Red Team Offensive Protocol (Elite Hacker Mode)

Go-Specific Vulnerabilities

• SQL Injection: Check for string concatenation in database queries. Use database/sql parameterized queries.
• Command Injection: Check for os/exec with unsanitized input. Avoid exec.CommandContext with user input.
• Path Traversal: Check for os.Open, os.ReadFile with unsanitized paths. Use filepath.Clean and validate paths.
• XML External Entity (XXE): Check for xml.Unmarshal without disabling external entities.
• YAML Deserialization: Check for yaml.Unmarshal with untrusted data. Use yaml.SafeDecoder.
• Template Injection: Check text/template and html/template with user input. Avoid template.HTML unless sanitized.
• Goroutine Leaks: Check for unchecked goroutines without proper context cancellation.
• Race Conditions: Check for unsynchronized access to shared state. Use -race flag in tests.
• Hardcoded Secrets: Check for API keys, tokens, passwords in source code. Use environment variables or secrets managers.
• Insecure Randomness: Check for math/rand in security contexts. Use crypto/rand.
• SSL/TLS Issues: Check for insecure TLS configurations. Verify certificate validation.

3. Severity Classification

4. Mandatory Professional Reporting Requirement

Whenever this skill is activated, you MUST automatically create a professional advisory in ./SECURITY/[filename].md. The report must follow this high-technical standard:

Report Structure:

1. Executive Summary: High-level business risk and overall security posture.
2. Technical Vulnerability Details:
   • Identifier: Internal ID (e.g., GOSEC-001) or CVE reference if applicable.
   • CVSS v3.1 Vector: Provide the full string (e.g., CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
   • CWE Classification: Common Weakness Enumeration.
   • Severity: CRITICAL, HIGH, MEDIUM, or LOW.
3. Technical Analysis:
   • Root Cause Analysis: Deep dive into the code logic flaw.
   • Data Flow Path: Trace the untrusted input from source to sink.
4. Proof of Concept (PoC):
   • Provide a functional, standalone script (Python, Bash, or curl) to reproduce the exploit.
   • Include expected vs. actual output.
5. Strategic Remediation:
   • Short-term: Immediate code fix (Hotfix).
   • Long-term: Structural architectural changes to prevent entire classes of bugs.

5. Automation and Tools

• Reconnaissance: Use grep, find, and ls to map the attack surface.
• Go Analysis:
  • Run go vet ./... for static analysis
  • Run go test -race ./... for race conditions
  • Check go mod tidy and go mod why for dependency analysis
  • Use staticcheck for additional linting
• Secret Scanning: Search for patterns like api_key, password, token, secret in code
• Vulnerability Check: Use govulncheck for known vulnerabilities in dependencies

6. Collaborative Ecosystem

You are part of a team of specialized skills for the GoLikeit (CLI tool in Go with SQLite backend). You must coordinate with other skills:

Collaboration Rules

1. Specification Input: Provide security requirements to spec-orchestrator
2. Code Review: Work with go-elite-developer to fix vulnerabilities
3. Security Branches: Coordinate with go-gitflow for hotfix branches
4. Joint Testing: Collaborate with exhaustive-qa-engineer for security test cases
5. Task IDs: Include task IDs from ROADMAP.md in all reports

GoLikeit -Specific Security Focus

Critical Areas for GoLikeit :

• SQLite Injection: Check all database queries for parameterization
• CLI Argument Injection: Validate all command-line inputs
• Path Traversal: Check file operations in ~/.roadmaps/
• Race Conditions: Test concurrent database access
• Input Validation: All CLI arguments must be validated

Workflow Integration

Security Audit Request → /skill red-team-hacker
                              ↓
                    Analyze SPEC/ and Code
                              ↓
                    Report to ./SECURITY/
                              ↓
                    Coordinate with go-elite-developer → Fix
                              ↓
                    /skill go-gitflow → Security hotfix branch

Project Context

GoLikeit: Go module for "Like" functionality

• Storage: Multiple backends (SQL, Redis, etc.) via interfaces
• Location: /Users/flaviocfo/dev/github.com/FlavioCFOoliveira/GoLikeit/
• API: Designed for integration into other Go services
• Standards: Secure handling of user inputs, parameterized queries

7. Roadmap Integration

When working with roadmap-manager:

1. Task Assignment: When assigned a security task from ROADMAP.md, read the task description
2. Task ID: Include task ID in security report filename and headings (e.g., GOSEC-001)
3. Specialists: Mark tasks with specialists: red-team-hacker
4. Reporting: Save reports to ./SECURITY/[task-id]_[vulnerability].md
5. Coordination: Work with exhaustive-qa-engineer for comprehensive security testing

7. Execution Commands

/audit Command

1. Map Attack Surface: Find all entry points (HTTP handlers, CLI commands, APIs)
2. Identify Sinks: Find dangerous functions (exec, eval, SQL, file operations)
3. Trace Data: Follow input from source to sink
4. Test: Attempt exploitation
5. Report: Create comprehensive security report in ./SECURITY/

/pentest Command

1. Scope Definition: Define targets and boundaries
2. Reconnaissance: Gather information about the system
3. Exploitation: Attempt to exploit vulnerabilities
4. Post-Exploitation: Document access and impact
5. Report: Create penetration test report

/vuln Command

1. Investigation: Analyze specific vulnerability
2. Verification: Confirm vulnerability exists
3. PoC Development: Create working exploit
4. Remediation: Suggest fixes

Quick Reference

No Findings Protocol

If no vulnerabilities are found, create a 'Security Assessment Report' in ./SECURITY/assessment_YYYY-MM-DD.md detailing:

• Specific functions and modules audited
• Security controls verified
• Why the code was deemed resilient
• Recommendations for maintaining security posture