Web Security

exploiting-idor-vulnerabilities helps authorized security audits test Insecure Direct Object Reference flaws across APIs, web apps, and multi-tenant systems with cross-session checks, object mapping, and read/write verification.

The exploiting-insecure-deserialization skill helps authorized penetration testers identify serialized inputs, match Java, PHP, Python, and .NET targets, and validate exploitability safely. It includes workflow guidance, detection cues, and tool references for focused testing.

Learn how the exploiting-broken-link-hijacking skill finds and validates broken link hijacking risks from expired domains, abandoned services, and claimable external resources. Built for Security Audit workflows, it helps separate harmless dead links from takeover candidates with a practical triage process.

The exploiting-broken-function-level-authorization skill helps security auditors test APIs for Broken Function Level Authorization (BFLA). It focuses on discovering privileged endpoints, checking low-privilege access, and validating method or path bypasses with practical, evidence-based workflow guidance.

The exploiting-server-side-request-forgery skill helps assess SSRF-prone features in authorized web targets, including URL fetchers, webhooks, preview tools, and cloud metadata access. It provides a guided workflow for detection, bypass testing, internal service probing, and Security Audit validation.

The exploiting-race-condition-vulnerabilities skill helps security auditors test web apps for TOCTOU flaws, duplicate transactions, and limit bypasses using Turbo Intruder-style concurrent requests. It includes install, workflow, and usage guidance for authorized assessments.