hunt-metrics-exposure
CommunityExpose hidden operational metrics and health leaks
System Documentation
What problem does it solve?
Modern web applications built with Go, .NET, Java, or Node.js often leave observability endpoints like /metrics, /health, and framework-specific actuator paths unauthenticated. These endpoints leak critical operational intelligence including AI model usage, database connection pool status, third-party service dependencies, and real-time user activity, which attackers can leverage for further exploitation.
Core Features & Use Cases
- Endpoint Discovery: Scans for 20+ common observability and health check paths across popular web frameworks and observability tools.
- Intelligence Extraction: Analyzes Prometheus metric output to pull AI/ML model usage, database pool states, circuit breaker status, and request volume data.
- Vulnerability Validation: Confirms exposure of critical endpoints like Spring Boot Actuator /env and Laravel Telescope, and flags false positive minimal health checks.
- Use Case: During a red team engagement, use this skill to quickly map a target's operational footprint, identify AI tools in use, and uncover infrastructure dependencies for chained attacks like DoS or LLM prompt injection.
Quick Start
Use the hunt-metrics-exposure skill to scan the target domain https://target.com for unauthenticated metrics and health endpoints that expose sensitive operational intelligence.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-metrics-exposure Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hunt-metrics-exposure Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.