Claude Code Plugins

Community-maintained marketplace

Feedback

web-security

@kiwamizamurai/cctf
0
0

Exploits web application vulnerabilities. Use when working with SQL injection, XSS, SSRF, SSTI, command injection, path traversal, authentication bypass, deserialization, or any web-based CTF challenge.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name web-security
description Exploits web application vulnerabilities. Use when working with SQL injection, XSS, SSRF, SSTI, command injection, path traversal, authentication bypass, deserialization, or any web-based CTF challenge.
allowed-tools Bash, Read, Write, Grep, Glob

Web Security Skill

Quick Workflow

Progress:
- [ ] Identify technology stack
- [ ] Check common files (robots.txt, .git)
- [ ] Test injection points (SQLi, XSS, SSTI)
- [ ] Check authentication/session flaws
- [ ] Develop exploit
- [ ] Extract flag

Quick Recon

# Directory enumeration
gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt
ffuf -u http://target/FUZZ -w wordlist.txt

# Technology detection
whatweb http://target
curl -I http://target

# Check robots.txt, .git exposure
curl http://target/robots.txt
curl http://target/.git/HEAD

Vulnerability Reference

Vulnerability Reference File
SQL Injection reference/sqli.md
XSS reference/xss.md
SSTI reference/ssti.md
Command Injection reference/command-injection.md
SSRF / Path Traversal reference/ssrf-lfi.md
Auth Bypass / Deserialization reference/auth-deser.md

Tools Quick Reference

Tool Purpose Command
sqlmap SQLi automation sqlmap -u URL --dbs
commix Command injection commix -u URL
tplmap SSTI automation tplmap -u URL
ffuf Fuzzing ffuf -u URL/FUZZ -w wordlist
Burp Suite Proxy/intercept GUI
jwt_tool JWT attacks jwt_tool TOKEN