Does this skill support DOM-based XSS detection?

Yes, the skill specifically targets DOM-based XSS by identifying dangerous JavaScript sinks like innerHTML and user-controllable sources like location.hash.

Does it provide remediation advice?

Yes, every vulnerability assessment includes recommendations for fixing the flaws, such as proper output encoding and secure CSP configurations.

Are there ethical guardrails included?

Absolutely. The skill emphasizes legal authorization, operational boundaries to prevent system damage, and the ethical handling of captured session data.

Can it help bypass Content Security Policies (CSP)?

It includes a variety of bypass techniques, including tag variations and JavaScript obfuscation, specifically designed to test the limits of CSP configurations.

What types of injection does this cover?

It covers Stored XSS, Reflected XSS, DOM-based XSS, and various forms of HTML injection including form hijacking and CSS-based data exfiltration.

XSS & HTML Injection Testing

Name: XSS & HTML Injection Testing
Author: zebbern

byzebbern

•

2,883

セキュリティとテスト

Conducts comprehensive security audits to identify, exploit, and remediate client-side injection vulnerabilities in web applications.

概要

This skill empowers Claude to perform advanced penetration testing for Cross-Site Scripting (XSS) and HTML injection flaws across stored, reflected, and DOM-based attack vectors. It provides a systematic framework for mapping input reflection points, crafting sophisticated payloads for session hijacking, and implementing filter bypass techniques to challenge Content Security Policies (CSP). Ideal for security researchers and developers, it transforms Claude into a security assistant capable of demonstrating real-world impact through proof-of-concept exploits while providing actionable remediation guidance for input sanitization and output encoding.

主な機能

2,883 GitHub stars
Advanced bypass techniques for encoding, filters, and Content Security Policies
Sophisticated payload generation for Stored, Reflected, and DOM-based XSS
Detailed vulnerability reporting with severity assessments and remediation steps
Proof-of-concept demonstrations for cookie theft and session hijacking
Automated identification of vulnerable JavaScript sinks and input reflection points

ユースケース

Validating the robustness of input sanitization and output encoding mechanisms
Performing security penetration tests on web applications prior to production release
Auditing third-party web components for client-side injection vulnerabilities

概要

主な機能

2,883 GitHub stars
Advanced bypass techniques for encoding, filters, and Content Security Policies
Sophisticated payload generation for Stored, Reflected, and DOM-based XSS
Detailed vulnerability reporting with severity assessments and remediation steps
Proof-of-concept demonstrations for cookie theft and session hijacking
Automated identification of vulnerable JavaScript sinks and input reflection points

ユースケース

Validating the robustness of input sanitization and output encoding mechanisms
Performing security penetration tests on web applications prior to production release
Auditing third-party web components for client-side injection vulnerabilities