TheGr8Val/TGV-Grimoire

# TGV-Grimoire

A bilingual cybersecurity prompt library by TheGr8Val

## 关于 **TGV-Grimoire** is a curated collection of LLM prompts engineered for cybersecurity practitioners — analysts, threat hunters, detection engineers, and red teamers who want to leverage AI models in their daily workflows without reinventing the wheel every time. Every prompt is: - 🧪 **Battle-tested** in real or lab environments - 🗂️ **Documented with metadata** — author, use case, model tested, language, tags - 🔁 **Ready to use** — fill in the `[PLACEHOLDERS]` and send to your model of choice - 🌐 **Bilingual** — English primary, Spanish sections labeled `[ES]` Two types of prompts in every module: - 💬 **`llm-analysis/`** — For direct LLM chat interaction. Feed data, get structured analysis. - ⚙️ **`automation-api/`** — For programmatic API use. Output is JSON, YAML, Sigma, KQL, SPL — no prose. ## 🗂️ 模块 | Module | Prompts | Description | |--------|:-------:|-------------| | 🎯 [`/hunting`](./hunting/) | **11** | Threat hunting — IOC triage, actor profiling, log analysis, Sigma / YARA / KQL / SPL generation | | 🦠 [`/malware-analysis`](./malware-analysis/) | **3** | String deobfuscation, C2 protocol fingerprinting, packer identification | | 🗡️ [`/red-team`](./red-team/) | **3** | Tabletop exercise builder, detection gap analysis, payload obfuscation brainstorm | | 🔍 [`/osint`](./osint/) | **3** | Passive recon checklists, persona authenticity analysis, lookalike domain generation | | 📋 [`/reporting`](./reporting/) | **3** | Executive incident summaries, pentest findings → remediation tickets, incident postmortems | | 🛡️ [`/blue-team`](./blue-team/) | **3** | Detection rule review, analyst response playbooks, crown jewels mapping | ## 🚀 用法 ``` git clone https://github.com/TheGr8Val/TGV-Grimoire.git cd TGV-Grimoire/hunting/llm-analysis ``` Open any prompt file, substitute the `[PLACEHOLDER]` values with your data, and send it to your model of choice (Claude, GPT-4o, Gemini, etc.). ## 🧬 提示元数据格式 Every prompt starts with a YAML header: ``` --- title: "Prompt title" author: thegr8val use_case: "Short description of the use case" model_tested: - claude-sonnet-4-6 - gpt-4o language: EN/ES tags: - hunting - ioc - automation --- ``` ## 🤝 贡献 Contributions are welcome. See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines, metadata format, and the tag taxonomy. ## 🔒 安全 Found a prompt that could cause harm or a sensitive file accidentally committed? See [SECURITY.md](./SECURITY.md) — please report privately, not via public issues. ## 🌐 [ES] Descripcion **TGV-Grimoire** es una coleccion bilingue de prompts de ciberseguridad para analistas, hunters e ingenieros que quieren aprovechar modelos de IA en sus flujos de trabajo. Cada prompt incluye metadatos (autor, caso de uso, modelo probado, idioma, etiquetas) y esta listo para usarse en entornos reales. Los placeholders se indican con `[MAYUSCULAS_EN_CORCHETES]`. Las notas en espanol aparecen en secciones marcadas `[ES]`. ## 📄 License [MIT](./LICENSE) — TheGr8Val, 2026

标签：AI 工作流, C2 通信, Cutter, DAST, DLL 劫持, IOC 分析, JSON, KQL, LLM 提示词, Sigma 规则, SPL, YAML, YARA 规则, 双语, 域名分析, 大语言模型, 安全库, 开源, 恶意软件分析, 数据展示, 红队, 结构化输出, 网络安全, 自动化 API, 英语, 西班牙语, 逆向工具, 防御加固, 隐私保护