Loading...
Loading...
Found 13 Skills
List all tables exposed via the Supabase PostgREST API to identify the attack surface.
Test if user signup is open and identify potential abuse vectors in the registration process.
Test for user enumeration vulnerabilities through various authentication endpoints.
List all storage buckets and their configuration to identify the storage attack surface.
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
Analyze Supabase authentication configuration for security weaknesses and misconfigurations.
Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege escalation.
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
Identify storage buckets that are publicly accessible and may contain sensitive data.
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
Attempt to list and read files from storage buckets to verify access controls.
Attempt to read data from exposed tables to verify actual data exposure and RLS effectiveness.