What is file path traversal testing?

It is a security testing process used to determine if an application allows users to access files and directories outside of the intended web root by manipulating file path inputs.

What tools are recommended to use alongside this skill?

The skill suggests utilizing professional security tools such as Burp Suite, OWASP ZAP, cURL, and fuzzers like ffuf or wfuzz for automated testing.

Does this skill cover Remote Code Execution (RCE)?

Yes, it includes advanced phases for escalating a file traversal vulnerability to RCE through methods like log poisoning and PHP wrapper exploitation.

Can I use this for both Linux and Windows servers?

Yes, the skill includes specialized methodologies and target file locations for both Linux (/etc/passwd) and Windows (win.ini) operating systems.

How does this skill help developers prevent attacks?

It provides specific secure coding remediation techniques, such as using basename() and path canonicalization, to ensure user input cannot be used to escape designated directories.

File Path Traversal Testing

Name: File Path Traversal Testing
Author: sickn33

bysickn33

•

1,991

•

Seguridad y Pruebas

Identifies and tests for directory traversal vulnerabilities to prevent unauthorized access to sensitive server-side files.

This skill provides a comprehensive methodology for security researchers and developers to detect, exploit, and remediate file path traversal vulnerabilities. It equips Claude with advanced techniques to bypass common filters using URL encoding, null bytes, and path truncation, while providing platform-specific target file paths for both Linux and Windows environments. By following the structured workflow, users can assess data exposure risks and implement secure coding practices such as path canonicalization and input whitelisting.

Características Principales

01Identification of vulnerable file-handling parameters and endpoints

02Comprehensive target file lists for Linux and Windows system discovery

031,991 GitHub stars

04Strategies for escalating Local File Inclusion (LFI) to Remote Code Execution (RCE)

05Remediation guidance with secure coding examples in PHP and Python

06Advanced bypass techniques for filters, blacklists, and extension validation

Casos de Uso

01Hardening application backends against arbitrary file read and information disclosure

02Testing Web Application Firewall (WAF) effectiveness against traversal encoding

03Conducting security audits on web applications that handle dynamic file paths

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sickn33/antigravity-awesome-skills file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill