deep-invade
CommunityDeep WordPress pentest for high-value target takeovers.
Software Engineering#vulnerability assessment#subdomain enumeration#offensive security#wordpress pentest#ssrf probing#plugin cve scanning#credential mining
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Bridges the gap between initial surface reconnaissance of WordPress targets and deep exploitation, where standard recon fails to uncover high-impact attack vectors like SSRF flaws, unpatched plugin CVEs, and exposed credentials in error logs.
Core Features & Use Cases
- 7-Phase Deep Pentest Workflow: Executes extended SSRF probing via XMLRPC pingback, error log credential mining, plugin CVE matrix scanning, JavaScript secret extraction, subdomain/staging discovery, fast port scanning, and API endpoint enumeration.
- Wave-Aligned Progression: Builds on prior recon waves 5-9, with proven results across 7 US company targets, to systematically uncover chains leading to RCE or data breaches.
- Use Case: Assigned to a high-value WordPress target that scored 6 or higher in wp-mass-recon, this skill eliminates manual guesswork by automating deep probes for the most common high-severity WordPress vulnerabilities.
Quick Start
Use the deep-invade skill to run a complete deep pentest assessment on your high-value WordPress target that passed initial wp-mass-recon scoring, including all SSRF, credential mining, plugin CVE, and enumeration steps.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: deep-invade Download link: https://github.com/uphiago/recon-skills/archive/main.zip#deep-invade Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.