Skill

injection

Tests for injection vulnerabilities including SQL, NoSQL, OS command, SSTI, XXE, and LDAP/XPath across input vectors. Guides detection, exploitation, escalation, and PoC for security audits.

security

testing

npx claudepluginhub transilienceai/communitytools

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Test for injection vulnerabilities across all input vectors. Covers SQL, NoSQL, Command, SSTI, XXE, and LDAP injection.

Supporting Assets

reference/nosql-injection-advanced.mdreference/nosql-injection-cheat-sheet.mdreference/nosql-injection-quickstart.mdreference/nosql-injection-resources.mdreference/os-command-injection-cheat-sheet.mdreference/os-command-injection-quickstart.mdreference/sql-injection-advanced.mdreference/sql-injection-quickstart.mdreference/sql-injection.mdreference/ssti-advanced.mdreference/ssti-cheat-sheet.mdreference/ssti-quickstart.mdreference/ssti-resources.mdreference/xxe-cheat-sheet.mdreference/xxe-quickstart.md

SKILL.md

Similar Skills

sql-injection-testing

36.4k

Assesses SQL injection vulnerabilities in web apps via error-based, boolean-blind, and time-based tests using SQLMap, Burp Suite, and manual payloads to validate input sanitization.

antigravity-awesome-skills

exploiting-api-injection-vulnerabilities

5.9k

Tests APIs for SQL, NoSQL, command, LDAP injection, and SSRF via inputs. Crafts payloads targeting databases and backends for authorized pentesting.

3 files

cybersecurity-skills

Vulnerability Patterns

Identifies common web vulnerability patterns like SQL injection, command injection, XSS, and OWASP Top 10 during whitebox pentesting and code reviews.

7 files

vuln-scout

Stats

Stars223

Forks44

Last CommitMar 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Injection

Test for injection vulnerabilities across all input vectors. Covers SQL, NoSQL, Command, SSTI, XXE, and LDAP injection.

Techniques

Type	Key Vectors
SQL Injection	In-band (union, error), Blind (boolean, time), Out-of-band
NoSQL Injection	Operator injection, JavaScript injection, aggregation pipeline
Command Injection	OS command separators, blind techniques, out-of-band
SSTI	Template engine detection, sandbox escape, RCE chains
XXE	Entity expansion, SSRF via XXE, blind XXE, parameter entities
LDAP/XPath	Filter manipulation, authentication bypass

Workflow

Identify injection points (parameters, headers, cookies, JSON fields)
Detect injection type with minimal probes
Exploit with context-appropriate payloads
Escalate (data extraction, RCE, file read)
Capture evidence and write PoC

Reference

reference/sql-injection*.md - SQL injection techniques
reference/nosql-injection*.md - NoSQL injection techniques
reference/os-command-injection*.md - OS command injection
reference/ssti*.md - Server-side template injection
reference/xxe*.md - XML external entity injection