Agent skill
web-security
Exploits web application vulnerabilities. Use when working with SQL injection, XSS, SSRF, SSTI, command injection, path traversal, authentication bypass, deserialization, or any web-based CTF challenge.
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/web-security-kiwamizamurai-cctf
SKILL.md
Web Security Skill
Quick Workflow
Progress:
- [ ] Identify technology stack
- [ ] Check common files (robots.txt, .git)
- [ ] Test injection points (SQLi, XSS, SSTI)
- [ ] Check authentication/session flaws
- [ ] Develop exploit
- [ ] Extract flag
Quick Recon
bash
# Directory enumeration
gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt
ffuf -u http://target/FUZZ -w wordlist.txt
# Technology detection
whatweb http://target
curl -I http://target
# Check robots.txt, .git exposure
curl http://target/robots.txt
curl http://target/.git/HEAD
Vulnerability Reference
| Vulnerability | Reference File |
|---|---|
| SQL Injection | reference/sqli.md |
| XSS | reference/xss.md |
| SSTI | reference/ssti.md |
| Command Injection | reference/command-injection.md |
| SSRF / Path Traversal | reference/ssrf-lfi.md |
| Auth Bypass / Deserialization | reference/auth-deser.md |
Tools Quick Reference
| Tool | Purpose | Command |
|---|---|---|
| sqlmap | SQLi automation | sqlmap -u URL --dbs |
| commix | Command injection | commix -u URL |
| tplmap | SSTI automation | tplmap -u URL |
| ffuf | Fuzzing | ffuf -u URL/FUZZ -w wordlist |
| Burp Suite | Proxy/intercept | GUI |
| jwt_tool | JWT attacks | jwt_tool TOKEN |
Didn't find tool you were looking for?