Agent skill

injection

Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.

View SKILL.md on GitHub Repository
Stars 129
Forks 20

Install this agent skill to your Project

npx add-skill https://github.com/transilienceai/communitytools/tree/main/projects/pentest/.claude/skills/injection

SKILL.md

Injection

Test for injection vulnerabilities across all input vectors. Covers SQL, NoSQL, Command, SSTI, XXE, and LDAP injection.

Techniques

Type Key Vectors
SQL Injection In-band (union, error), Blind (boolean, time), Out-of-band
NoSQL Injection Operator injection, JavaScript injection, aggregation pipeline
Command Injection OS command separators, blind techniques, out-of-band
SSTI Template engine detection, sandbox escape, RCE chains
XXE Entity expansion, SSRF via XXE, blind XXE, parameter entities
LDAP/XPath Filter manipulation, authentication bypass

Workflow

  1. Identify injection points (parameters, headers, cookies, JSON fields)
  2. Detect injection type with minimal probes
  3. Exploit with context-appropriate payloads
  4. Escalate (data extraction, RCE, file read)
  5. Capture evidence and write PoC

Reference

  • reference/sql-injection*.md - SQL injection techniques
  • reference/nosql-injection*.md - NoSQL injection techniques
  • reference/os-command-injection*.md - OS command injection
  • reference/ssti*.md - Server-side template injection
  • reference/xxe*.md - XML external entity injection

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

transilienceai/communitytools

techstack-identification

OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.

129 20
Explore
transilienceai/communitytools

conflict_resolver

129 20
Explore
transilienceai/communitytools

web-archive-analysis

Uses Wayback Machine to detect technology migrations over time

129 20
Explore
transilienceai/communitytools

evidence_formatter

129 20
Explore
transilienceai/communitytools

signal_correlator

129 20
Explore
transilienceai/communitytools

dns-intelligence

Extracts technology signals from DNS records (MX, TXT, NS, CNAME, SRV)

129 20
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results