pentest-vuln-verify-test
This Claude Code skill automates the verification of common web vulnerabilities, specifically open redirects and XSS attacks, by parsing and manipulating raw HTTP requests with strict validation criteria. Use it during penetration testing workflows to confirm vulnerability exploitability through payload injection, session cookie manipulation, and response pattern matching for meta refresh tags or HTTP 3xx redirects.
git clone --depth 1 https://github.com/jd-opensource/JoySafeter /tmp/pentest-vuln-verify-test && cp -r /tmp/pentest-vuln-verify-test/skills/pentest-vuln-verify ~/.claude/skills/pentest-vuln-verify-testSKILL.md
# 漏洞验证自动化 ## 描述 此技能专注于通过操作原始 HTTP 请求来自动验证 Web 漏洞(特别是开放重定向和 XSS)。它处理会话上下文切换(Cookie 替换)和严格的成功标准验证。 ## 核心能力 - 原始 HTTP 请求解析与重构 - 认证会话操作(Cookie 交换) - 自动 Payload 投递 - 响应模式匹配(Meta Refresh / HTTP 30x) ## 参考工作流 - [验证逻辑与流程](references/workflows.md#verification-logic) - [成功标准定义](references/workflows.md#success-criteria) - [工具使用指南](references/tools.md) ## 工具 - Curl (HTTP 客户端) - Bash (脚本编写) - Grep (响应解析) - Burp Suite (用于生成原始请求)
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
Use when you have a written implementation plan to execute in a separate session with review checkpoints
OpenClaw 安全检测工具,基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性
OpenClaw 攻击模式检测工具,识别数据外传、反弹Shell、文件泄露、Prompt注入、供应链投毒等高危行为,支持 MITRE ATT&CK 映射
Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.