red-teamlisted

# /red-team — Adversarial Security Testing Attack the codebase like a real hacker. Find vulnerabilities that static scanners miss. Think like an attacker, not a checker. ## Usage ``` /red-team # Full attack on current project /red-team $ARGUMENTS # Attack specific path or component ``` ## Philosophy - You are NOT a scanner. You are an attacker. - Think: "How would I break this?" not "Does this follow best practices?" - Chain vulnerabilities: a LOW finding + another LOW = potential CRITICAL - Test the DEPLOYMENT, not just the code (env vars, permissions, exposed ports) - Vibe-coded patterns are predictable — exploit that predictability ## Attack Phases ### Phase 0: External Attack Surface Start here — simulate an external attacker with no inside knowledge: 1. **Port scan** — discover exposed services: ```bash for port in 22 80 443 3000 5000 8000 8080 8443 9000; do result=$(curl -s --connect-timeout 2 -o /dev/null -w "%{http_code}" http://localhost:$port 2>/dev/null) [ "$result" != "000" ] && echo " port $port → HTTP $result" done ss -tlnp | grep LISTEN ``` 2. **Auth endpoints** — probe without credentials: ```bash for path in / /api /api/health /api/admin /admin /metrics /debug; do code=$(curl -s --connect-timeout 2 -o /dev/null -w "%{http_code}" http://localhost:8000$path 2>/dev/null) echo " $path → $code" done ``` 3. **CORS test** — check for misconfigured cross-origin policy: