matching for files and processes
+  - Widely adopted
+- **Use Case**: Malware detection, threat intelligence
+
+## Tool Selection Criteria
+
+### For Cybersecurity Red Teaming
+- **Initial Access**: Metasploit, Cobalt Strike, custom exploits
+- **C2 Infrastructure**: Sliver (budget), Cobalt Strike (professional), Mythic (team)
+- **Credential Attacks**: Mimikatz, BloodHound, Rubeus, Impacket
+- **Phishing**: Gophish (standard), EvilNginx (advanced MFA bypass)
+- **OSINT**: theHarvester (quick), Amass (comprehensive), Shodan (external)
+
+### For AI/LLM Red Teaming
+- **Comprehensive Testing**: DeepTeam (production), Promptfoo (development)
+- **Research**: FLIRT, AdvPrompter, academic frameworks
+- **Benchmarking**: JailbreakBench, public leaderboards
+- **Training**: GRT (Gandalf), capture-the-flag platforms
+
+## Critical Reminders
+
+- **Licensing**: Verify tool licenses (commercial vs. open source)
+- **Legal Use**: Only use tools for authorized red team operations
+- **Detection**: Most tools are well-signatured; customize for stealth
+- **Updates**: Tools evolve rapidly; stay current with latest versions
+- **Operational Security**: Protect red team infrastructure and tool chains
+- **Blue Team Value**: Share tool knowledge with defenders for detection engineering

