passive recon AI Agent Skills
Browse 5 skills related to passive recon
pentest-recon-osint
Perform passive reconnaissance and leak intelligence collection with no direct contact to target systems.
performing-subdomain-enumeration-with-subfinder
Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.
collecting-open-source-intelligence
Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and attack campaigns using publicly available data sources, passive reconnaissance tools, and dark web monitoring. Use when investigating external threat actor infrastructure, performing pre-engagement reconnaissance for authorized red team assessments, or enriching CTI reports with publicly available adversary context. Activates for requests involving Maltego, Shodan, OSINT framework, SpiderFoot, or infrastructure reconnaissance.
recon-pipeline
Full multi-phase reconnaissance pipeline orchestrating all tools. Phase 1: Passive recon (Shodan, Subfinder, WhatWeb). Phase 2: Discovery (Nmap). Phase 3: Assessment (Nuclei, Nikto, sqlmap conditional). Use when asked for a complete security assessment or full recon.
shodan-recon
Passive reconnaissance using the Shodan API. Modes: host lookup, search, domain info, DNS, honeypot check. No packets are sent to targets — API-based only. Use when asked to look up host info, check exposed services, or perform passive recon.