Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

Commencer

security-audit

Étoiles6

Forks8

Mis à jour31 janvier 2026 à 23:22

tools and instructions for performing a security audit and penetration testing on the KMP application.

Installation

Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.

Exécuter dans Manus

Source

Ansteorra

Ansteorra/KMP

Ouvrir le dépôt GitHub Voir les dépôts du créateur

Téléchargement

Exécuter dans Manus

Métiers associésSOC

Basé sur la classification professionnelle SOC

Analystes en sécurité de l'informationProfessions informatiques et mathématiques·SOC 15-1212

Explorateur de fichiers

3 fichiers

SKILL.md

readonly

Plus depuis ce dépôt

même dépôt

code-verification

Ansteorra/KMP

Comprehensive code verification toolkit for the KMP application. Run all quality checks (PHPUnit, Jest, Webpack, PHPCS, PHPStan) and get guidance on writing tests and verifying production readiness.

2026-03-266

badge-list-consistency

Ansteorra/KMP

Badge/notification counts must use identical permissions and be a subset of the list view they link to

2026-02-136

safe-template-dsl

Ansteorra/KMP

Pattern for adding safe conditional logic to user-editable templates without eval()

2026-02-116

xlsx

Ansteorra/KMP

Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas

2026-02-026

beads

Ansteorra/KMP

Manage plan tasks using the beads distributed, git-backed graph issue tracker. Supports creating, updating, closing tasks, managing dependencies, and syncing with git.

2026-02-016

install-skills

Ansteorra/KMP

Automatically install and manage Agent Skills from GitHub repositories. Use when asked to "install a skill", "add a skill", "find skills", "browse skills", "get skills from GitHub", or when the user needs a specific capability that might exist as a community skill. Supports anthropics/skills, github/awesome-copilot, and custom GitHub repositories.

2026-02-016

name	security-audit
description	tools and instructions for performing a security audit and penetration testing on the KMP application.

Security Audit and Penetration Testing Instructions

Perform comprehensive security testing of the KMP application using both static code analysis and dynamic terminal-based testing.

Application Context

Stack: CakePHP 5.x backend, Stimulus.js frontend, MySQL database
Application URL: http://localhost:8080
Test Password: TestPassword (for all dev users)
App Directory: /workspaces/KMP/app
Reports Directory: /workspaces/KMP/security-reports

Test User Credentials for Authorization Testing

admin@amp.ansteorra.org - Super admin (full access)
iris@ampdemo.com - Basic user (minimal permissions)
bryce@ampdemo.com - Local Seneschal (moderate permissions)
eirik@ampdemo.com - Kingdom Seneschal (elevated permissions)

Security Testing Phases

Phase 1: Static Code Analysis

Analyze the codebase for security vulnerabilities without executing code.

1.1 SQL Injection Vulnerabilities

Search for raw SQL queries and unsafe database operations:

# Find raw SQL queries that might be vulnerable
grep -rn "query(" app/src/ --include="*.php"
grep -rn "\$this->connection" app/src/ --include="*.php"
grep -rn "execute(" app/src/ --include="*.php"

# Check for string concatenation in queries
grep -rn "WHERE.*\\\$" app/src/ --include="*.php"
grep -rn "SELECT.*\\\$" app/src/ --include="*.php"

Look for:

Direct variable interpolation in SQL strings
Missing parameter binding
Dynamic table/column names without whitelisting

1.2 Cross-Site Scripting (XSS)

Search for unescaped output and unsafe JavaScript:

# Find potentially unescaped PHP output
grep -rn "<?=" app/templates/ --include="*.php" | grep -v " h("
grep -rn "echo \$" app/src/ --include="*.php"

# Check for dangerous JavaScript patterns
grep -rn "innerHTML" app/assets/js/ --include="*.js"
grep -rn "document.write" app/assets/js/ --include="*.js"
grep -rn "eval(" app/assets/js/ --include="*.js"

Look for:

Output without h() helper function
Direct DOM manipulation with user input
Unsafe template rendering

1.3 Authentication & Session Security

# Check authentication configuration
cat app/src/Application.php | grep -A 50 "getAuthenticationService"

# Find session handling
grep -rn "Session" app/src/ --include="*.php"
grep -rn "cookie" app/config/ --include="*.php"

# Check password handling
grep -rn "password" app/src/ --include="*.php"
grep -rn "bcrypt\|hash\|PASSWORD_DEFAULT" app/src/ --include="*.php"

