Recon For Sec
Route a new or unknown target through structured recon—scope, assets, fingerprints, and endpoints—before deeper security skills run.
Overview
recon-for-sec is an agent skill most often used in Ship security (also Validate scope, Build integrations) that routes new targets through asset discovery, fingerprinting, and endpoint inventory before specialized securi
Install
npx skills add https://github.com/yaklang/hack-skills --skill recon-for-secWhat is this skill?
- P1 entry router for reconnaissance and methodology on new targets
- Three-step recommended flow: confirm scope, discover and fingerprint, route to follow-up sec skills
- Skill map links to recon methodology, insecure SCM exposure, and dependency-confusion recon
- Downstream routes to api-sec, auth-sec, injection-checking, and business-logic testing based on findings
- Emphasizes endpoint inventory and test-route planning over unstructured enumeration
- 3-step recommended flow (scope confirmation, discovery and fingerprinting, routed follow-up testing)
- 4 downstream security skill routes named in the router (api-sec, auth-sec, injection-checking, business-logic-vuln)
Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You received a new target and do not know which assets exist or which security skill to invoke first, so you risk noisy, out-of-scope, or random testing.
Who is it for?
Solo builders or indie security-minded developers performing authorized assessments who need a repeatable recon entrypoint into the Yaklang hack-skills tree.
Skip if: Casual feature development with no security mandate, or engagements where formal scope and rules of engagement are not defined yet.
When should I use this skill?
You just received a new target and do not yet know what to test first; you need asset discovery, tech fingerprinting, endpoint inventory, and test-route planning instead of random payload enumeration.
What do I get? / Deliverables
You finish with a scoped asset and endpoint picture and an explicit route to the next security skill—API, auth, injection, or business-logic—based on evidence rather than guesswork.
- Scoped asset and service inventory with technology fingerprints
- Recommended next security skill slug and test-route rationale
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Security recon is shelved under Ship security because it precedes structured testing and hardening as you prepare to expose or stress a system responsibly. Security subphase fits a P1 methodology router that chooses the first high-value testing path instead of random payload spraying.
Where it fits
Confirm in-scope domains and asset types before any port scan or endpoint harvest on a client MVP.
Fingerprint staging APIs and third-party callbacks to decide whether api-sec or auth-sec should run first.
After inventorying routes on a pre-release build, route to injection-checking or business-logic-vuln based on observed inputs.
How it compares
Use as a methodology router and scope gate—not a single exploit checklist or a substitute for full automated scanners.
Common Questions / FAQ
Who is recon-for-sec for?
It is for practitioners starting authorized security work on unfamiliar hosts, APIs, or apps who need structured recon before deeper Yaklang security skills.
When should I use recon-for-sec?
Use it at the start of Ship security testing when mapping scope and assets, during Validate scope when defining what is in-bounds, and when planning Build-time integration reviews that need fingerprint-driven test routes.
Is recon-for-sec safe to install?
Security skills can imply network recon tooling in sibling docs—review the Security Audits panel on this Prism page and your authorization paperwork before enabling the hack-skills repo in an agent.
SKILL.md
READMESKILL.md - Recon For Sec
# Recon and Methodology Router This is the starting router for new targets and unknown attack surfaces. ## When to Use - You just received a new target and do not yet know what to test first - You need to begin with asset discovery, tech fingerprinting, endpoint inventory, and test-route planning - You want to build follow-up testing on structured methodology instead of random payload enumeration ## Skill Map - [Recon and Methodology](../recon-and-methodology/SKILL.md) - [Insecure Source Code Management](../insecure-source-code-management/SKILL.md) — .git/.svn/.hg exposure detection - [Dependency Confusion](../dependency-confusion/SKILL.md) — Supply chain reconnaissance for internal package names ## Recommended Flow 1. First confirm in-scope assets and target type 2. Then perform asset discovery, port/service identification, technology fingerprinting, and endpoint collection 3. Route based on collected findings to [api-sec](../api-sec/SKILL.md), [auth-sec](../auth-sec/SKILL.md), [injection-checking](../injection-checking/SKILL.md), or [business-logic-vuln](../business-logic-vuln/SKILL.md)