Help with authorized Web pentest, Web fuzzing, and CTF-style vulnerability analysis. Use this skill whenever the user wants payload ideas, fuzz dictionaries, quick probe strings, test methodology, response-difference heuristics, or per-vulnerability checklists for common Web bugs such as SQL injection, XSS, SSTI, SSRF, XXE, file inclusion, IDOR, JWT weaknesses, deserialization, auth bypass, or command injection. Make sure to use it when the user asks how to test a Web bug, what characters or tokens to fuzz, how to organize notes by vulnerability type, or which vulnerability family a behavior most likely belongs to, even if they do not explicitly mention a skill.
Help with authorized Web pentest, Web fuzzing, and CTF-style vulnerability analysis. Use this skill whenever the user wants payload ideas, fuzz dictionaries, quick probe strings, test methodology, response-difference heuristics, or per-vulnerability checklists for common Web bugs such as SQL injection, XSS, SSTI, SSRF, XXE, file inclusion, IDOR, JWT weaknesses, deserialization, auth bypass, or command injection. Make sure to use it when the user asks how to test a Web bug, what characters or tokens to fuzz, how to organize notes by vulnerability type, or which vulnerability family a behavior most likely belongs to, even if they do not explicitly mention a skill.
pentest-fuzz-skill
Use this skill to route a Web security question into the right vulnerability family, then give short, practical, test-oriented guidance.
Keep the scope on authorized testing, labs, demos, CTFs, or systems the user is permitted to assess.
Safety boundary
Help only with authorized testing.
If authorization is unclear and the request is target-specific, ask one short clarification.
Do not pretend a random public target is in scope.
What this skill should do
Identify the likely vulnerability family.
Route to the closest directory in this skill.
Give a compact answer with:
what the bug is
quick payload examples
how to test it safely
what response differences matter
what to fuzz next
Stay practical. Avoid long theory unless the user asks.
Suggested response shape
Likely issue
Name the most likely bug family and why it matches the request.
Quick tests
Give 2-5 lightweight probes or payloads.
What to compare
Point out useful signals such as:
status code changes
body length or word-count changes
reflected characters or encoded output
stack traces, SQL errors, template errors, XML parser errors
timing differences
privilege or data exposure changes
Next fuzz ideas
Recommend the next character set, payload family, or request mutation to try.
Directory map
sqli/: SQL injection basics, fuzzing cues, and fuzz.txt
xss/: reflected, stored, and DOM XSS basics, fuzzing cues, and fuzz.txt
ssti/: template injection basics, engine probes, and fuzz.txt
ssrf/: server-side request forgery checks, SSRF-oriented fuzzing, and fuzz.txt
xxe/: XML external entity testing, parser-oriented fuzzing, and fuzz.txt
lfi-rfi/: file inclusion, traversal notes, and fuzz.txt
idor/: object access control, identifier enumeration notes, and fuzz.txt
jwt/: JWT inspection, weakness checks, and fuzz.txt
rce/: command injection, code execution notes, and fuzz.txt
deserialization/: unsafe deserialization notes and fuzz.txt
Each vulnerability directory should be treated as a small bundle:
README.md for navigation
overview.md for bug summary and sample payloads
fuzzing.md for testing heuristics
fuzz.txt for a compact wordlist or token list to reuse in manual or scripted probing
Routing hints
SQL errors, quote handling, login bypass, UNION behavior: start with sqli/.
Reflection into HTML, attributes, JS, or admin bot flows: start with xss/.
{{7*7}}, ${7*7}, or template syntax: start with ssti/.
URL fetchers, webhooks, image importers, PDF renderers, metadata lookups: start with ssrf/.
XML bodies, SOAP, SVG, DOCX/XLSX import, SAML: start with xxe/.
File paths, traversal, include parameters, download/read endpoints: start with lfi-rfi/.
Numeric IDs, UUIDs, object keys, other-user data exposure: start with idor/.