Skill UI

This comprehensive checklist guides penetration testers through discovering Insecure Direct Object References (IDOR). It covers techniques like object ID enumeration, horizontal and vertical privilege escalation, and parameter manipulation. Use it for web application pentests and bug bounty hunting to identify broken access control vulnerabilities.

A practical offensive methodology for Android and iOS app testing. It covers static analysis, Frida/Objection instrumentation, SSL pinning bypass, exported component abuse, insecure storage review, and mobile API reconnaissance for pentest and bug bounty work.

A comprehensive playbook for expert-level Android application security testing. It covers advanced exploitation techniques, including SSL pinning bypass (using Frida/Objection), detecting component exposure (activities, providers, services), and exploiting WebView vulnerabilities (RCE, XSS). Essential for authorized mobile penetration testing assessments.

Pacu is an open-source, modular AWS exploitation framework designed for authorized cloud penetration testing and red-teaming. It functions as a cloud-pentest analogue to Metasploit, enabling users to enumerate AWS resources, scan for privilege escalation paths, and automate the exploitation of IAM vulnerabilities, persistence mechanisms, and data exfiltration. Use this skill to assess the blast radius of compromised credentials in a controlled, authorized environment.