Stats
Actions
Tags
From cybersecurity-skills
Gathers open source intelligence for red team engagements: enumerates attack surfaces, personnel, credentials, and technology stacks via public sources. Use during reconnaissance phase.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:performing-open-source-intelligence-gatheringThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> **Legal Notice:** This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack surfaces, potential targets for social engineering, technology stacks, and credential exposures. Effective OSINT directly shapes initial access strategies and reduces operational risk.
| Category | Sources | Value |
|---|---|---|
| Domain Intelligence | DNS records, WHOIS, CT logs, subdomain enumeration | Network attack surface |
| Personnel Intelligence | LinkedIn, social media, conference talks, publications | Social engineering targets |
| Credential Intelligence | Breach databases, paste sites, GitHub leaks | Valid credential discovery |
| Technology Intelligence | Job postings, Wappalyzer, Shodan, Censys | Vulnerability identification |
| Physical Intelligence | Google Maps, social media photos, Glassdoor | Physical access planning |
| Document Intelligence | SEC filings, public documents, metadata extraction | Organizational structure |
| Tool | Purpose | Type |
|---|---|---|
| Amass | Subdomain enumeration and network mapping | Open Source |
| Subfinder | Passive subdomain discovery | Open Source |
| theHarvester | Email, subdomain, and name harvesting | Open Source |
| Maltego | Visual link analysis and data correlation | Commercial |
| SpiderFoot | Automated OSINT collection | Open Source |
| Shodan | Internet-connected device search | Commercial |
| Censys | Internet asset discovery | Commercial |
| Recon-ng | Web reconnaissance framework | Open Source |
| GitDorker | GitHub secret scanning | Open Source |
| Photon | Web crawler for OSINT | Open Source |
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsGathers open source intelligence for red team engagements: enumerates attack surfaces, personnel, credentials, and technology stacks via public sources. Use during reconnaissance phase.
Performs OSINT gathering for red team engagements, enumerating domains, IPs, employees, leaked credentials, tech stacks, and physical locations to map attack surfaces.
Gathers open source intelligence (OSINT) for red team engagements, enumerating external attack surfaces, identifying employees, leaked credentials, technology stacks, and physical locations.