package/skills/releasing/.skillkit-mode

@@ -0,0 +1 @@
+fast

package/skills/releasing/SKILL.md

@@ -0,0 +1,225 @@
+---
+name: releasing
+description: >
+  Automate the full release workflow: version bumping (major/minor/patch), changelog generation,
+  git tagging, pushing, and GitHub release creation. Handles semver across Node.js, Python, Rust,
+  Go, and generic projects. Enforces mandatory confirmations before irreversible actions (push, release).
+  USE WHEN: user says "release", "bump version", "cut a release", "tag and release", "/releasing",
+  or asks to prepare a new version of their project.
+category: deployment
+---
+
+# Releasing
+
+Automate version bumps, changelog, git tags, and GitHub releases. Stop gates enforce confirmation before every irreversible action.
+
+## Workflow
+
+1. Detect ecosystem and current version
+2. Confirm bump type with user
+3. Execute release pipeline
+
+## Step 1: Pre-flight Checks
+
+Run all checks. Stop and report on any failure.
+
+```bash
+# Must be in a git repo
+git rev-parse --is-inside-work-tree
+
+# Must have clean working tree (no uncommitted changes)
+git status --porcelain
+
+# Must be on a releasable branch (main, master, or release/*)
+git branch --show-current
+
+# Must have a remote configured
+git remote -v
+
+# Check if gh CLI is available (needed for GitHub release)
+command -v gh
+```
+
+**Dirty tree:** Stop. User must commit or stash first.
+**Wrong branch:** Stop. Report branch, ask to continue.
+**No gh CLI:** Warn, skip GitHub release step.
+
+## Step 2: Detect Version
+
+Scan version files in priority order:
+
+| Priority | File | Ecosystem | Pattern |
+|----------|------|-----------|---------|
+| 1 | `package.json` | Node.js | `"version": "X.Y.Z"` |
+| 2 | `pyproject.toml` | Python | `version = "X.Y.Z"` |
+| 3 | `Cargo.toml` | Rust | `version = "X.Y.Z"` |
+| 4 | `setup.cfg` | Python (legacy) | `version = X.Y.Z` |
+| 5 | `VERSION` | Generic | Plain text `X.Y.Z` |
+| 6 | Latest git tag | Any | `vX.Y.Z` or `X.Y.Z` |
+
+For full detection patterns and edge cases, load `references/version-detection.md`.
+
+**Report to user:** "Current version: **X.Y.Z** (detected from `<file>`)"
+
+## Step 3: Determine Bump Type
+
+Use user-specified type if provided. Otherwise:
+
+**Stop Condition (Mandatory):** Ask user to choose bump type.
+- **patch** (X.Y.Z -> X.Y.Z+1) - Bug fixes, small changes
+- **minor** (X.Y.Z -> X.Y+1.0) - New features, backward compatible
+- **major** (X.Y.Z -> X+1.0.0) - Breaking changes
+
+Calculate and show the new version before proceeding.
+
+## Step 4: Update Version File
+
+Apply the version bump to the detected file:
+
+```bash
+# Node.js - use npm version without git tag (we handle tagging ourselves)
+npm version <patch|minor|major> --no-git-tag-version
+
+# Python (pyproject.toml) - sed replacement
+# Rust (Cargo.toml) - sed replacement
+# Generic - direct file write
+```
+
+**Important:** Only update the version file. Do NOT run `npm version` with default behavior (it creates its own tag).
+
+Also update `package-lock.json` if it exists (Node.js):
+```bash
+[ -f package-lock.json ] && npm install --package-lock-only
+```
+
+## Step 5: Update Changelog
+
+Check if `CHANGELOG.md` exists. If not, create it.
+
+Generate changelog entries from git log since last tag:
+
+```bash
+# Get last tag
+LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+
+# Get commits since last tag (or all commits if no tag)
+if [ -n "$LAST_TAG" ]; then
+  git log "$LAST_TAG"..HEAD --pretty=format:"- %s (%h)" --no-merges
+else
+  git log --pretty=format:"- %s (%h)" --no-merges
+fi
+```
+
+Prepend new section to CHANGELOG.md in this format:
+
+```markdown
+## [X.Y.Z] - YYYY-MM-DD
+
+### Changes
+- commit message 1 (abc1234)
+- commit message 2 (def5678)
+```
+
+**Categorize commits if conventional commits are used:**
+- `feat:` -> "Added"
+- `fix:` -> "Fixed"
+- `docs:` -> "Documentation"
+- `refactor:` -> "Changed"
+- `BREAKING CHANGE:` -> "Breaking Changes" (at top)
+- Other -> "Changes"
+
+## Step 6: Commit Version Bump
+
+```bash
+git add -A
+git commit -m "chore(release): v<NEW_VERSION>"
+```
+
+Show the commit to user for awareness.
+
+## Step 7: Create Git Tag
+
+```bash
+git tag -a "v<NEW_VERSION>" -m "Release v<NEW_VERSION>"
+```
+
+## Step 8: Push (with confirmation)
+
+**Stop Condition (Mandatory):** This is irreversible. Ask user before pushing.
+
+Show exactly what will be pushed:
+- Branch: `<branch_name>`
+- Remote: `<remote_name>` (`<remote_url>`)
+- Commits: list new commits
+- Tag: `v<NEW_VERSION>`
+
+Only after user confirms:
+
+```bash
+git push origin <branch_name>
+git push origin "v<NEW_VERSION>"
+```
+
+## Step 9: Create GitHub Release (with confirmation)
+
+Skip if `gh` CLI is not available.
+
+**Stop Condition (Mandatory):** Ask user before creating public release.
+
+```bash
+# Extract changelog for this version to use as release notes
+gh release create "v<NEW_VERSION>" \
+  --title "v<NEW_VERSION>" \
+  --notes "<changelog_for_this_version>" \
+  --latest
+```
+
+For pre-release versions (contains `-alpha`, `-beta`, `-rc`):
+```bash
+gh release create "v<NEW_VERSION>" \
+  --title "v<NEW_VERSION>" \
+  --notes "<changelog>" \
+  --prerelease
+```
+
+## Step 10: Post-release Verification
+
+Verify everything succeeded:
+
+```bash
+# Verify tag exists on remote
+git ls-remote --tags origin "v<NEW_VERSION>"
+
+# Verify GitHub release (if created)
+gh release view "v<NEW_VERSION>" --json tagName,isDraft,isPrerelease
+```
+
+Report final summary:
+```
+Release v<NEW_VERSION> complete:
+  Version file: <file> updated
+  Changelog: CHANGELOG.md updated
+  Tag: v<NEW_VERSION> created and pushed
+  GitHub Release: published (or: skipped)
+```
+
+## Quick Reference: Common Invocations
+
+| User says | Bump type | Notes |
+|-----------|-----------|-------|
+| "release patch" | patch | Fastest path |
+| "bump minor" | minor | New feature release |
+| "major release" | major | Breaking change |
+| "release" / "cut a release" | ask user | Must confirm type |
+| "release 2.0.0" | explicit | Use exact version given |
+| "prerelease" / "release beta" | prepatch with `-beta.1` | Mark as prerelease |
+
+## Error Recovery
+
+| Error | Recovery |
+|-------|----------|
+| Push rejected (behind remote) | `git pull --rebase` then retry push |
+| Tag already exists | Ask user: force-update tag or use different version? |
+| gh auth failed | Run `gh auth login` and retry |
+| Version file not found | Ask user which file contains the version |
+| Merge conflict in changelog | Open file for manual resolution, then continue |