gitwtfhub

wtf is cybersecurity-skills?

hi-fullhouse/cybersecurity-skills — explained in plain English

Analysis updated 2026-05-18

82PythonAudience · developerComplexity · 2/5LicenseSetup · easy

TL;DR

Markdown catalog of 195 cybersecurity skills across 39 modules organized around PTES, OWASP, and NIST SP 800-115, with a Python query script and structured index files.

Mindmap

mindmap
  root((CyberSecurity-Skills))
    Inputs
      Topic query
      Skill IDs
      Pentest stage
    Outputs
      Skill explanations
      Tool and command examples
      Reference links
    Use Cases
      Study penetration testing
      Build agent reference set
      Plan an authorized engagement
    Tech Stack
      Markdown
      Python
      GitHub Actions

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Browse a structured penetration testing reference covering recon, exploitation, post-exploit, and incident response.

REASON 2

Search the catalog from the command line with skill_query.py to find techniques and tools by keyword.

REASON 3

Feed the index.json and agent-manifest.json files to an AI agent that needs a cybersecurity knowledge base.

REASON 4

Validate catalog structure changes with the included GitHub Actions workflow.

What's in the stack?

MarkdownPythonGitHub-Actions

How it stacks up

hi-fullhouse/cybersecurity-skillsaqua5230/usagetonylofgren/aurora-smart-home
Stars828282
LanguagePythonPythonPython
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audiencedeveloperdevelopervibe coder

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · easy Time to first run · 5min

Mostly Markdown with one Python helper, content is in Chinese and describes offensive techniques meant for authorized testing only.

MIT license, very permissive, use freely with attribution.

Wtf does this do

CyberSecurity-Skills is a structured catalog of cybersecurity techniques organized as a reference library. The repository describes itself as a full-process skill system covering 39 large modules and 195 individual security skills, spanning both attack-side and defense-side topics. The maintainers say it is built around the Penetration Testing Execution Standard (PTES) and also draws on the OWASP Testing Guide and NIST SP 800-115. The content is grouped into stages that roughly match the lifecycle of a penetration test. Early modules cover information gathering, vulnerability scanning, exploitation, privilege escalation, post-exploitation, lateral movement, persistence, and covering tracks. Later modules branch out into mobile, wireless, code audit, reverse engineering, incident response, cloud, DevSecOps, ICS/OT, blockchain and Web3, IoT, data privacy, social engineering, red/blue team, supply chain, container, API, cryptography and PKI, zero trust, endpoint, ransomware defense, and governance and compliance. Each skill entry, according to the README, includes a short technical explanation, common tools or commands, a practical example, and links to outside references. The repository is mostly written in Chinese and is presented as Markdown files rather than runnable code, although there is a Python helper called skill_query.py for searching across the catalog from the command line. Badges in the README also point to an index.json index, an agent-manifest.json file, and a GitHub Actions workflow that validates the structure on each change. The stated audience is people studying cybersecurity skills, preparing for testing engagements, or feeding the structured knowledge into AI agents that need a reference set. The README frames the project as a checklist and learning aid rather than a tool that performs attacks itself. It is released under an MIT license and invites pull requests through a CONTRIBUTING file. Note that the content describes offensive techniques such as exploitation, credential theft, and AMSI or EDR evasion, so the project is aimed at readers who already have authorization to test the systems they apply these techniques to.

Yoink these prompts

Prompt 1
Run skill_query.py from CyberSecurity-Skills to find every entry that mentions Active Directory and print the file paths.
Prompt 2
Build a simple Python script that parses index.json from CyberSecurity-Skills and produces a Markdown checklist for an authorized pentest engagement.
Prompt 3
Wire CyberSecurity-Skills agent-manifest.json into a Claude or Cursor agent so it can look up technique explanations by ID.
Prompt 4
Translate one skill entry from CyberSecurity-Skills from Chinese to English while keeping the same Markdown structure.
Prompt 5
Add a new skill entry to CyberSecurity-Skills under the cloud module and update index.json plus the GitHub Actions validator.

Frequently asked questions

wtf is cybersecurity-skills?

Markdown catalog of 195 cybersecurity skills across 39 modules organized around PTES, OWASP, and NIST SP 800-115, with a Python query script and structured index files.

What language is cybersecurity-skills written in?

Mainly Python. The stack also includes Markdown, Python, GitHub-Actions.

What license does cybersecurity-skills use?

MIT license, very permissive, use freely with attribution.

How hard is cybersecurity-skills to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is cybersecurity-skills for?

Mainly developer.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.