Repository inventory

transilienceai/communitytools

Skills indexed from this repository, with install-style signals scoped to the repo.
16 skills672 GitHub stars0 weekly installsPythonGitHubOwner profile

Overview

This skill enumerates discoverable subdomains for a target domain using passive reconnaissance: Certificate Transparency logs, passive DNS sources, search-engine dorks, and common subdomain wordlists. It focuses on non-intrusive data collection and returns validated FQDNs, resolution status, IP addresses, source attribution, and detected naming patterns. Results are suitable for penetration testing, bug bounty triage, and security research.

How this skill works

The skill queries crt.sh to pull certificate entries for the target domain, normalizes and deduplicates name_value entries, and extracts candidate subdomains. It runs search-engine dorks to gather indexed hosts and parses results for additional FQDNs. A common-subdomain wordlist is applied and each candidate is DNS-resolved; optional passive-DNS APIs (VirusTotal, SecurityTrails, DNSDumpster) are queried when API keys are available. Final output merges sources, validates resolution, annotates IPs, and analyzes naming patterns.

When to use it

  • Initial external reconnaissance during a pentest or bug bounty engagement
  • Triage of a newly reported domain or asset scope validation
  • Discovery prior to vulnerability scanning or web application testing
  • Security research and monitoring of external asset exposure
  • Inventorying subdomains for attack surface reduction initiatives

Best practices

  • Use only passive sources and respect rate limits to avoid blocking
  • Supply API keys for passive DNS services to increase coverage when permitted
  • Validate every candidate by DNS resolution and record IP addresses and TTLs
  • Deduplicate and sort results; annotate each subdomain with its source(s) and evidence timestamps
  • Implement exponential backoff and logging for crt.sh and search engine queries to handle rate limiting and blocks

Example use cases

  • Enumerate subdomains of a client domain before scoped penetration testing to build a safe target list
  • Augment bug bounty reports with crt.sh and passive-DNS evidence for newly discovered hosts
  • Run periodic checks to detect leaked or forgotten subdomains exposed in CT logs
  • Combine wordlist checks with naming-pattern detection to find environment-specific hosts like staging-api or dev-backend
  • Validate third-party or partner domains for unexpected subdomain exposure prior to onboarding

FAQ

No. The skill uses passive techniques (CT logs, search dorks, passive DNS, and a common-wordlist DNS check) and avoids intrusive brute-force scanning.

What if a passive DNS provider requires an API key?

The skill supports optional passive-DNS integrations; provide API keys to enable VirusTotal or SecurityTrails lookups. Without keys, the skill continues with crt.sh, search dorks, and the wordlist.

16 skills

subdomain_enumeration
Automation

This skill enumerates subdomains for a domain using CT logs, passive DNS, and dorks to map attack surface.

PythonResearchSecurityPython
html_content_analysis
Data

This skill analyzes HTML to extract technology signals from meta tags, comments, script patterns, and structured data for security research.

FrontendResearchSecurityPython
security_posture_analyzer
Analytics

This skill analyzes an organization's security posture by evaluating headers, CSP, HSTS, security.txt, and email security signals to identify gaps.

DevopsPythonSecurityTesting+1
pentest
Ai

This skill coordinates pentest activities, deploying specialized agents, aggregating findings, and generating comprehensive reports to streamline engagement

AutomationPlanningPythonSecurity+2
certificate_transparency
Automation

This skill queries Certificate Transparency logs to discover SANs, infer subdomain patterns, and surface potential internal naming conventions for security

PythonScriptingSecurityPython
frontend_inferencer
Angular

This skill infers frontend technologies by analyzing signals from JavaScript, HTML, and CSS to identify frameworks and UI patterns.

FrontendNuxtReactSecurity+4
web_archive_analysis
Ai

This skill analyzes Wayback snapshots to detect technology migrations over time, revealing historical stack changes and migration patterns for a domain.

AnalyticsBackendDataPython+2
cloud_infra_detector
Automation

This skill detects cloud providers, PaaS, and serverless platforms from signals such as IP, DNS, headers, and TLS to identify infrastructure.

CloudInfraSecurityPython
api_portal_discovery
Api

This skill discovers public API portals, OpenAPI/Swagger endpoints, and developer docs to map exposure and assist security research.

AutomationPythonResearchSecurity+1
third_party_detector
Analytics

This skill identifies third-party services such as payments, analytics, auth, CRM, and support from signals across a target.

PythonScriptingSecurityPython
common-appsec-patterns
Frontend

This skill coordinates specialized agents to identify and validate XSS, injection, CSRF, and other web vulnerabilities across modern apps.

FullstackSecurityTestingPython
domain_discovery
Python

This skill finds and validates a company's official domain using web search, WHOIS lookups, and common TLD checks.

ResearchSecurityPython
javascript_dom_analysis
Analytics

This skill detects frontend frameworks by analyzing global variables, DOM attributes, bundle patterns, and source maps to reveal technologies.

DebuggingFrontendJavascriptSecurity+1
cdn_waf_fingerprinter
Api

This skill identifies CDNs and WAFs from HTTP, DNS, and TLS signals to reveal protection layers and potential exposure.

CloudDevopsDockerPython+2
hackerone
Ai

This skill automates HackerOne workflows by parsing scope CSVs, deploying parallel pentest agents, validating PoCs, and generating ready-to-submit reports.

AutomationPythonSecurityTesting+1
job_posting_analysis
Analytics

This skill extracts technology requirements from job postings and career pages to reveal a company's tech stack for targeted talent insights.

BackendCloudDatabaseFrontend+2
More from this maintainer
Other repositories and skills published under the same GitHub owner.
Skills library
Jump back to the full directory or explore grouped topics.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational