一键导入
server-side
Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | server-side |
| description | Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection. |
Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.
| Type | Key Vectors |
|---|---|
| SSRF | Internal service access, cloud metadata, protocol smuggling |
| HTTP Smuggling | CL.TE, TE.CL, TE.TE, CL.0, H2.CL, h2c, multi-layer proxy chains, connection pooling desync |
| Path Traversal | Directory traversal, null bytes, encoding bypass |
| File Upload | Extension bypass, content-type manipulation, polyglot files |
| Deserialization | Java, PHP, Python, .NET gadget chains |
| Host Header | Password reset poisoning, cache poisoning, routing-based SSRF |
| CUPS / cups-browsed | CVE-2024-47076/47175/47176/47177 — UDP browse → IPP injection → PPD injection → foomatic-rip RCE (see skills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md) |
reference/scenarios/ssrf/*.md - SSRF techniques and labsreference/http-request-smuggling*.md - Smuggling techniquesreference/scenarios/path-traversal/*.md - Path traversal bypass methodsreference/file-upload*.md - File upload exploitationreference/insecure-deserialization*.md - Deserialization attacksreference/http-host-header*.md - Host header injectionskills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md - CUPS RCE chain (CVE-2024-47076/175/176/177); ipptool false positives vs libcups runtime parser; ippserver Python lib version-1.1 hardcode bugThreat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.