Can it test private APIs?

It can target specific API endpoints to identify security flaws like authentication bypass or authorization issues when provided with the correct endpoint access.

Does it cover the OWASP Top 10?

Yes, the skill is specifically designed to scan for major web vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).

Is this tool safe to use on live environments?

While the skill facilitates security testing, you should always ensure you have explicit authorization and a defined scope before testing live systems to avoid unintended consequences.

What kind of reports does it generate?

It provides detailed summaries of identified security flaws, their associated risk levels, and specific remediation recommendations to help developers fix the issues.

Web Penetration Tester

Name: Web Penetration Tester
Author: jeremylongshore

byjeremylongshore

•

884

•

セキュリティとテスト

Automates web application security audits and penetration tests to identify OWASP Top 10 vulnerabilities and suggest remediation steps.

This skill empowers developers and security researchers to conduct automated security assessments of web applications and APIs directly within their workflow. By leveraging specialized penetration testing logic, it scans for critical risks like SQL injection and XSS, provides exploitation patterns for proof-of-concept, and generates comprehensive reports detailing security flaws with actionable remediation advice to improve overall security posture.

主な機能

01Detailed security reporting with risk ratings and remediation steps

02884 GitHub stars

03Guided exploitation techniques for vulnerability validation

04Automated vulnerability scanning for web applications and APIs

05Detection of OWASP Top 10 threats including SQLi, XSS, and CSRF

06Targeted endpoint analysis for authentication and authorization flaws

ユースケース

01Identifying authorization and authentication flaws in REST API endpoints

02Generating professional penetration test reports for compliance and stakeholders

03Performing a comprehensive security audit of a production domain

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills skill-adapter

For use in Claude.ai and ChatGPT

Download Skill