Back to Details

pentest-recon-surface-analysis

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Recon & Surface Analysis

Recon与攻击面分析

Activation Triggers (Positive)

触发条件(适用场景)

  • recon
  • enumerate
  • surface map
  • asset inventory
  • endpoint discovery
  • technology fingerprinting
  • control plane mapping
  • recon
  • enumerate
  • surface map
  • asset inventory
  • endpoint discovery
  • technology fingerprinting
  • control plane mapping

Exclusion Triggers (Negative)

排除条件(不适用场景)

  • build exploit
  • weaponize payload
  • write final report
  • only validate known vulnerability
  • build exploit
  • weaponize payload
  • write final report
  • only validate known vulnerability

Output Schema

输出结构

  • Surface inventory: 
    asset
    , 
    interface
    , 
    auth state
    , 
    confidence
  • Entry-point matrix: 
    input
    , 
    trust boundary
    , 
    initial risk hypothesis
  • Prioritized next tests: ordered by likely impact and test cost
  • 攻击面清单:
    asset
    interface
    auth state
    confidence
  • 入口点矩阵:
    input
    trust boundary
    initial risk hypothesis
  • 优先级测试项:按潜在影响和测试成本排序

Instructions

操作说明

  1. Build an explicit target model first: interfaces, trust boundaries, and identity contexts.
  2. Enumerate only what is necessary to expose actionable attack paths.
  3. Normalize findings into a deduplicated inventory before deeper testing.
  4. Label each surface with attacker preconditions and probable abuse class.
  5. Mark unknowns that block progression and propose the minimum test to resolve each.
  6. Hand off precise, testable targets to downstream skills.
  1. 首先构建明确的目标模型:接口、信任边界和身份上下文。
  2. 仅枚举暴露可操作攻击路径所需的内容。
  3. 在深入测试前,将发现的结果标准化去重并整理为清单。
  4. 为每个攻击面标记攻击者前置条件和可能的滥用类别。
  5. 标记阻碍推进的未知项,并提出解决每个未知项所需的最小测试方案。
  6. 将精准、可测试的目标移交至下游Skill。

Should Do

应执行操作

  • Keep reconnaissance hypothesis-driven, not tool-driven.
  • Capture reproducible evidence for each discovered surface.
  • Prioritize externally reachable and privilege-sensitive paths.
  • 侦察需以假设为导向,而非工具导向。
  • 为每个发现的攻击面捕获可复现的证据。
  • 优先处理外部可访问和涉及敏感权限的路径。

Should Not Do

禁止执行操作

  • Do not claim vulnerabilities at recon stage without abuse validation.
  • Do not perform heavy fuzzing or exploit attempts here.
  • Do not include organization-specific URLs, identifiers, or credentials in reusable guidance.
  • 在侦察阶段,未验证滥用可能性前,不得声称存在漏洞。
  • 在此阶段不得执行大量模糊测试或漏洞利用尝试。
  • 可复用的指导内容中不得包含特定组织的URL、标识符或凭据。