From appsec
This skill should be used when the user asks to "analyze vulnerabilities", "find security weaknesses", "map CWEs", "run vulnerability analysis", or is running PASTA stage 5. Also triggers when the user asks about SAST, DAST, dependency scanning, or CWE mapping in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 5 of 7).
npx claudepluginhub florianbuetow/claude-code --plugin appsecThis skill uses the workspace's default tool permissions.
Identify specific weaknesses in code and configuration that could be exploited by
Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.
Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.
Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.
Identify specific weaknesses in code and configuration that could be exploited by Stage 4 threats. This is the core code analysis stage of PASTA. Map each finding to CWE identifiers and correlate with the threat catalog.
Read ../../shared/schemas/flags.md for the full flag specification. Key behaviors:
| Flag | Stage 5 Behavior |
|---|---|
--scope | Default changed. Analyzes source code, configs, and infrastructure files. |
--depth quick | Scanners + grep patterns only, no manual code review. |
--depth standard | Full code read, local data-flow analysis, CWE mapping. |
--depth deep | Standard + cross-file taint analysis, entry-to-sink tracing, dependency CVE scan. |
--depth expert | Deep + exploitability scoring, proof-of-concept path assessment. |
--severity | Filter output by severity. |
--fix | Generate fix suggestions for each vulnerability found. |
Read ../../shared/frameworks/pasta.md, Stage 5 section. PASTA is SEQUENTIAL.
Stage 5 consumes Stages 1-4 output and feeds Stage 6.
Required: Stage 4 output -- threat catalog with MITRE ATT&CK mappings and threat-to-component mapping. Also needs: entry points (Stage 2), components and trust boundaries (Stage 3), business-critical assets (Stage 1). If unavailable, warn and assume.
Parse --scope flag (default: changed). Filter to code and config file types.
Prioritize files in components targeted by Stage 4 threats.
| Scanner | Detect | Coverage |
|---|---|---|
| semgrep | which semgrep | Injection, auth, crypto, SSRF, XSS |
| bandit | which bandit | Python: injection, crypto, subprocess |
| gosec | which gosec | Go: injection, crypto, file handling |
| brakeman | which brakeman | Rails: injection, XSS, mass assignment |
| npm audit | which npm | Node.js dependency vulnerabilities |
| trivy | which trivy | Container and dependency vulnerabilities |
| gitleaks | which gitleaks | Secrets and credentials in code |
Run available scanners, normalize output to ../../shared/schemas/findings.md.
Map each vulnerability to Stage 4 threat(s) it enables: which actor exploits it, which ATT&CK technique it supports, which business asset it endangers.
Evaluate: attack complexity, prerequisite access, mitigating controls, and chaining potential with other vulnerabilities.
Stage 5 produces a Vulnerability Inventory with CWE Mappings. ID prefix: PASTA (e.g., PASTA-001).
Each finding includes: id, title, severity, location (file, line, function, snippet), description, impact, fix, and references (CWE, MITRE ATT&CK, OWASP).
## PASTA Stage 5: Vulnerability Analysis
### Vulnerability Inventory
| ID | Vulnerability | CWE | Severity | Component | Enables Threat |
|----|--------------|-----|----------|-----------|---------------|
| PASTA-001 | SQL injection in search | CWE-89 | Critical | C-02 API | T-01 |
| PASTA-002 | Missing auth on export | CWE-862 | High | C-04 Admin | T-03 |
### Vulnerability-Threat Correlation
| Vulnerability | Threats Enabled | Complexity | Existing Controls |
|--------------|----------------|------------|-------------------|
| PASTA-001 | T-01, T-05 | Low | None |
### Scanner Coverage
| Scanner | Status | Findings |
|---------|--------|----------|
| semgrep | Available / Not found | N findings |
Findings follow ../../shared/schemas/findings.md with:
references.cwe: CWE identifier, references.mitre_attck: linked technique, references.owasp: OWASP categorymetadata.tool: "pasta-vulns", metadata.framework: "pasta", metadata.category: "Stage-5"Stage 6: Attack Simulation (pasta-attack-sim). Pass the Vulnerability
Inventory and threat correlations. Stage 6 constructs exploit chains and scores
each attack scenario by exploitability and impact.