Look for:

Weak session configuration
Missing CSRF protection
Insecure password storage
Session fixation vulnerabilities

1.4 Authorization Bypass

# Check policy implementations
find app/src/Policy -name "*.php" -exec cat {} \;

# Find authorization checks in controllers
grep -rn "authorize\|canAccess\|isAuthorized" app/src/Controller/ --include="*.php"

# Check for missing authorization
grep -rn "public function" app/src/Controller/ --include="*.php" | head -50

Look for:

Controllers without authorization checks
IDOR (Insecure Direct Object Reference) vulnerabilities
Privilege escalation paths

1.5 File Upload Vulnerabilities

# Find file upload handling
grep -rn "upload\|getClientFilename\|moveTo" app/src/ --include="*.php"
grep -rn "file_put_contents\|move_uploaded_file" app/src/ --include="*.php"

# Check allowed file types
grep -rn "mime\|extension\|ALLOWED" app/src/ --include="*.php"

Look for:

Missing file type validation
Path traversal in filenames
Executable file uploads

1.6 Sensitive Data Exposure

# Find hardcoded credentials or secrets
grep -rn "password\s*=\s*['\"]" app/src/ --include="*.php"
grep -rn "api_key\|secret\|token" app/src/ --include="*.php"
grep -rn "API_KEY\|SECRET" app/config/ --include="*.php"

# Check .env file for sensitive data
cat app/config/.env 2>/dev/null || echo ".env not found"

# Find logging of sensitive data
grep -rn "Log::" app/src/ --include="*.php" | grep -i "password\|token\|secret"

1.7 Command Injection

# Find shell command execution
grep -rn "exec(\|shell_exec\|system(\|passthru\|popen\|proc_open" app/src/ --include="*.php"
grep -rn "``" app/src/ --include="*.php"

1.8 Dependency Vulnerabilities

# Check PHP dependencies
cd /workspaces/KMP/app && composer audit

# Check JavaScript dependencies
cd /workspaces/KMP/app && npm audit 2>/dev/null || echo "No package-lock.json"

Phase 2: Dynamic Security Testing

Execute runtime tests against the running application.

2.1 Prerequisite Checks

# Verify application is running
curl -s -o /dev/null -w "%{http_code}" http://localhost:8080

# Create reports directory
mkdir -p /workspaces/KMP/security-reports

2.2 Authentication Testing

Test login functionality for common vulnerabilities:

# Test for user enumeration
curl -s -X POST http://localhost:8080/members/login \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=nonexistent@test.com&password=wrong" | grep -i "error\|invalid\|incorrect"

curl -s -X POST http://localhost:8080/members/login \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=admin@amp.ansteorra.org&password=wrong" | grep -i "error\|invalid\|incorrect"

# Test for brute force protection (try 5 rapid requests)
for i in {1..5}; do
  curl -s -X POST http://localhost:8080/members/login \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "email=admin@amp.ansteorra.org&password=wrong$i" -o /dev/null -w "%{http_code}\n"
done

2.3 SQL Injection Testing

# Test common SQL injection patterns
curl -s "http://localhost:8080/members/view/1'" | head -20
curl -s "http://localhost:8080/members/view/1%20OR%201=1" | head -20
curl -s "http://localhost:8080/members?search=test'%20OR%20'1'='1" | head -20

2.4 XSS Testing

# Test reflected XSS
curl -s "http://localhost:8080/members?search=<script>alert(1)</script>" | grep -o "<script>alert(1)</script>"

# Test for proper encoding
curl -s "http://localhost:8080/members?search=%3Cscript%3Ealert(1)%3C/script%3E" | grep -o "&lt;script&gt;"

2.5 CSRF Protection

# Check for CSRF tokens in forms
curl -s http://localhost:8080/members/login | grep -i "csrf\|_token\|_csrfToken"

# Attempt POST without CSRF token (should fail)
curl -s -X POST http://localhost:8080/members/add \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "name=test" -w "%{http_code}"

