web-security

Progress: - [ ] Identify technology stack - [ ] Check common files (robots.txt, .git) - [ ] Test injection points (SQLi, XSS, SSTI) - [ ] Check authentication/session flaws - [ ] Develop exploit - [ ] Extract flag

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "web-security" with this command: npx skills add kiwamizamurai/cctf/kiwamizamurai-cctf-web-security

Web Security Skill

Quick Workflow

Progress:

  • Identify technology stack
  • Check common files (robots.txt, .git)
  • Test injection points (SQLi, XSS, SSTI)
  • Check authentication/session flaws
  • Develop exploit
  • Extract flag

Quick Recon

Directory enumeration

gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt ffuf -u http://target/FUZZ -w wordlist.txt

Technology detection

whatweb http://target curl -I http://target

Check robots.txt, .git exposure

curl http://target/robots.txt curl http://target/.git/HEAD

Vulnerability Reference

Vulnerability Reference File

SQL Injection reference/sqli.md

XSS reference/xss.md

SSTI reference/ssti.md

Command Injection reference/command-injection.md

SSRF / Path Traversal reference/ssrf-lfi.md

Auth Bypass / Deserialization reference/auth-deser.md

Tools Quick Reference

Tool Purpose Command

sqlmap SQLi automation sqlmap -u URL --dbs

commix Command injection commix -u URL

tplmap SSTI automation tplmap -u URL

ffuf Fuzzing ffuf -u URL/FUZZ -w wordlist

Burp Suite Proxy/intercept GUI

jwt_tool JWT attacks jwt_tool TOKEN

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

mobile-security

No summary provided by upstream source.

Repository SourceNeeds Review
14-kiwamizamurai
General

osint

No summary provided by upstream source.

Repository SourceNeeds Review
15-kiwamizamurai
General

pyjail

No summary provided by upstream source.

Repository SourceNeeds Review
8-kiwamizamurai
General

networking

No summary provided by upstream source.

Repository SourceNeeds Review
7-kiwamizamurai