AgentSkillsCN

Recon

侦察

SKILL.md

/recon - Reconnaissance

Perform initial reconnaissance on a challenge target.

Usage

code
/recon <file>
/recon <url>
/recon <host:port>

Instructions

When the user invokes /recon, gather comprehensive initial intelligence:

File Reconnaissance

bash
# Basic identification
file <target>
ls -la <target>

# Content preview
xxd <target> | head -30
strings <target> | head -50

# Archive inspection
binwalk <target>

# Metadata
exiftool <target> 2>/dev/null || true

Binary Reconnaissance

bash
# Security features
checksec --file=<binary>

# Architecture info
file <binary>
readelf -h <binary> 2>/dev/null || true

# Symbols and functions
nm <binary> 2>/dev/null | head -30 || true
objdump -t <binary> 2>/dev/null | grep -E "main|flag|win|shell|system" || true

# Dangerous functions
objdump -d <binary> 2>/dev/null | grep -E "gets|strcpy|sprintf|scanf" || true

# Strings of interest
strings <binary> | grep -iE "flag|password|secret|key|admin|root" || true

Network Service Reconnaissance

bash
# Banner grab
echo "" | nc -v <host> <port> -w 3 2>&1 | head -20

# HTTP service
curl -v <url> 2>&1 | head -50

For web services:

  • Check response headers
  • Identify server/framework
  • Look for robots.txt, .git, common paths
  • Note cookies and session handling

Directory/Multi-file Reconnaissance

bash
# List all files
find <directory> -type f

# Identify file types
file <directory>/*

# Look for interesting files
find <directory> -name "*.py" -o -name "*.php" -o -name "*.js" -o -name "flag*"

Output Format

code
## Reconnaissance Report

**Target**: <target>
**Type**: <file/binary/service/directory>

### Basic Information
- File type: ...
- Size: ...
- Permissions: ...

### Key Findings
1. ...
2. ...
3. ...

### Strings of Interest
<relevant strings> ```

Security Features (if binary)

FeatureStatus
ASLR...
NX...
PIE...
Canary...
RELRO...

Recommendations

  • Suggested category: ...
  • Next step: /analyze <target> or specific agent
  • Tools to use: ...
code

### Quick Checks

Always check for:
1. **Flag in plaintext**: `strings <file> | grep -i flag`
2. **Embedded files**: `binwalk -e <file>`
3. **Hidden data**: Check file size vs expected
4. **Encoding**: Base64, hex, rot13 patterns
5. **Comments**: Source code comments, metadata

### Follow-up Suggestions

Based on findings, suggest:
- Specific vulnerability to investigate
- Agent to delegate to
- `/analyze` for deeper analysis
- `/exploit` if vulnerability is clear