Skill

infrastructure

Tests network infrastructure for vulnerabilities using port scanning, DNS attacks, MITM, VLAN hopping, IPv6 exploits, SMB/NetBIOS enumeration, sniffing, and DoS assessments. Includes ICS/SCADA and IoT techniques.

Docker

Linux

security

infrastructure

npx claudepluginhub transilienceai/communitytools

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Test network infrastructure for vulnerabilities including network services, protocols, and perimeter security.

Supporting Assets

SKILL.md

Similar Skills

nmap

674

Guides nmap-based network reconnaissance: fast full-port SYN scans, service/version detection, NSE scripts, and output parsing. Use for enumerating services and detecting vulnerabilities.

iothackbot

conducting-network-penetration-test

Conducts network penetration tests on authorized targets using Nmap, Metasploit, and PTES methodology for host discovery, port scanning, vulnerability identification, and exploitation assessment.

asi

recon-nmap

108

Conducts authorized network reconnaissance with Nmap: host discovery, port scanning, service enumeration, OS fingerprinting, and NSE vulnerability detection. For security audits and compliance checks.

4 files

threatmodel-skills

Stats

Stars223

Forks44

Last CommitApr 27, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Infrastructure

Test network infrastructure for vulnerabilities including network services, protocols, and perimeter security.

Techniques

Type	Key Vectors
Port Scanning	SYN scan, UDP scan, service detection, OS fingerprinting
DNS	Zone transfers, cache poisoning, subdomain takeover, DNS rebinding
MITM	ARP spoofing, DNS spoofing, SSL stripping, LLMNR/NBT-NS poisoning
VLAN Hopping	Switch spoofing, double tagging
IPv6	RA flooding, neighbor spoofing, tunneling attacks
SMB/NetBIOS	Null sessions, relay attacks, enumeration
Sniffing	Packet capture, credential harvesting, protocol analysis
DoS	Resource exhaustion, amplification, application-layer
ICS/SCADA	Modbus TCP, PLC exploitation, coil/register manipulation, session hijacking
UPnP / IoT / CPE	rootDesc/SCPD enumeration, vendor SOAP info disclosure (`GetPassword`), command injection via vendor actions, cross-action auth-key reuse
Hardware / Embedded	Logic captures (Saleae `.sal`), CAN/UART decoding, side-channel password recovery, legacy CPU errata, i386 tools via docker

Workflow

Network discovery and topology mapping
Port scanning and service enumeration
Protocol-specific vulnerability testing
Network attack execution (authorized scope only)
Evidence capture with packet captures and logs

Reference

Quickstart guides (per attack type):

reference/port-scanning-quickstart.md - Port scanning and service discovery
reference/dns-quickstart.md - DNS attacks and enumeration
reference/mitm-quickstart.md - Man-in-the-middle attacks
reference/vlan-hopping-quickstart.md - VLAN hopping techniques
reference/ipv6-quickstart.md - IPv6 attack vectors
reference/smb-netbios-quickstart.md - SMB/NetBIOS exploitation
reference/sniffing-quickstart.md - Network sniffing and capture
reference/dos-quickstart.md - DoS assessment
reference/ics-modbus-quickstart.md - ICS/SCADA Modbus PLC exploitation
reference/upnp-iot-quickstart.md - UPnP / IoT / CPE firmware web UI enumeration and exploitation
reference/hardware-embedded-quickstart.md - Logic captures, CAN/UART decoding, side-channel char-by-char recovery, legacy CPU bugs (6502), i386 tooling on ARM macOS

Scan techniques: reference/syn-scan.md, reference/udp-scan.md, reference/icmp-scan.md, reference/os-fingerprint.md Other: reference/firewall-detection.md, reference/service-enum.md, reference/ip-reputation.md, reference/overview.md