Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From dasel
Provides Dasel v3 query patterns for Tomcat web.xml files to enumerate servlets, analyze filter chains, list listeners, extract context parameters, and inspect init-params.
How this skill is triggered — by the user, by Claude, or both
Slash command
/dasel:enterprise-tomcat-webThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
<when_to_use>
<when_to_use>
Load this skill when querying a web.xml deployment descriptor — enumerating servlets, inspecting filter chains, listing listeners, extracting context parameters, or finding servlets by init-param value.
</when_to_use>
Domain skill for querying Tomcat web.xml files using dasel v3. Always use -i xml explicitly. XML attributes use - prefix in dasel friendly mode.
# All servlet names
dasel -f web.xml -i xml 'web-app.servlet.map(servlet-name)'
# Count servlet definitions
dasel -f web.xml -i xml 'len(web-app.servlet)'
# Find filters by class pattern (e.g., Security filters)
dasel -f web.xml -i xml 'web-app.filter.filter(filter-class ~ ".*Security.*")'
Replace Security with any class name fragment.
# Count listener definitions
dasel -f web.xml -i xml 'len(web-app.listener)'
# All context-param names
dasel -f web.xml -i xml 'web-app.context-param.map(param-name)'
# Find servlets with a specific init-param name — filters parent collection by testing child length > 0
dasel -f web.xml -i xml 'web-app.servlet.filter(init-param.filter(param-name == "debug").len($this) > 0).map(servlet-name)'
Replace "debug" with the target param-name value.
All selectors require the full command prefix: dasel -f web.xml -i xml '<selector>'
npx claudepluginhub jamie-bitflight/claude_skills --plugin daselProvides Dasel v3 selectors to query Spring bean factory XML for bean discovery, dependency wiring, JMS destination mapping, property injection extraction, and cross-bean reference tracing.
Guides XML External Entity injection testing: classic XXE, blind XXE (OOB), XXE via file upload (SVG/docx), SOAP/REST XXE, error-based XXE, XInclude, and filter bypass. For authorized web app security assessments or bug bounty.
Hunts XXE vulnerabilities across XML endpoints using bug bounty techniques: SVG/DOCX file upload, SOAP, SAML, OOB DTD, SSRF, LFI, and RCE chains.