Agent skill

client-side

Client-side vulnerability testing - XSS (reflected/stored/DOM), CSRF, CORS misconfiguration, Clickjacking, DOM-based attacks, and Prototype Pollution.

View SKILL.md on GitHub Repository
Stars 129
Forks 20

Install this agent skill to your Project

npx add-skill https://github.com/transilienceai/communitytools/tree/main/projects/pentest/.claude/skills/client-side

SKILL.md

Client-Side

Test for client-side vulnerabilities across modern web applications and SPAs.

Techniques

Type Key Vectors
XSS Reflected, Stored, DOM-based, framework-specific (React, Vue, Angular)
CSRF Token bypass, SameSite cookie bypass, cross-origin requests
CORS Misconfigured origins, null origin, wildcard credentials
Clickjacking Frame-based, drag-and-drop, multi-step
DOM-based DOM sinks, source/sink analysis, JavaScript URL schemes
Prototype Pollution Client-side gadgets, server-side pollution, property injection

Workflow

  1. Identify input sources and data flows
  2. Classify sink contexts (HTML, attribute, URL, JS, CSS)
  3. Enumerate defenses (encoding, CSP, sanitizers, Trusted Types)
  4. Craft context-appropriate payloads
  5. Validate execution and demonstrate impact
  6. Document with reproduction steps and remediation

Reference

  • reference/xss*.md - XSS bypass techniques and exploitation
  • reference/csrf*.md - CSRF techniques and bypasses
  • reference/cors*.md - CORS misconfiguration testing
  • reference/clickjacking*.md - Clickjacking techniques
  • reference/dom*.md - DOM-based vulnerability testing
  • reference/prototype-pollution*.md - Prototype pollution techniques

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

transilienceai/communitytools

techstack-identification

OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.

129 20
Explore
transilienceai/communitytools

conflict_resolver

129 20
Explore
transilienceai/communitytools

web-archive-analysis

Uses Wayback Machine to detect technology migrations over time

129 20
Explore
transilienceai/communitytools

evidence_formatter

129 20
Explore
transilienceai/communitytools

signal_correlator

129 20
Explore
transilienceai/communitytools

dns-intelligence

Extracts technology signals from DNS records (MX, TXT, NS, CNAME, SRV)

129 20
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results