by mukul975
exploiting-idor-vulnerabilities helps authorized security audits test Insecure Direct Object Reference flaws across APIs, web apps, and multi-tenant systems with cross-session checks, object mapping, and read/write verification.
by trailofbits
burpsuite-project-parser searches and extracts data from Burp Suite project files (.burp) using Burp Suite Professional and the burpsuite-project-file-parser extension. Use it for security audit findings, proxy history, site map entries, and regex searches across captured HTTP traffic.
by mukul975
The exploiting-http-request-smuggling skill helps authorized testers detect and assess HTTP request smuggling from Content-Length and Transfer-Encoding parsing mismatches across proxies, load balancers, and CDNs. It’s built for Security Audit workflows with raw-request probing, architecture fingerprinting, and practical validation steps.
by mukul975
conducting-network-penetration-test is an authorized network penetration testing skill for host discovery, port scanning, service enumeration, vulnerability identification, and reporting. It follows a PTES-style workflow with Nmap-centered automation and repo-backed references for clearer conducting-network-penetration-test usage.
by mukul975
The exploiting-server-side-request-forgery skill helps assess SSRF-prone features in authorized web targets, including URL fetchers, webhooks, preview tools, and cloud metadata access. It provides a guided workflow for detection, bypass testing, internal service probing, and Security Audit validation.
by mukul975
The exploiting-race-condition-vulnerabilities skill helps security auditors test web apps for TOCTOU flaws, duplicate transactions, and limit bypasses using Turbo Intruder-style concurrent requests. It includes install, workflow, and usage guidance for authorized assessments.
by mukul975
conducting-api-security-testing helps authorized testers assess REST, GraphQL, and gRPC APIs for auth, authorization, rate limiting, input validation, and business-logic flaws using an OWASP API Security Top 10 workflow. Use it for structured, evidence-based API security testing and security audit reviews.
