Meta-dispatcher for the redcap suite. Routes red-team and device-research intent to the appropriate sibling skill. Start here when the right sibling isn't obvious or when a task needs multiple siblings chained.
Offensive payload library lookup. SQL injection, XSS, SSTI, LDAP, XXE, CSRF, CRLF, SSRF, deserialization, auth bypass, WAF bypass, CVE-specific exploits. Thin wrapper around a local clone of swisskyrepo/PayloadsAllTheThings with topic-folder navigation and Intruder wordlist retrieval.
Binary reverse engineering with ImHex. Hex editing, Pattern Language for structured binary parsing, YARA, diffing, multi-ISA disassembly (ARM32/64, x86, MIPS, RISC-V), entropy and magic-byte analysis. Uses ImHex's native MCP server when installed, otherwise teaches the pattern language for manual use.
Android APK / XAPK / JAR / AAR decompilation with jadx and Fernflower/Vineflower. Extract HTTP API endpoints (Retrofit, OkHttp, Volley), trace call flows from UI to network, locate compile-time feature gates. Optional Androguard integration for programmatic call-graph and cross-reference analysis. Adopted from SimoneAvogadro/android-reverse-engineering-skill under Apache 2.0.
Autonomous penetration testing via local PentestGPT CLI. Subprocess wrapper around a private fork of GreyDGL/PentestGPT for CTF challenges, Hack The Box machines, and authorized engagements. Streams walkthrough, detects flags, maintains session state. Isolates upstream's adversarial system prompt.
Firmware and kernel analysis workbench. Unpack MTK scatter / squashfs / ubifs / ext4 partitions. Grep for compile-time feature gates (em_support, show_5g_toggle, engineer_mode, debug_mode). Audit advertised features vs actual compile-time state. Detect FCC-filing gaps. Corpus grows as you acquire trees and dumps.
Security compliance baseline audit using ComplianceAsCode/content. Compare a target system or device config to a hardening baseline — SCAP, STIG (DISA), CIS benchmarks, PCI-DSS, OSPP, USGCB. Emit deviation report with specific rule references (OVAL, XCCDF, CCE).