vuln-skills

Use when auditing Go code involving authentication flows, RBAC policies, Kubernetes admission webhooks, JWT/OAuth token validation, or privilege escalation in cloud-native infrastructure. Covers CWE-287/863/269/284/285/862. Keywords: authentication bypass, authorization bypass, RBAC, admission webhook, JWT, OAuth, privilege escalation, Rancher, Kyverno, impersonation, namespace isolation, middleware auth

Use when auditing Go code involving TLS configuration, certificate validation, JWT token parsing, SAML assertion verification, webhook signature checking, or cryptographic operations. Covers CWE-295/347/345. Keywords: InsecureSkipVerify, TLS, mTLS, certificate validation, JWT algorithm, SAML signature, cosign, sigstore, hmac.Equal, X.509, webhook HMAC

Use when auditing Go code involving goroutine management, channel operations, HTTP request handling, resource allocation, or panic recovery. Covers CWE-400/770/476. Keywords: denial of service, goroutine leak, channel deadlock, panic recover, io.ReadAll, resource exhaustion, OOM, HTTP/2 abuse, protobuf, unbounded allocation, rate limiting

Use when auditing Go code involving logging, error handling, HTTP response data, Kubernetes Secret management, or credential storage. Covers CWE-200/532/522/312/552. Keywords: information disclosure, credential leak, log exposure, Kubernetes Secret, json tag, struct formatting, error message, stack trace, Rancher, Argo CD, sensitive data

Use when auditing Go code involving OS command execution, SQL queries, template rendering, or child command invocation. Covers CWE-78/89/77/94/88. Keywords: command injection, SQL injection, exec.Command, os/exec, database/sql, text/template, html/template, argument injection, shell injection, Gogs, Grafana, MCP stdio

Use when auditing Go code involving file path operations, archive extraction, symlink handling, container volume mounts, or HTTP file serving. Covers CWE-22/59. Keywords: path traversal, directory traversal, filepath.Join, symlink, archive extraction, zip slip, tar, volume mount, go-git, Helm chart, os.Open, filepath.Clean

Use when auditing Go code involving HTTP client requests, webhook callbacks, URL handling, HTML template rendering in Go web frameworks, or CSRF protection. Covers CWE-918/352/79. Keywords: SSRF, server-side request forgery, XSS, cross-site scripting, CSRF, http.Get, http.Client, template.HTML, Gin, Echo, Fiber, webhook, Kyverno, DNS rebinding

Use when performing penetration testing targeting access control and privilege escalation vulnerabilities. Keywords: access control, privilege escalation, RBAC bypass, tenant isolation, vertical escalation, horizontal escalation, missing authorization, SAML bypass

Use when performing penetration testing targeting authentication bypass vulnerabilities. Keywords: authentication bypass, OTP bypass, 2FA bypass, login bypass, session fixation, default credentials, account takeover, token manipulation

Use when performing penetration testing targeting business logic flaws, denial of service, and race condition vulnerabilities. Keywords: business logic, race condition, TOCTOU, denial of service, ReDoS, resource exhaustion, rate limiting bypass, workflow bypass

Use when performing penetration testing targeting command injection and remote code execution vulnerabilities. Keywords: command injection, OS command injection, RCE, remote code execution, code injection, shell injection, deserialization, Log4Shell

Use when performing penetration testing targeting deserialization, XXE, and dangerous file upload vulnerabilities. Keywords: deserialization, insecure deserialization, XXE, XML external entities, file upload, unrestricted upload, pickle, Java serialization, gadget chain

Use when performing penetration testing targeting insecure direct object reference vulnerabilities. Keywords: IDOR, broken object level authorization, BOLA, parameter tampering, horizontal privilege escalation, API authorization, UUID guessing

Use when performing penetration testing targeting information disclosure and sensitive data exposure vulnerabilities. Keywords: information disclosure, sensitive data exposure, credential leak, API key exposure, directory listing, error message leakage, debug info, cleartext storage

Use when performing penetration testing targeting memory corruption vulnerabilities in native applications. Keywords: buffer overflow, heap overflow, use-after-free, integer overflow, format string, stack overflow, type confusion, out-of-bounds read/write

Use when performing penetration testing targeting path traversal and file inclusion vulnerabilities. Keywords: path traversal, directory traversal, LFI, RFI, file read, file write, dot-dot-slash, null byte, symlink attack, zip slip

Use when performing penetration testing targeting request forgery vulnerabilities including CSRF, HTTP request smuggling, and CRLF injection. Keywords: CSRF, cross-site request forgery, HTTP smuggling, request smuggling, CRLF injection, header injection, clickjacking, desync attack

Use when performing penetration testing targeting SQL injection vulnerabilities in web applications. Keywords: SQL injection, blind SQLi, union-based, error-based, time-based, second-order injection, ORM injection, parameterized queries bypass

Use when performing penetration testing targeting server-side request forgery vulnerabilities. Keywords: SSRF, server-side request forgery, URL parameter manipulation, internal service access, cloud metadata, blind SSRF, DNS rebinding

Use when performing penetration testing targeting cross-site scripting vulnerabilities including stored, reflected, and DOM-based XSS. Keywords: XSS, stored XSS, reflected XSS, DOM XSS, content injection, HTML injection, JavaScript injection, CSP bypass

Use when auditing Python code involving authentication flows, permission checks, access control logic, JWT/token validation, decorator-based protection, or SSO/OAuth identity binding. Covers CWE-285/287/863. Keywords: authentication bypass, authorization bypass, access control, permission check, JWT verification, token validation, decorator, middleware auth, privilege escalation, permission_classes, SAML, OpenID

Use when auditing Python code involving pickle/unpickle, yaml.load, torch.load, joblib.load, shelve, marshal, custom JSON object_hook with importlib, or ZeroMQ recv_pyobj. Covers CWE-502. Keywords: deserialization, pickle, unpickle, yaml.load, torch.load, joblib, shelve, marshal, __reduce__, cloudpickle, dill, safetensors, weights_only, picklescan

Use when auditing Python code involving command execution (subprocess, os.system, os.popen), SQL queries (cursor.execute, sqlalchemy.text, ORM .extra/.raw), eval/exec calls, template rendering (Jinja2, Mako SSTI), or expression evaluation. Covers CWE-77/78/89/94/95/917. Keywords: command injection, SQL injection, code injection, eval, exec, template injection, expression language injection, Hydra instantiate, allow_dangerous_code

Use when auditing Python code involving file path operations (os.path.join, pathlib), file upload/download, archive extraction (tarfile, zipfile), or file inclusion. Covers CWE-22/23. Keywords: path traversal, directory traversal, zip slip, file upload, file download, extractall, Content-Disposition, secure_filename, session file, symlink, os.path.join absolute path override

Use when auditing Python code involving HTTP client calls (requests, httpx, urllib, aiohttp), webhook endpoints, proxy forwarding, file/model downloads, or SVG/XML external resource loading. Covers CWE-918. Keywords: SSRF, server-side request forgery, requests.get, urllib, httpx, aiohttp, webhook, proxy, redirect, url fetch, file download, gethostbyname, is_private_url, DNS rebinding, cloud metadata

Use when auditing Python web applications involving HTML rendering, template engines (Jinja2, Mako, Django templates), Markdown parsing, DataFrame-to-HTML conversion, or frontend innerHTML assignments. Covers CWE-79. Keywords: XSS, cross-site scripting, HTML injection, mark_safe, |safe, autoescape, bleach, escape, innerHTML, decode_contents, self.write, to_html, format_html