recon-gyms

Community

Uncover gym and fitness website security flaws fast.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Generic reconnaissance tools miss sector-specific vulnerabilities in gym and fitness center websites, which commonly use specialized booking platforms and member portals with unique security gaps that are frequently exploited in real-world engagements.

Core Features & Use Cases

  • Sector Platform Fingerprinting: Identifies common gym SaaS platforms (Mindbody, Mariana Tek, ClubReady) and underlying content management systems (WordPress, custom PHP, Wix, Squarespace).
  • Booking & API Recon: Discovers exposed class schedule, booking, and member APIs that often leak personally identifiable information or allow insecure direct object reference (IDOR) attacks.
  • Payment & Portal Testing: Checks for misconfigured payment integrations and unauthenticated access to member portals and profile endpoints.
  • Use Case: For example, during a pentest of a boutique fitness studio, this skill can locate hardcoded Mindbody API keys in JavaScript bundles or unauthenticated endpoints that expose member check-in history and personal details.

Quick Start

Use the recon-gyms skill to perform full sector-specific reconnaissance on the target gym website and identify all exploitable booking, portal, and payment vulnerabilities.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: recon-gyms
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#recon-gyms

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.