Skip to main content
Ejecuta cualquier Skill en Manus
con un clic
Repositorio de GitHub

securevibes

securevibes contiene 9 skills recopiladas de anshumanbh, con cobertura ocupacional por repositorio y páginas de detalle dentro del sitio.

skills recopiladas
9
Stars
280
actualizado
2026-02-06
Forks
63
Cobertura ocupacional
1 categorías ocupacionales · 100% clasificado
explorador de repositorios

Skills en este repositorio

ssrf-testing
Analistas de seguridad de la información

Validate Server-Side Request Forgery (SSRF) vulnerabilities by testing if user-controlled URLs can reach internal services, cloud metadata endpoints, or alternative protocols. Use when testing CWE-918 (SSRF), CWE-441 (Unintended Proxy), CWE-611 (XXE leading to SSRF), or findings involving URL fetching, webhooks, file imports, image/PDF/SVG processing, or XML parsing with external entities.

2026-02-06
command-injection-testing
Analistas de seguridad de la información

Validate OS Command Injection vulnerabilities including direct command injection, blind command injection via time delays, and out-of-band command execution. Test by injecting shell metacharacters and commands into user-controlled inputs. Use when testing CWE-78 (OS Command Injection), CWE-77 (Command Injection), CWE-88 (Argument Injection), or related command execution vulnerabilities.

2026-01-20
nosql-injection-testing
Analistas de seguridad de la información

Validate NoSQL injection vulnerabilities across MongoDB, Cassandra, CouchDB, Redis, and other NoSQL databases. Test operator injection, JavaScript injection, and query manipulation patterns. Use when testing CWE-943 (Improper Neutralization of Special Elements in Data Query Logic) and related NoSQL injection classes.

2026-01-20
sql-injection-testing
Analistas de seguridad de la información

Validate SQL injection vulnerabilities (including blind SQLi) across time-based, error-based, boolean-based, UNION-based, stacked-query, and out-of-band patterns. Use when testing CWE-89 (SQL Injection), CWE-564 (Hibernate SQL Injection), and related SQL injection classes across MySQL, PostgreSQL, MSSQL, Oracle, and SQLite targets.

2026-01-20
xss-testing
Analistas de seguridad de la información

Validate Cross-Site Scripting (XSS) vulnerabilities including Reflected, Stored, and DOM-based XSS. Test by injecting script payloads into user-controlled inputs and observing if they execute in browser context. Use when testing CWE-79 (XSS), CWE-80 (Basic XSS), CWE-81 (Error Message XSS), CWE-83 (Attribute XSS), CWE-84 (URI Scheme XSS), CWE-85 (Doubled Character XSS), CWE-86 (Invalid Character XSS), CWE-87 (Alternate XSS Syntax), or related XSS findings.

2026-01-20
xxe-testing
Analistas de seguridad de la información

Validate XML External Entity (XXE) injection vulnerabilities including file disclosure, SSRF, denial of service, and blind XXE via out-of-band channels. Test by injecting malicious XML with external entity references into endpoints that parse XML. Use when testing CWE-611 (XXE), CWE-827 (Improper Control of Document Type Definition), or related XML parsing vulnerabilities.

2026-01-20
authorization-testing
Analistas de seguridad de la información

Validate authorization failures including IDOR, privilege escalation, and missing access controls. Test by attempting unauthorized access with lower-privileged credentials. Use when testing CWE-639 (IDOR), CWE-269 (Improper Privilege Management), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-284 (Improper Access Control), CWE-285 (Improper Authorization), or CWE-425 (Direct Request / Forced Browsing) findings.

2026-01-20
injection-testing
Analistas de seguridad de la información

Validate miscellaneous injection vulnerabilities NOT covered by dedicated skills. Covers SSTI, LDAP, XPath, XQuery, CRLF/HTTP Header, Email Header, GraphQL, Expression Language (EL/OGNL), JSON/JavaScript eval injection, ORM/HQL, CSV/Formula, Regex (ReDoS), YAML config, and Shellshock-style injection. Use when testing CWE-1336 (SSTI), CWE-90 (LDAP), CWE-643 (XPath), CWE-652 (XQuery), CWE-93/CWE-113 (CRLF/Header), CWE-917 (EL), CWE-94/CWE-95 (Code/Eval injection), CWE-1333 (ReDoS), CWE-1236 (CSV/Formula), and related injection classes.

2026-01-20
agentic-security-threat-modeling
Analistas de seguridad de la información

Identify agentic AI security threats based on OWASP Top 10 for Agentic Applications 2026. Use when analyzing AI agents, LLM-powered applications, chatbots, auto-reply systems, tool-using AI, browser automation, sandbox execution, or any application that uses AI/LLM APIs (Anthropic, OpenAI, Claude, GPT) to process user input and take actions.

2026-01-20