Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.
Scans web applications for OWASP Top 10 vulnerabilities and generates compliance reports.
npx claudepluginhub a5c-ai/babysitterThis skill is limited to using the following tools:
README.mdYou are owasp-security-scanner - a specialized skill for automated OWASP Top 10 vulnerability detection and assessment. This skill provides comprehensive capabilities for identifying web application security vulnerabilities based on OWASP guidelines.
This skill enables AI-powered OWASP security scanning including:
Quick passive scan for common vulnerabilities:
# Docker-based baseline scan
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
-t https://target.example.com \
-J baseline-report.json
# With configuration file
docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
-t https://target.example.com \
-c zap-baseline.conf \
-J baseline-report.json
# Include AJAX spider for JavaScript-heavy apps
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
-t https://target.example.com \
-j \
-J baseline-report.json
Comprehensive active scanning:
# Full scan (includes active scanning)
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \
-t https://target.example.com \
-J full-scan-report.json
# Full scan with longer timeout
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \
-t https://target.example.com \
-m 60 \
-J full-scan-report.json
# Scan with custom policy
docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \
-t https://target.example.com \
-z "-config scanner.strength=INSANE" \
-J full-scan-report.json
For REST/GraphQL API testing:
# Scan with OpenAPI spec
docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \
-t openapi.yaml \
-f openapi \
-J api-scan-report.json
# Scan with GraphQL schema
docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \
-t https://api.example.com/graphql \
-f graphql \
-J graphql-scan-report.json
# API scan with auth header
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \
-t https://api.example.com/openapi.json \
-f openapi \
-z "-config replacer.full_list(0).description=auth \
-config replacer.full_list(0).enabled=true \
-config replacer.full_list(0).matchtype=REQ_HEADER \
-config replacer.full_list(0).matchstr=Authorization \
-config replacer.full_list(0).replacement='Bearer TOKEN'" \
-J api-scan-report.json
# Form-based authentication
docker run -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \
-t https://target.example.com \
-z "-config authentication.method=formBasedAuthentication \
-config authentication.loginUrl=https://target.example.com/login \
-config authentication.username=testuser \
-config authentication.password=testpass" \
-J auth-scan-report.json
# Session token authentication
# Create context file first
docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \
-t https://target.example.com \
-n context.context \
-J auth-scan-report.json
# ZAP rules for access control testing
# Active scan policy focusing on access control
zap-cli active-scan \
--scanpolicyname "access-control" \
--recurse \
https://target.example.com
# Manual testing for IDOR
# Test parameter manipulation
curl -H "Authorization: Bearer $TOKEN" \
"https://api.example.com/users/123" # Should only access own user
curl -H "Authorization: Bearer $TOKEN" \
"https://api.example.com/users/456" # Test IDOR
# SSL/TLS analysis with testssl.sh
docker run -it drwetter/testssl.sh https://target.example.com
# Check for weak ciphers
nmap --script ssl-enum-ciphers -p 443 target.example.com
# ZAP passive rules detect:
# - Missing HSTS
# - Weak SSL/TLS
# - Mixed content
# - Insecure cookies
# ZAP includes comprehensive injection testing:
# - SQL Injection
# - XSS (Reflected, Stored, DOM-based)
# - LDAP Injection
# - OS Command Injection
# - XML Injection
# SQLMap for advanced SQL injection
sqlmap -u "https://target.example.com/search?q=test" --batch --forms
Design-level security review checklist:
# ZAP detects:
# - Default credentials
# - Unnecessary features enabled
# - Error handling exposing info
# - Missing security headers
# Additional header checks
curl -I https://target.example.com | grep -i "x-frame-options\|content-security-policy\|x-content-type-options"
# Retire.js for JavaScript libraries
retire --js --path ./public/js --outputformat json
# ZAP includes vulnerable library detection
# Also use dependency-scanner skill for comprehensive SCA
ZAP authentication testing includes:
Checks for:
Review:
# ZAP SSRF detection through active scanning
# Manual testing
curl "https://target.example.com/fetch?url=http://169.254.169.254/latest/meta-data/"
{
"@version": "2.14.0",
"@generated": "2026-01-24T10:00:00Z",
"site": [{
"@name": "https://target.example.com",
"alerts": [{
"pluginid": "10021",
"alertRef": "10021",
"alert": "X-Content-Type-Options Header Missing",
"name": "X-Content-Type-Options Header Missing",
"riskcode": "1",
"confidence": "2",
"riskdesc": "Low (Medium)",
"cweid": "693",
"wascid": "15",
"description": "The Anti-MIME-Sniffing header...",
"solution": "Ensure that the application sets the Content-Type header appropriately...",
"reference": "https://owasp.org/...",
"instances": [{
"uri": "https://target.example.com/",
"method": "GET",
"param": "X-Content-Type-Options"
}]
}]
}]
}
# Generate HTML report
docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \
-t https://target.example.com \
-r owasp-report.html
This skill can leverage the following MCP servers:
| Server | Description | Installation |
|---|---|---|
| ZAP-MCP | AI-powered OWASP ZAP integration | GitHub |
| mcp-zap-server | Spring Boot ZAP MCP server | GitHub |
| pentestMCP | 20+ tools including ZAP | GitHub |
# zap-baseline.conf
# Format: rule_id action parameter
10021 WARN # X-Content-Type-Options
10038 WARN # CSP Header Missing
10098 WARN # Cross-Domain Misconfiguration
40012 FAIL # Cross Site Scripting (Reflected)
40014 FAIL # Cross Site Scripting (Persistent)
40018 FAIL # SQL Injection
# GitHub Actions example
name: OWASP Security Scan
on: [push, pull_request]
jobs:
zap-scan:
runs-on: ubuntu-latest
steps:
- name: ZAP Baseline Scan
uses: zaproxy/action-baseline@v0.10.0
with:
target: 'https://staging.example.com'
rules_file_name: '.zap-rules.tsv'
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: zap-report
path: report_html.html
This skill integrates with the following processes:
dast-scanning.js - Dynamic security testing pipelinepenetration-testing.js - Comprehensive pen testingsecurity-assessment.js - Security assessment workflowdevsecops-pipeline.js - DevSecOps automationWhen executing operations, provide structured output:
{
"operation": "owasp-scan",
"scan_type": "full",
"status": "completed",
"target": "https://target.example.com",
"scan_duration_seconds": 1845,
"summary": {
"total_alerts": 45,
"by_risk": {
"high": 3,
"medium": 12,
"low": 18,
"informational": 12
},
"owasp_coverage": {
"A01_Broken_Access_Control": 2,
"A02_Cryptographic_Failures": 1,
"A03_Injection": 5,
"A05_Security_Misconfiguration": 8,
"A06_Vulnerable_Components": 3,
"A07_Auth_Failures": 2
}
},
"high_priority_findings": [
{
"name": "SQL Injection",
"risk": "high",
"owasp": "A03:2021",
"cwe": "CWE-89",
"url": "https://target.example.com/search",
"parameter": "query",
"evidence": "Error message: SQL syntax error"
}
],
"artifacts": ["full-scan-report.json", "owasp-report.html"]
}
| Error | Cause | Resolution |
|---|---|---|
Connection refused | Target not reachable | Verify target URL and network |
Authentication failed | Invalid credentials | Check auth configuration |
Scan timeout | Large application | Increase timeout or scope |
Rate limited | Too aggressive | Adjust scan speed settings |
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.