script-generator
Script Generator
Generates optimized, syntax-validated scripts on demand. Never executes scripts.
When to Use
- Scripts exceed ~30 lines
- Parallel operations on multiple targets
- Multi-library patterns (impacket + ldap3, pypsrp + concurrent.futures)
- Repeated auth handshakes or connection setup
Request Format
LANGUAGE: python3 | powershell | bash
TASK: What the script should accomplish
TARGETS: IPs, hostnames, URLs
CREDENTIALS: user, pass, hash, domain, certs
AVAILABLE_LIBRARIES: What's installed
OUTPUT_FORMAT: stdout format, file writes
CONSTRAINTS: timeout, no destructive ops, output directory
CONTEXT: (optional) Prior output, errors, what failed
Optimization
- Multiple targets →
concurrent.futures.ThreadPoolExecutor -
3 HTTP requests to same host →
requests.Session - Repeated auth → single auth, reuse session/token
- Prefer high-level libraries (impacket, ldap3, requests)
Output
Write to OUTPUT_DIR/artifacts/<task_name>.<ext>. Return:
SCRIPT_PATH: OUTPUT_DIR/artifacts/task_name.py
LANGUAGE: python3
VALIDATION: PASSED
EXECUTION: python3 OUTPUT_DIR/artifacts/task_name.py
DEPENDENCIES: impacket, concurrent.futures (stdlib)
Rules
- Never execute scripts — only generate, optimize, validate
- Per-operation error handling — no bare
except: - Timeout enforcement on all I/O
- Validate syntax before returning
- No secrets hardcoded — credentials as variables at top
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
53reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
43social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
41ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
40osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
39source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
37