docs: add reconnaissance skill docs for nmap, nuclei, httpx, and ffuf#325
docs: add reconnaissance skill docs for nmap, nuclei, httpx, and ffuf#325mason5052 wants to merge 6 commits intousestrix:mainfrom
Conversation
Add four skill reference files covering the core sandbox recon tools: - nmap.md: port scanning, service detection, NSE scripts, two-phase workflow - nuclei.md: template-based vuln scanning, tag/severity filtering, scan sequences - httpx.md: HTTP probing, tech detection, status filtering, JSON output parsing - ffuf.md: directory fuzzing, parameter fuzzing, vhost enumeration, response filtering Each skill includes: core usage, flag reference, common scenarios, tool chaining examples, output parsing, validation steps, and false positive guidance. Closes usestrix#278
Greptile SummaryAdds comprehensive documentation for four reconnaissance tools ( Confidence Score: 5/5
Important Files Changed
Last reviewed commit: 085990e |
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive skill reference documentation for four core reconnaissance tools used in the Strix sandbox environment. These documentation files provide agents with detailed CLI syntax, common usage patterns, and best practices for network discovery, web probing, vulnerability scanning, and directory fuzzing during penetration testing engagements. The documentation structure follows the established pattern used in existing vulnerability skill files (xss.md, sqli.md, etc.), ensuring consistency across the codebase.
Changes:
- Added nmap skill documentation covering port scanning, service detection, NSE scripts, and two-phase scanning workflows
- Added nuclei skill documentation for template-based vulnerability scanning with tag/severity filtering and JSON output parsing
- Added httpx skill documentation for HTTP probing, technology detection, and TLS certificate extraction
- Added ffuf skill documentation for directory/file fuzzing, parameter enumeration, vhost discovery, and response filtering techniques
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| strix/skills/reconnaissance/nmap.md | Documents nmap port scanning capabilities including TCP/UDP scanning, service version detection, OS fingerprinting, NSE script usage, and output parsing for tool chaining |
| strix/skills/reconnaissance/nuclei.md | Documents nuclei vulnerability scanner with template categories, tag-based filtering, severity levels, rate control options, and JSON output interpretation |
| strix/skills/reconnaissance/httpx.md | Documents httpx web probing including status code filtering, technology fingerprinting, TLS certificate inspection, and integration with subdomain enumeration pipelines |
| strix/skills/reconnaissance/ffuf.md | Documents ffuf web fuzzer covering directory discovery, parameter fuzzing, vhost enumeration, response filtering strategies, and wordlist locations in the sandbox environment |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Extends sandbox tool skill coverage (Issue usestrix#278) with two additional reconnaissance tools: - subfinder.md: passive subdomain enumeration, source configuration, API key setup, JSONL output parsing, pipeline integration with httpx/nuclei/ffuf, scope filtering, and subdomain takeover hints - wafw00f.md: WAF detection and fingerprinting, output formats (text/ JSON/CSV), WAF family comparison table with scan strategy adjustments per WAF type, WAF-aware nuclei/ffuf rate tuning, and detection logic explanation Both follow the established skill format with flag reference tables, chaining examples, validation steps, false positive guidance, and pro tips.
- Fix nmap greppable output parsing to use correct awk field extraction from Ports: lines instead of unreliable grep/awk pipe on raw output - Fix httpx JSON parsing to handle version-dependent field names (status_code vs status-code) with fallback access pattern - Reorder nmap.md sections to match standard skill template flow - Add authorized-targets-only notice to all 6 reconnaissance skill intros
|
Quick update: pushed a fix commit (ed53f34) that addresses:
All other files unchanged. Ready for review whenever you get a chance! |
- Replace unreliable grep/awk -oG parsing with proper Ports: field extraction (consistent with nmap.md and httpx.md) - Use dict.get() for nuclei JSON output parsing to prevent KeyError on missing info/severity/template-id fields
|
Hi @0xallam -- just a friendly ping on this one. It's been about a week since the last update and the PR is ready for review whenever you get a chance. Both Copilot and Greptile gave clean assessments (0 issues / 5 out of 5), and I addressed the nmap parsing and httpx version-compat items in the latest commits. No rush at all -- I know there's a queue. Happy to make any changes if needed! |
Summary
Adds 6 reconnaissance skill reference files for the sandbox tools listed in Issue #278, plus a YAML frontmatter example in the skills README.
New skill files:
strix/skills/reconnaissance/nmap.md-- port scanning, service detection, NSE scripts, two-phase workflow, output parsingstrix/skills/reconnaissance/nuclei.md-- template-based vulnerability scanning, tag/severity filtering, rate limiting, scan sequencesstrix/skills/reconnaissance/httpx.md-- HTTP probing, tech detection, TLS certificate inspection, JSON output parsingstrix/skills/reconnaissance/ffuf.md-- directory fuzzing, parameter fuzzing, vhost enumeration, response filtering, authenticated scanningstrix/skills/reconnaissance/subfinder.md-- passive subdomain enumeration, API key configuration, JSONL output, scope filteringstrix/skills/reconnaissance/wafw00f.md-- WAF detection and fingerprinting, WAF-aware scan rate adjustment per WAF familyREADME improvement:
strix/skills/README.md-- adds a YAML frontmatter code block example to the "Creating New Skills" section so contributors can see the exact format without having to infer it from existing filesEach skill file follows the same structure: YAML frontmatter, core usage, key flags reference table, common scenarios, tool chaining examples, output parsing, validation steps, false positive guidance, and pro tips.
Closes #278