Skill

server-side

Tests server-side vulnerabilities: SSRF, HTTP request smuggling, path traversal, file upload, insecure deserialization, host header injection. Use for web app security audits.

Java

Php

npx claudepluginhub transilienceai/communitytools

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.

Supporting Assets

reference/file-upload-cheat-sheet.mdreference/file-upload-quickstart.mdreference/file-upload-resources.mdreference/http-host-header-cheat-sheet.mdreference/http-host-header-quickstart.mdreference/http-host-header-resources.mdreference/http-request-smuggling-advanced.mdreference/http-request-smuggling-cheat-sheet.mdreference/http-request-smuggling-quickstart.mdreference/http-request-smuggling-resources.mdreference/http-request-smuggling.mdreference/insecure-deserialization-cheat-sheet.mdreference/insecure-deserialization-quickstart.mdreference/insecure-deserialization-resources.mdreference/path-traversal-cheat-sheet.mdreference/path-traversal-quickstart.mdreference/smuggling-authenticated.mdreference/ssrf-cheat-sheet.mdreference/ssrf-quickstart.md

SKILL.md

Similar Skills

pentest-ssrf

Guides SSRF penetration testing in web apps: identifies URL input risks, exploits internal/cloud metadata access, blind SSRF via OOB, bypasses like IP tricks/DNS rebinding, checklists, and impact evaluation.

1 file

vuln-skills

Vulnerability Patterns

Identifies common web vulnerability patterns like SQL injection, command injection, XSS, and OWASP Top 10 during whitebox pentesting and code reviews.

7 files

vuln-scout

top-web-vulnerabilities

36.4k

References 100 critical web vulnerabilities by category with definitions, root causes, impacts, and mitigations. Useful for web security audits, testing, and remediation planning.

antigravity-awesome-skills

Stats

Stars223

Forks44

Last CommitMar 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Server-Side

Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.

Techniques

Type	Key Vectors
SSRF	Internal service access, cloud metadata, protocol smuggling
HTTP Smuggling	CL.TE, TE.CL, TE.TE, CL.0, H2.CL, h2c, multi-layer proxy chains, connection pooling desync
Path Traversal	Directory traversal, null bytes, encoding bypass
File Upload	Extension bypass, content-type manipulation, polyglot files
Deserialization	Java, PHP, Python, .NET gadget chains
Host Header	Password reset poisoning, cache poisoning, routing-based SSRF

Workflow

Identify server-side processing points
Test for vulnerability class indicators
Bypass protections (WAF, allowlists, encoding filters)
Demonstrate impact (file read, RCE, internal access)
Capture evidence with PoC

Reference

reference/ssrf*.md - SSRF techniques and labs
reference/http-request-smuggling*.md - Smuggling techniques
reference/path-traversal*.md - Path traversal bypass methods
reference/file-upload*.md - File upload exploitation
reference/insecure-deserialization*.md - Deserialization attacks
reference/http-host-header*.md - Host header injection