2.6 Directory Traversal

# Test path traversal
curl -s "http://localhost:8080/../../../etc/passwd" -o /dev/null -w "%{http_code}"
curl -s "http://localhost:8080/..%2F..%2F..%2Fetc%2Fpasswd" -o /dev/null -w "%{http_code}"

# Check for exposed sensitive files
curl -s "http://localhost:8080/.env" -o /dev/null -w "%{http_code}"
curl -s "http://localhost:8080/config/app.php" -o /dev/null -w "%{http_code}"
curl -s "http://localhost:8080/.git/config" -o /dev/null -w "%{http_code}"

2.7 Security Headers Check

# Check response headers
curl -s -I http://localhost:8080 | grep -iE "x-frame-options|x-content-type|x-xss-protection|strict-transport|content-security-policy"

2.8 IDOR Testing (Requires Authentication)

# Login as basic user and try to access admin resources
# First get a session cookie (manual step or use browser automation)
curl -c cookies.txt -X POST http://localhost:8080/members/login \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=iris@ampdemo.com&password=TestPassword" -L

# Try to access another user's data
curl -b cookies.txt "http://localhost:8080/members/view/1" -o /dev/null -w "%{http_code}"
curl -b cookies.txt "http://localhost:8080/members/edit/1" -o /dev/null -w "%{http_code}"

# Cleanup
rm -f cookies.txt

Phase 3: Automated Security Scanners

Use available security tools for comprehensive scanning.

3.1 PHP Security Checker

cd /workspaces/KMP/app
local-php-security-checker 2>/dev/null || echo "local-php-security-checker not installed"

3.2 OWASP Dependency Check

dependency-check --project "KMP" \
  --scan "/workspaces/KMP/app" \
  --out "/workspaces/KMP/security-reports/dependency-check" \
  --format HTML 2>/dev/null || echo "dependency-check not installed"

3.3 Nikto Web Scanner

nikto -h http://localhost:8080 \
  -o /workspaces/KMP/security-reports/nikto-report.html \
  -Format html 2>/dev/null || echo "nikto not installed"

3.4 Nuclei Vulnerability Scanner

nuclei -u http://localhost:8080 \
  -o /workspaces/KMP/security-reports/nuclei-report.txt \
  -silent 2>/dev/null || echo "nuclei not installed"

Phase 4: CakePHP-Specific Security Checks

4.1 Debug Mode Check

# Ensure debug mode is off in production config
grep -r "debug" app/config/app.php app/config/app_local.php 2>/dev/null

4.2 Security Component Configuration

# Check Security component usage
grep -rn "Security" app/src/Controller/ --include="*.php"
grep -rn "FormProtection" app/src/Controller/ --include="*.php"

4.3 Safe Query Practices

# Verify ORM usage (safe) vs raw queries (potentially unsafe)
echo "=== ORM Usage (Safe) ==="
grep -c "->find\|->get\|->save\|->delete" app/src/Model/Table/*.php 2>/dev/null || echo "No Table files found"

echo "=== Raw Queries (Review Needed) ==="
grep -rn "getConnection\|query(" app/src/ --include="*.php"

Reporting Template

When reporting findings, use this format:

Vulnerability Report

Severity	Category	Location	Description	Remediation
CRITICAL	SQL Injection	src/Controller/X.php:42	Raw query with user input	Use parameter binding
HIGH	XSS	templates/Members/view.php:15	Unescaped output	Use h() helper
MEDIUM	Auth	src/Application.php	Weak session timeout	Increase session security
LOW	Headers	N/A	Missing X-Frame-Options	Add security headers

Risk Levels

CRITICAL: Immediate exploitation possible, data breach risk
HIGH: Significant security flaw, needs priority fix
MEDIUM: Security weakness, should be addressed
LOW: Minor issue, best practice recommendation
INFO: Informational finding, no direct security impact

Testing Workflow

Start with Phase 1 - Analyze code without running app
Verify app is running - Check http://localhost:8080 responds
Run Phase 2 - Dynamic tests against running app
Run Phase 3 - Automated scanners if available
Run Phase 4 - CakePHP-specific checks
Compile Report - Document all findings with severity ratings
Suggest Remediation - Provide fix recommendations for each issue

Security Testing Best Practices

Never test in production without authorization
Document all findings immediately
Verify false positives before reporting
Prioritize findings by risk level
Provide actionable remediation steps
Re-test after fixes are applied