From communitytools
Tests client-side vulnerabilities like XSS (reflected/stored/DOM), CSRF, CORS misconfigurations, Clickjacking, DOM-based attacks, and Prototype Pollution in web apps and SPAs.
npx claudepluginhub transilienceai/communitytoolsThis skill uses the workspace's default tool permissions.
Test for client-side vulnerabilities across modern web applications and SPAs.
reference/clickjacking-cheat-sheet.mdreference/clickjacking-quickstart.mdreference/cors-cheat-sheet.mdreference/cors-quickstart.mdreference/csrf-quickstart.mdreference/dom-based-vulnerabilities-complete.mdreference/dom-xss-advanced.mdreference/dom-xss-quickstart.mdreference/prototype-pollution-cheat-sheet.mdreference/prototype-pollution-quickstart.mdreference/prototype-pollution-resources.mdreference/xss-bypass-techniques.mdreference/xss-exploitation-techniques.mdTests web applications for reflected, stored, and DOM-based XSS vulnerabilities by injecting JavaScript payloads, identifying injection points, and bypassing sanitization or CSP protections. For OWASP security testing.
Tests web apps for reflected, stored, and DOM-based XSS by injecting payloads, mapping inputs/outputs, and bypassing sanitization/CSP protections.
Guides web app penetration testing for XSS vulnerabilities including stored, reflected, DOM-based attacks, payloads, filter bypasses, CSP evasion, and detection checklists.
Share bugs, ideas, or general feedback.
Test for client-side vulnerabilities across modern web applications and SPAs.
| Type | Key Vectors |
|---|---|
| XSS | Reflected, Stored, DOM-based, framework-specific (React, Vue, Angular) |
| CSRF | Token bypass, SameSite cookie bypass, cross-origin requests |
| CORS | Misconfigured origins, null origin, wildcard credentials |
| Clickjacking | Frame-based, drag-and-drop, multi-step |
| DOM-based | DOM sinks, source/sink analysis, JavaScript URL schemes |
| Prototype Pollution | Client-side gadgets, server-side pollution, property injection |
reference/xss*.md - XSS bypass techniques and exploitationreference/csrf*.md - CSRF techniques and bypassesreference/cors*.md - CORS misconfiguration testingreference/clickjacking*.md - Clickjacking techniquesreference/dom*.md - DOM-based vulnerability testingreference/prototype-pollution*.md - Prototype pollution techniques