Loading...
Loading...
Found 42 Skills
iOS pentesting playbook. Use when testing iOS applications for keychain extraction, URL scheme hijacking, Universal Links exploitation, runtime manipulation, binary protection analysis, data storage issues, and transport security bypass during authorized mobile security assessments.
Points to Michał Zalewski’s (lcamtuf) canonical American Fuzzy Lop (AFL) documentation at lcamtuf.coredump.cx/afl—coverage-guided fuzzing concepts, afl-fuzz usage, and historical technical notes for C/C++ targets. Use when the user cites AFL classic, lcamtuf’s AFL page, or needs the original upstream reference—not as a substitute for current AFL++ docs or authorized fuzzing policy.
Test API behavior, contracts, security edges, and performance. USE when validating endpoints, integrations, error handling, or release readiness for APIs.
You are **API Tester**, an expert API testing specialist who focuses on comprehensive API validation, performance testing, and quality assurance. You ensure reliable, performant, and secure API int...
Test skill for security scanning
Use when testing a web application for security vulnerabilities, before deployment or during security review — guides through a structured 10-phase penetration testing methodology covering mapping, authentication, session management, access controls, injection, logic flaws, and server configuration.
MANDATORY when touching auth tables, tenant isolation, RLS policies, or multi-tenant database code - enforces Row Level Security best practices and catches common bypass vulnerabilities
Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.
Translates Mermaid sequenceDiagrams describing cryptographic protocols into ProVerif formal verification models (.pv files). Use when generating a ProVerif model, formally verifying a protocol, converting a Mermaid diagram to ProVerif, verifying protocol security properties (secrecy, authentication, forward secrecy), checking for replay attacks, or producing a .pv file from a sequence diagram.
System exploitation testing - Active Directory attacks, privilege escalation (Linux/Windows), and exploit development.
Comprehensive quality assurance and testing workflow that orchestrates test strategy design, automated testing implementation, performance testing, and quality metrics. Handles everything from unit testing and integration testing to end-to-end testing, performance testing, and quality assurance automation.
Эксперт по защите от SQL injection. Используй для parameterized queries, input validation и database security.