vulnerability▌
11 indexed skills · max 10 per page
idor-vulnerability-testing
davila7/claude-code-templates · Testing
Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This skill covers both database object references and static file references, detection techniques using parameter manipulation and enumeration, exploitation via Burp Suite, and remediation strategies for securing applications against unauthorized access.
algorand-vulnerability-scanner
trailofbits/skills · Backend
Detects 11 Algorand-specific smart contract vulnerabilities including rekeying attacks, unchecked transaction fields, and access control issues. \n \n Scans TEAL and PyTeal files for critical patterns like missing RekeyTo validation, unchecked CloseRemainderTo/AssetCloseTo fields, and group transaction manipulation \n Integrates with Tealer (Trail of Bits static analyzer) for automated detection and provides manual vulnerability sweep workflows \n Covers stateful applications and smart signature
substrate-vulnerability-scanner
trailofbits/skills · Productivity
Scans Substrate pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, and bad origin checks. \n \n Detects arithmetic overflow, panics, incorrect weights, verify-first violations, unsigned transaction validation issues, bad randomness, and bad origin patterns across FRAME pallets \n Includes platform detection for Substrate/FRAME projects, scanning workflow with step-by-step guidance, and severity prioritization (critical, high, medium) \n Provides fuzz testing, benchm
idor-vulnerability-testing
sickn33/antigravity-awesome-skills · Testing
Provide systematic methodologies for identifying and exploiting Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. This skill covers both database object references and static file references, detection techniques using parameter manipulation and enumeration, exploitation via Burp Suite, and remediation strategies for securing applications against unauthorized access.
vulnerability-scanning
aj-geddes/useful-ai-prompts · Productivity
Systematically identify security vulnerabilities in applications, dependencies, and infrastructure using automated scanning tools and manual security assessments.
vulnerability-scanner
davila7/claude-code-templates · Productivity
Think like an attacker, defend like an expert. 2025 threat landscape awareness.
vulnerability-scanner
sickn33/antigravity-awesome-skills · Productivity
Advanced vulnerability analysis aligned with OWASP 2025, supply chain threats, and risk prioritization frameworks. \n \n Covers OWASP Top 10:2025 including new categories for supply chain security (A03) and exceptional conditions (A10), with threat modeling questions and attack vector mapping \n Provides attack surface mapping methodology, CVSS/EPSS-based risk prioritization, and a four-phase scanning approach (reconnaissance, discovery, analysis, reporting) \n Includes code pattern analysis for
cosmos-vulnerability-scanner
trailofbits/skills · Productivity
Scans Cosmos SDK blockchains and CosmWasm contracts for 9 consensus-critical vulnerabilities. \n \n Detects non-determinism, incorrect signers, ABCI panics, rounding errors, missing validations, and reentrancy patterns that cause chain halts or fund loss \n Supports Go (Cosmos SDK modules) and Rust (CosmWasm contracts) with automatic platform detection via file extensions and import markers \n Provides detailed findings with vulnerable code snippets, attack scenarios, and step-by-step remediatio
ton-vulnerability-scanner
trailofbits/skills · Productivity
Scans TON smart contracts for 3 critical vulnerabilities: integer-as-boolean misuse, fake Jetton contracts, and unsafe gas forwarding. \n \n Detects FunC contracts via file extensions ( .fc , .func ) and TON project structure (Blueprint, toncli configs) \n Identifies three vulnerability patterns: missing sender validation in Jetton handlers, incorrect boolean logic using positive integers instead of -1/0, and forward TON amounts without gas checks \n Provides detailed findings with vulnerable co
cairo-vulnerability-scanner
trailofbits/skills · AI/ML
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, and signature replay attacks. \n \n Detects 6 vulnerability patterns: unchecked arithmetic, storage collision, missing access control, improper felt252 boundaries, unvalidated contract addresses, and missing caller validation \n Analyzes L1 handler functions for unvalidated from_address parameters and L1-L2 bridge implementations for cross-layer messaging vulnerabili