Share
## https://sploitus.com/exploit?id=6C8F2BDF-C903-5D95-9EEA-4370317A8B23
# websec-skills
Web Security Vulnerability Testing Skills Set, including attack playbooks for 44 types of vulnerabilities, used for AI Agent-assisted security testing. ## Skill List
| Category | Skill | Description |
|--------|------|------|
| ** Injection Types ** | [sqli](sqli/) | SQL injection |
| | [nosql-injection](nosql-injection/) | NoSQL injection |
| | [command-injection](command-injection/) | Command injection |
| | [xpath-injection](xpath-injection/) | XPath injection |
| | [ldap-injection](ldap-injection/) | LDAP injection |
| | [expression-language](expression-language/) | EL/SpEL/OGNL expression injection |
| | [ssti](ssti/) | Server-side template injection |
| | [xxe](xxe/) | XML external entity injection |
| | [csv-injection](csv-injection/) | CSV/spreadsheet formula injection |
| | [crlf-injection](crlf-injection/) | CRLF injection |
| ** Front-end Security ** | [xss](xss/) | Cross-site scripting |
| | [csrf](csrf/) | Cross-site request fraud |
| | [clickjacking](clickjacking/) | Clickjacking |
| | [cors](cors/) | CORS cross-domain configuration errors |
| | [prototype-pollution](prototype-pollution/) | Prototype chain pollution |
| ** Authentication and Session ** | [authentication-bypass](authentication-bypass/) | Authentication bypass |
| | [jwt-attacks](jwt-attacks/) | JWT attacks |
| | [oauth-oidc](oauth-oidc/) | OAuth/OIDC configuration errors |
| | [saml-attacks](saml-attacks/) | SAML SSO attacks |
| | [idor](idor/) | Overlay access |
| ** Server-side Vulnerabilities ** | [ssrf](ssrf/) | Server-side request forgeing |
| | [file-upload](file-upload/) | File upload vulnerabilities |
| | [path-traversal](path-traversal/) | Path traversal |
| | [deserialization](deserialization/) | Deserialization vulnerabilities |
| | [race-condition](race-condition/) | Race conditions |
| | [request-smuggling](request-smuggling/) | HTTP request smuggling |
| | [business-logic](business-logic/) | Business logic vulnerabilities |
| | [source-code-exposure](source-code-exposure/) | Source code/configuration leaks |
| | [unauthorized-access](unauthorized-access/) | Unauthorized access |
| ** API Security ** | [api-security](api-security/) | API security entry points |
| | [graphql](graphql/) | GraphQL security testing |
| | [websocket](websocket/) | WebSocket security testing |
| | [hpp](hpp/) | HTTP parameter pollution |
| ** Web Infrastructure ** | [cache-deception](cache-deception/) | Web cache deception/toxicity |
| | [open-redirect](open-redirect/) | Open redirection |
| | [dependency-confusion](dependency-confusion/) | Dependency confusion |
| | [jndi-injection](jndi-injection/) | JNDI injection |
| | [type-juggling](type-juggling/) | PHP type juggling |
| | [xslt-injection](xslt-injection/) | XSLT injection |
| ** Mobile Security ** | [mobile-security](mobile-security/) | Android/iOS security testing |
| ** Tools and Reconnaissance ** | [burp-mcp](burp-mcp/) | Burp Suite MCP automation |
| | [recon-and-methodology](recon-and-methodology/) | Reconnaissance and methodology |
| | [cyber Strike Eino demo](cyber Strike Eino demo/) | CyberStrike Eino full-set example skill pack |
## How to Use
The `SKILL.md` file under each skill directory is the main entry file, which can be directly loaded for use with the AI Agent. ## License
MIT