h2-connect-internal-scan

Official

Bypass firewalls to scan internal ports via H2 CONNECT

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the challenge of enumerating internal services and open ports hidden behind HTTP/2-enabled reverse proxies or load balancers, where standard port scanning and SSRF techniques are blocked by perimeter firewall rules.

Core Features & Use Cases

  • HTTP/2 Compatibility Verification: Confirms the target supports HTTP/2 ALPN negotiation to validate the attack vector is viable before proceeding.
  • Multiplexed Internal Port Scanning: Uses concurrent HTTP/2 CONNECT requests to scan high-value internal ports (including databases, caches, and internal admin interfaces) without triggering standard firewall blocks.
  • Use Case: For authorized red team engagements, use this Skill to map the internal attack surface of cloud-hosted applications that sit behind H2 proxies, identifying exposed sensitive services that are not reachable from the public internet.

Quick Start

Use the h2-connect-internal-scan skill to scan for open internal ports on the target web application that supports HTTP/2 and is fronted by a reverse proxy.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: h2-connect-internal-scan
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#h2-connect-internal-scan

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.