recon-automotive-dealers
CommunitySector-specific recon for car dealership websites.
System Documentation
What problem does it solve?
Car dealership and automotive retail websites often run WordPress or custom PHP on shared hosting, storing sensitive customer data like credit applications, vehicle inventory records, and service booking details, with common unpatched vulnerabilities and exposed endpoints that pose risks during authorized security assessments.
Core Features & Use Cases
- Sector-Tailored Recon: Built from field data across 20+ US auto dealer networks, with workflows adapted for common dealer platforms like Dealer.com, CDK Global, and WordPress inventory plugins.
- Multi-Phase Enumeration: Covers domain discovery, WordPress recon (user enumeration, XMLRPC checks, debug log exposure), inventory API scanning, financing portal PII discovery, and plugin vulnerability fingerprinting.
- Real-World Bypass Guidance: Includes techniques to bypass Cloudflare/WAF protections used by large dealer groups, and identifies common attack surfaces like unauthenticated inventory APIs and unprotected upload directories containing customer credit documents.
Quick Start
Use the recon-automotive-dealers skill to perform full sector-specific reconnaissance on a target car dealership domain to identify exposed WordPress endpoints, inventory APIs, and sensitive PII storage locations.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: recon-automotive-dealers Download link: https://github.com/uphiago/recon-skills/archive/main.zip#recon-automotive-dealers Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.