From communitytools
Tests web apps for business logic flaws, race conditions, access control bypasses, cache poisoning/deception, and info disclosure missed by automated scanners.
npx claudepluginhub transilienceai/communitytoolsThis skill uses the workspace's default tool permissions.
Test for logic flaws and application-specific vulnerabilities that automated scanners miss.
reference/access-control-advanced.mdreference/access-control-cheat-sheet.mdreference/access-control-index.mdreference/access-control-quickstart.mdreference/access-control-resources.mdreference/business-logic-cheat-sheet.mdreference/business-logic-quickstart.mdreference/business-logic-resources.mdreference/information-disclosure-cheat-sheet.mdreference/information-disclosure-resources.mdreference/race-conditions-cheat-sheet.mdreference/race-conditions-quickstart.mdreference/race-conditions-resources.mdreference/web-cache-deception-cheat-sheet.mdreference/web-cache-deception-quickstart.mdreference/web-cache-deception-resources.mdreference/web-cache-poisoning-cheat-sheet.mdreference/web-cache-poisoning-quickstart.mdreference/web-cache-poisoning-resources.mdGuides penetration testing for business logic flaws like price tampering and workflow bypass, race conditions, and DoS attacks including ReDoS and resource exhaustion in web apps.
Performs OWASP WSTG penetration tests on web apps using Burp Suite proxy and manual techniques to uncover vulnerabilities in auth, sessions, input validation, and business logic.
Identifies business logic flaws in web apps allowing price manipulation, workflow bypass, and privilege escalation during authorized penetration tests beyond automated scanners.
Share bugs, ideas, or general feedback.
Test for logic flaws and application-specific vulnerabilities that automated scanners miss.
| Type | Key Vectors |
|---|---|
| Business Logic | Workflow bypass, price manipulation, feature abuse |
| Race Conditions | TOCTOU, limit bypass, double-spend, parallel requests |
| Access Control | IDOR, horizontal/vertical privilege escalation, forced browsing |
| Cache Poisoning | Unkeyed headers/parameters, fat GET, response splitting |
| Cache Deception | Path confusion, static extension tricks, normalization |
| Info Disclosure | Error messages, debug endpoints, source code, metadata |
reference/business-logic*.md - Business logic testing techniquesreference/race-conditions*.md - Race condition exploitationreference/access-control*.md - Access control bypass methodsreference/web-cache-poisoning*.md - Cache poisoning techniquesreference/web-cache-deception*.md - Cache deception attacksreference/information-disclosure*.md - Information disclosure testing