Skill UI

This comprehensive guide details advanced techniques for circumventing Content Security Policies (CSP). It covers exploiting weaknesses in critical directives (e.g., base-uri, object-src), abusing nonces, leveraging trusted CDN endpoints, and executing code despite strict controls like script-src 'self' or 'strict-dynamic'. Essential knowledge for deep security auditing and penetration testing.

A comprehensive playbook detailing advanced exploitation techniques in decentralized finance (DeFi). Covers flash loan mechanics, price oracle manipulation (spot vs. TWAP), MEV extraction strategies (Sandwich, JIT), governance exploits, and core smart contract vulnerabilities. Essential for security auditors and risk analysts.

This expert playbook covers advanced techniques for email header injection and authentication bypass. It details exploiting CRLF vulnerabilities in SMTP headers (e.g., BCC/CC injection, body control) and bypassing modern email security standards like SPF, DKIM, and DMARC. Essential for penetration testing of contact forms, email APIs, and password reset workflows.

This router entry point is designed for comprehensive testing of file access, download endpoints, and file upload workflows. Use this guide when validating file paths, detecting Local File Inclusion (LFI), or analyzing vulnerabilities in preview, storage, or extraction processes. It helps categorize whether the security issue relates to path traversal or insecure data processing chains.

A comprehensive playbook for advanced API security testing targeting GraphQL and REST APIs. It guides users through schema introspection, discovering hidden or undocumented fields, analyzing batching capabilities, and identifying authorization gaps (like IDORs). Essential for deep reconnaissance and identifying privilege escalation vectors.

A comprehensive, top-level routing skill for authorized web security assessment, bug bounty hunting, and API penetration testing. It guides the agent through a structured methodology, covering the entire attack lifecycle from reconnaissance and vulnerability triage (XSS, SQLi, IDOR, etc.) to advanced business logic flaw identification. Use this skill to ensure thorough, systematic security analysis.

A comprehensive playbook detailing how web applications can be vulnerable to attacks by manipulating the HTTP Host header. Covers critical techniques such as password reset poisoning, Web Cache Poisoning, Server-Side Request Forgery (SSRF), and Virtual Host bypass. Essential reading for penetration testers and security researchers.

HTTP Parameter Pollution (HPP) occurs when a single request contains multiple instances of the same parameter key. Different components in the request path (e.g., WAFs, proxies, application frameworks) may parse these duplicate keys using different rules (first value, last value, array join). This skill teaches how to exploit these discrepancies to bypass security checks, execute SSRF, or manipulate business logic.

This expert playbook details advanced attack vectors specific to the HTTP/2 protocol. It covers sophisticated techniques such as h2c smuggling, exploiting pseudo-header discrepancies, HPACK compression vulnerabilities, and abusing stream multiplexing. Use this skill for professional penetration testing and security auditing of H2 services, especially for bypassing proxy-level controls and WAFs.

This router serves as the main entry point for comprehensive injection testing. It helps security professionals classify dangerous input flows—such as XSS, SQLi, SSRF, XXE, etc.—by determining the final sink or interpreter (e.g., browser context, database, XML parser, shell). Use it when unsure which specific injection vector to prioritize.

This skill guides the detection and recovery of exposed version-control system (VCS) metadata, including paths for Git, SVN, and Mercurial, as well as common backup and configuration files. It is essential for authorized penetration testing when assessing an application's security posture against information leaks. Techniques include probing specific directories (e.g., /.git/HEAD) and analyzing status codes (e.g., 403 vs 404) to confirm exposure.

A comprehensive playbook for advanced mobile security assessments of iOS applications. Covers both jailbroken and non-jailbroken environments, focusing on critical attack vectors such as keychain extraction, URL scheme hijacking, Universal Links exploitation via AASA misconfigurations, runtime memory manipulation (Frida/Objection), and binary protection analysis.