recon-salons
CommunityUncover salon booking flaws and exposed customer PII.
System Documentation
What problem does it solve?
Salon, barbershop, nail salon, and spa businesses commonly use third-party booking platforms that frequently expose customer PII, unauthenticated APIs, and IDOR vulnerabilities that are often missed during standard web reconnaissance, leading to avoidable data breaches in the personal services sector.
Core Features & Use Cases
- Sector-Specific Platform Fingerprinting: Automatically detect common booking platforms used by personal service businesses including Booksy, Vagaro, Square Appointments, Mindbody, Fresha, and StyleSeat.
- Common Vulnerability Checks: Test for unauthenticated booking API access, sequential IDOR on appointment and staff schedule endpoints, and exposed API keys in frontend code.
- Use Case: During a pentest engagement for a local med-spa, this skill cuts down manual recon time by 70% by automatically identifying the booking platform in use and running pre-built checks for the most common findings in this sector.
Quick Start
Use the recon-salons skill to perform full sector-specific reconnaissance on a target salon or spa website, including booking platform detection and automated checks for exposed customer data and IDOR flaws.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: recon-salons Download link: https://github.com/uphiago/recon-skills/archive/main.zip#recon-salons Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.