Your cart is empty
Add prompt packs to continue
Copy, paste and use them in your favorite AI:
Just $0.08 per prompt · one-time payment
100 resources included
Maximize your cybersecurity potential with the definitive collection of prompts designed for professional ethical hackers. This compendium integrates elite methodologies such as OWASP Top 10 and international certification standards such as OSCP and CEH, allowing you to automate critical analysis and the generation of realistic attack scenarios with surgical precision. Each section has been structured to cover everything from intelligent passive recognition to advanced post-exploitation in complex enterprise environments. This tool transforms artificial intelligence into a high-level technical assistant capable of optimizing your security audits, improving the quality of your technical reports and accelerating the identification of compromise vectors in critical infrastructures.
Acts as a senior cyber intelligence analyst and OSINT expert specializing in the technical reconnaissance of digital assets. Your mission is to design and execute a comprehensive 'Web Technology Discovery' methodology for the corporate objective defined as [DOMINIO_OBJETIVO]. The purpose is to technologically profile the organization, identifying each component of its digital ecosystem to evaluate possible entry vectors and the robustness of its public infrastructure without performing intrusive scans that alert defense systems. It begins by identifying the technological 'Stack' of the main application. You must detail how to extract information about the CMS (WordPress, Drupal, Adobe Experience Manager), the development frameworks (Laravel, Spring Boot, Django) and the client libraries (React, jQuery, Bootstrap). Analyzes which versions are in use and correlates this data with databases of known vulnerabilities (CVE) to identify risks associated with outdated software or default configurations in the [NOMBRE_DE_LA_EMPRESA] environment. Proceed with the analysis of the delivery and security infrastructure. Investigate the use of load balancers, reverse proxies (Nginx, HAProxy), and Web Application Firewall (WAF) solutions. It is essential that you include passive harvesting techniques by analyzing DNS records, WHOIS records, and SSL/TLS certificate history (Certificate Transparency logs) to discover hidden assets or development subdomains that are not protected to the same standard as the main domain. Finally, it integrates an analysis of third-party integrations and the API exposure surface. Identifies analytics trackers, marketing pixels, payment gateways and linked cloud services (S3 Buckets, Azure Blobs). The final result should be a structured technological inventory that allows a security team to understand the technical complexity of [DOMINIO_OBJETIVO], prioritizing the components that present greater criticality or an expanded attack surface due to poor web asset management. If any key information needed to fill the bracketed fields is missing, ask me the necessary questions before answering.
Instant access after purchase from your dashboard. Just copy and paste into your AI.
ChatGPT, Claude, Gemini, DeepSeek, Grok, Qwen and any AI chat.
Yes. Every prompt includes bracketed fields where you insert your own information, context and specifics, so they fit your situation, country or industry.
Yes. Above you can read full sample prompts, exactly as you'll receive them, to check the quality before paying.
Yes. Pay once and they're yours forever, updates included.
Acts as a senior Cybersecurity expert and Open Source Intelligence (OSINT) Specialist with an advanced focus on the passive reconnaissance phase for Ethical Hacking exercises. Your primary mission is to design and execute an exhaustive technical methodology for the inspection of public repositories on platforms such as GitHub, GitLab and Bitbucket associated with the [NOMBRE_ORGANIZACION] entity. The objective is to identify critical attack vectors, sensitive information leaks and architectural weaknesses without making any direct interaction with the client's private infrastructure, operating under a framework of legality and professional ethics. The discovery phase should be initiated by systematically identifying user profiles, corporate organizations and, crucially, personal repositories of employees or contractors using emails linked to the [DOMINIO_PRINCIPAL] domain. You should apply Google and GitHub Dorking techniques to locate configuration files that may have been indexed in error. Pay special attention to critical extensions such as '.env', '.json', '.yaml', '.xml', and '.bak' or '.old' backup files, which often contain database credentials, third-party API tokens, or development environment configurations that expose the system's internal topology. The technical analysis must delve into the archeology of the repositories. This involves auditing not only the current state of the code on the main branch, but also exploring the full history of commits, abandoned branches, and Pull Requests that were not merged. It is imperative to look for 'hardcoded' secrets that have been removed in recent releases but still reside in Git's historical deltas. It uses regular expressions to detect patterns of RSA keys, AWS secrets, [SERVICIOS_ESPECIFICOS] tokens, and cloud service passwords that could grant persistent initial access to attackers. Finally, evaluate infrastructure as code (IaC) exposed in Dockerfiles, Kubernetes deployment files, or CI/CD workflows (such as GitHub Actions). It scans these files for vulnerable software versions in [TECNOLOGIAS_USADAS], insecure network configurations, and exposure of secrets in environment variables at build time. Generate a detailed report that classifies each finding by its level of severity and impact to [NOMBRE_ORGANIZACION], providing a step-by-step guide on how to mitigate these risks by rotating credentials and implementing secret scanning tools in your development pipeline. If any key information needed to fill the bracketed fields is missing, ask me the necessary questions before answering.
Acts as a Senior Open Source Intelligence (OSINT) Consultant and Offensive Cybersecurity expert within the framework of a Red Team exercise. Your mission is to develop an advanced protocol for the passive recognition phase, specifically focused on the **Extraction of documentary metadata** technique of the [NOMBRE_DE_LA_EMPRESA_OBJETIVO] entity. The fundamental purpose is to identify technical information leaks that allow mapping the organization's internal infrastructure without direct interaction with its active systems. To start this process, you must perform a thorough search using Google Dorks and other specialized search engines to locate files with [FORMATOS_DE_ARCHIVO] extensions that belong to the [DOMINIO_OBJETIVO] domain. These files represent a goldmine of 'invisible' information that is often ignored by system administrators and content creators, but contains critical digital traces about the configuration of the victim's work environment. Your analysis should systematically break down the extracted metadata into operational categories. First, the 'Identity' category, extracting real usernames, account aliases and email structures. Second, the 'Infrastructure' category, identifying local network paths (UNC paths), file server names, printer names and versions of authoring software (such as Microsoft Office or Adobe Suite) that could be outdated and vulnerable to specific remote code execution (RCE) exploits. Finally, you must generate a corporate intelligence report that correlates this data to outline the organization's level of security maturity. It includes a section on 'Potential Attack Vectors' based exclusively on the information collected through the metadata, suggesting how an attacker could use the hostnames or directory paths discovered to carry out spear phishing attacks or lateral movements once an initial breach is obtained. The tone must be strictly professional, analytical and oriented towards defensive and preventive security. If any key information needed to fill the bracketed fields is missing, ask me the necessary questions before answering.
It's a master instruction, optimized for AI.
Prompt
your instruction
AI
Result
Based on 7 reviews
It helped me quite a bit. Most of them worked on the first try. I recommend it.
Happy with the purchase. The prompts are useful and practical. I recommend it.
I didn't expect them to be this complete. The index is organized and I find what I need instantly. One hundred percent recommended.
Decent for the price. I had to tweak them quite a bit for my case. Works if you customize it.
It helped me quite a bit. They adapt well with a few tweaks. Good option.
I was impressed by the quality. The prompts are really well thought out and the effort shows. I'll buy again without hesitation.
I was impressed by the quality. They saved me hours of work in the first week. One hundred percent recommended.