dast-ffuf

Description

Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering capabilities. Supports multiple fuzzing modes (clusterbomb, pitchfork, sniper) and recursive scanning. Use when: (1) Discovering hidden directories, files, and endpoints on web applications, (2) Fuzzing GET and POST parameters to identify injection vulnerabilities, (3) Enumerating virtual hosts and subdomains, (4) Testing authentication endpoints with credential fuzzing, (5) Finding backup files and sensitive data exposures, (6) Performing comprehensive web application reconnaissance.

Install

Add the repository(one-time)

/plugin marketplace add AgentSecOps/SecOpsAgentKit

Install the plugin

/plugin install appsec-skills@agent-sec-ops-kit-skills

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

View in Repository

assets/ci-config-template.yml

assets/rule-template.yaml

references/EXAMPLE.md

references/WORKFLOW_CHECKLIST.md

Links

GitHub Stats

0 forks

Similar Skills

backtesting-frameworks

Build robust backtesting systems for trading strategies with proper handling of look-ahead bias, survivorship bias, and transaction costs. Use when developing trading algorithms, validating strategies, or building backtesting infrastructure.

quantitative-trading

23.7k

risk-metrics-calculation

Calculate portfolio risk metrics including VaR, CVaR, Sharpe, Sortino, and drawdown analysis. Use when measuring portfolio risk, implementing risk limits, or building risk monitoring systems.

quantitative-trading

23.7k

auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

developer-essentials

23.7k