>_
🔒

Penetration Testing

296 skills in Testing & Security > Penetration Testing

input-validation

Input validation and sanitization patterns. Use when validating user input, preventing injection attacks, implementing allowlists, or sanitizing HTML/SQL/command inputs.

yonatangross/skillforge-claude-plugin
5
1
更新日 1d ago

CTF Web Solver

当用户正在进行 CTF 比赛或练习,遇到 Web 类型题目时触发此 Skill。 适用场景包括: - 用户描述了 SQL 注入、XSS、SSRF、SSTI、XXE、文件包含、命令执行等 Web 安全问题 - 用户需要进行信息搜集、目录扫描、端口扫描等渗透前期工作 - 用户遇到 PHP 特性利用、反序列化、JWT 伪造等高级攻击场景 - 用户提及 "CTF"、"Web"、"渗透"、"注入"、"绕过"、"漏洞" 等关键词 - 用户需要分析 Java 代码审计、区块链安全、组件漏洞利用等问题 - 用户需要构造 payload、编写 exploit、分析 WAF 绕过策略

Tokeii0/CTFskill
5
0
更新日 1d ago

vibeship-security-writer

World-class security content writer for VibeShip Knowledge Base. Creates authoritative, SEO-optimized, LLM-extractable content about cybersecurity vulnerabilities in AI-generated code.Use this skill when:- Writing vulnerability articles (SQL injection, XSS, IDOR, etc.)- Creating AI tool security analysis (Cursor, Claude Code, Bolt patterns)- Writing stack security guides (Next.js + Supabase, Express, etc.)- Generating fix prompts for AI coding tools- Creating security checklists and glossary entries- Writing research content (Vulnerability Index, methodology)- Any security-related KB content for vibeship.co/kb/security/Expertise: SEO optimization, LLM citation optimization, OWASP vulnerabilities, CWE database, AI-generated code patterns, vibe coder audience, technical writing for non-security-experts.

vibeforge1111/vibeship-knowledgebase
5
0
更新日 1d ago

sca-trivy

Marketplace

Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.

AgentSecOps/SecOpsAgentKit
4
0
更新日 1d ago

dast-zap

Marketplace

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

AgentSecOps/SecOpsAgentKit
4
0
更新日 1d ago

sast-bandit

Marketplace

Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.

AgentSecOps/SecOpsAgentKit
4
0
更新日 1d ago

container-grype

Marketplace

Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.

AgentSecOps/SecOpsAgentKit
4
0
更新日 1d ago

security-reporter

Marketplace

Use when generating comprehensive security audit reports, analyzing security scan results, calculating security posture, or creating OWASP Top 10 compliance assessments. Invoked for security reporting, vulnerability aggregation, and remediation planning.

jpoley/jp-spec-kit
4
0
更新日 1d ago

pentest-metasploit

Marketplace

Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework. Use when: (1) Validating vulnerabilities in authorized security assessments, (2) Demonstrating exploit impact for security research, (3) Testing defensive controls in controlled environments, (4) Conducting authorized penetration tests with proper scoping and authorization, (5) Developing post-exploitation workflows for red team operations.

AgentSecOps/SecOpsAgentKit
4
0
更新日 1d ago

recon-nmap

Marketplace

Network reconnaissance and security auditing using Nmap for port scanning, service enumeration, and vulnerability detection. Use when: (1) Conducting authorized network reconnaissance and asset discovery, (2) Enumerating network services and identifying running versions, (3) Detecting security vulnerabilities through NSE scripts, (4) Mapping network topology and firewall rules, (5) Performing compliance scanning for security assessments, (6) Validating network segmentation and access controls.

AgentSecOps/SecOpsAgentKit
4
0
更新日 1d ago

reviewing-security

Marketplace

OWASP Top 10-based security review and vulnerability detection. Triggers: セキュリティ, 脆弱性, XSS, SQL injection, SQLインジェクション, CSRF, 認証, 認可, 暗号化, OWASP, SSRF, パスワード, セッション, rate limiting, brute force, command injection, security misconfiguration.

thkt/claude-config
3
0
更新日 1d ago

reviewing-security

Marketplace

OWASP Top 10に基づくセキュリティレビューと脆弱性検出。トリガー: セキュリティ, 脆弱性, XSS, SQL injection, SQLインジェクション, CSRF, 認証, 認可, 暗号化, OWASP, SSRF, パスワード, セッション, rate limiting, brute force, command injection, security misconfiguration.

thkt/claude-config
3
0
更新日 16h ago

textmate-grammar

Use when authoring TextMate grammars for syntax highlighting - covers scopes, patterns, and language injection

mcclowes/lea
3
0
更新日 18h ago

fastapi

FastAPI modern Python web framework. Use for building APIs, async endpoints, dependency injection, and Python backend development.

enuno/claude-command-and-control
3
0
更新日 1d ago

toml-command-builder

Marketplace

Guide for building Gemini CLI TOML custom commands. Covers syntax, templates, argument handling, shell injection, and file injection. Use when creating Gemini TOML commands, adding {{args}} argument handling, injecting shell output with !{}, or troubleshooting command issues.

melodic-software/claude-code-plugins
3
0
更新日 12h ago

wp-security-review

WordPress security audit and vulnerability analysis. Use when reviewing WordPress code for security issues, auditing themes/plugins for vulnerabilities, checking authentication/authorization, analyzing input validation, or detecting security anti-patterns, or when user mentions "security review", "security audit", "vulnerability", "XSS", "SQL injection", "CSRF", "nonce", "sanitize", "escape", "validate", "authentication", "authorization", "permissions", "capabilities", "hacked", or "malware".

vapvarun/claude-backup
3
0
更新日 22h ago

python-fastapi-patterns

FastAPI web framework patterns. Triggers on: fastapi, api endpoint, dependency injection, pydantic model, openapi, swagger, starlette, async api, rest api, uvicorn.

0xDarkMatter/claude-mods
3
0
更新日 22h ago

vulnerability-management

Marketplace

Vulnerability lifecycle management including CVE tracking, CVSS scoring, risk prioritization, remediation workflows, and coordinated disclosure practices

melodic-software/claude-code-plugins
3
0
更新日 12h ago

fuzzing-apis

Marketplace

This skill enables Claude to perform automated fuzz testing on APIs to discover vulnerabilities, crashes, and unexpected behavior. It leverages malformed inputs, boundary values, and random payloads to generate comprehensive fuzz test suites. Use this skill when you need to identify potential SQL injection, XSS, command injection vulnerabilities, input validation failures, and edge cases in APIs. Trigger this skill by requesting fuzz testing, vulnerability scanning, or security analysis of an API. The skill is invoked using the `/fuzz-api` command.

jeremylongshore/claude-code-plugins-nixtla
2
0
更新日 10m ago

security-analyzer

Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), and detects secrets exposure. Fetches live CVE data from OSV.dev, calculates risk scores, and generates phased remediation plans with TDD validation tests. Use when users mention security scan, vulnerability, CVE, exploit, security audit, penetration test, OWASP, hardening, dependency audit, container security, or want to improve security posture.

Cornjebus/security-analyzer
2
0
更新日 5d ago