Search Results: k-skill

Found 700 Skills

Security & Complianceyaklang/hack-skills

business-logic-vuln

Entry P1 category router for business logic testing. Use when workflow abuse, race conditions, pricing flaws, or multi-step state attacks matter more than parser-level input injection.

🇨🇳|ChineseTranslated

Security & Complianceyaklang/hack-skills

http-parameter-pollution

HTTP Parameter Pollution (HPP): duplicate query/body keys parsed differently by servers, proxies, WAFs, and app frameworks. Use when filters and application layers disagree on which value wins, enabling bypass, SSRF second URL, logic abuse, or CSRF token confusion.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

authbypass-authentication-flaws

Authentication bypass testing playbook. Use when assessing login flows, password reset logic, account recovery, MFA bypass, token predictability, brute-force resistance, and session boundary flaws.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

hack

Entry P0 primary router for HackSkills. Use when the task involves web application testing, API security assessment, recon, vulnerability triage, exploit path planning, or choosing the right next category skill before any deep topic skill.

🇨🇳|ChineseTranslated

Security & Complianceyaklang/hack-skills

api-recon-and-docs

API reconnaissance and documentation review playbook. Use when discovering endpoints, schemas, versions, OpenAPI specs, hidden docs, and surface area for API testing.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

jwt-oauth-token-attacks

JWT and OAuth token attack playbook. Use when validating token trust, signing algorithms, key handling, claim abuse, bearer flows, and OAuth account-binding weaknesses.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

api-auth-and-jwt-abuse

API authentication and JWT abuse playbook. Use when testing bearer tokens, API keys, claim trust, header spoofing, rate limits, and API auth boundary weaknesses.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

expression-language-injection

Expression Language injection playbook. Use when Java EL, SpEL, OGNL, or MVEL expressions may evaluate attacker-controlled input in Spring, Struts2, Confluence, or similar frameworks.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

sqli-sql-injection

SQL injection playbook. Use when input reaches SQL queries, authentication logic, sorting, filtering, reporting, or DB-specific blind and out-of-band execution paths.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

open-redirect

Open redirect playbook. Use when URL parameters, form actions, or JavaScript sinks control navigation targets and may redirect users to attacker-controlled destinations.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

upload-insecure-files

Insecure file upload playbook. Use when testing upload validation, storage paths, processing pipelines, preview behavior, overwrite risks, and upload-to-RCE chains.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

nosql-injection

NoSQL injection playbook. Use when MongoDB-style operators, JSON query objects, flexible search filters, or backend query DSLs may allow data or logic abuse.

🇺🇸|EnglishTranslated