Security & Testing Claude 스킬

Shodan Reconnaissance & Pentesting

Conducts automated network reconnaissance and vulnerability discovery using the Shodan search engine, CLI, and REST API.

Critical Thinking & Self-Skepticism

Enforces a rigorous, self-skeptical development mindset focused on technical accuracy and red-teaming assumptions.

API Security & Bug Bounty Fuzzing

Conducts comprehensive security assessments and fuzzing on REST, SOAP, and GraphQL APIs to identify vulnerabilities like IDOR, SQL injection, and authentication bypasses.

Linux Privilege Escalation

Identifies and exploits Linux system misconfigurations to elevate user privileges to root-level access.

Anti-Reversing & Software Protection Analysis

Identifies and bypasses anti-debugging, obfuscation, and software protection mechanisms during authorized security analysis and malware research.

Security Scanning Tools

Conducts comprehensive security audits and vulnerability assessments using industry-standard tools for networks, web apps, and cloud infrastructure.

Verification Before Completion

Enforces rigorous evidence-based verification before any code task is marked as complete or committed.

Linux Privilege Escalation

Conducts systematic security assessments to identify and exploit privilege escalation vectors on Linux systems.

AWS Penetration Testing & Security Audit

Conducts comprehensive security assessments and penetration testing across Amazon Web Services environments to identify vulnerabilities and privilege escalation paths.

Infrastructure Integration Test Generator

Automates the creation of Java-based database integration tests for infrastructure layers using Maven Failsafe.

XSS & HTML Injection Security Testing

Identifies and exploits Cross-Site Scripting (XSS) and HTML injection vulnerabilities using advanced detection and bypass techniques.

Pentest Commands Reference

Provides a comprehensive command library for penetration testing tools including Nmap, Metasploit, and SQLMap.

XSS & HTML Injection Security Testing

Performs comprehensive security assessments to detect, exploit, and remediate Cross-Site Scripting (XSS) and HTML injection vulnerabilities in web applications.

SQL Injection Security Testing

Performs comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

Red Team Tactics & Adversary Simulation

Implements structured adversary simulation principles and security audit workflows based on the MITRE ATT&CK framework.

SSH Penetration Testing

Conducts end-to-end SSH security audits, from initial service discovery and credential testing to advanced tunneling and post-exploitation analysis.

Web App Testing Toolkit

Automates and tests local web applications using Playwright to verify functionality, debug UI behavior, and capture browser logs.

TRIZ Beforehand Cushioning

Implements proactive safety measures and emergency fail-safes to mitigate high-risk system failures.

TDD Workflow

Implements a rigorous Test-Driven Development cycle to ensure code quality and reliability through the Red-Green-Refactor pattern.

FMEA Risk Analysis

Systematically identifies potential failure modes and prioritizes preventive actions using quantitative Risk Priority Numbers (RPN).

Security Patterns & PR Review

Performs automated security audits and PR reviews using advanced detection heuristics for vulnerabilities like SQLi, XSS, and hardcoded secrets.

Systematic Debugging

Enforces a rigorous four-phase protocol to identify root causes and implement verified fixes for complex software bugs.

Red Team Tactics

Guides adversary simulation and security posture validation using the MITRE ATT&CK framework.

Network Services & Pen-Test Lab Setup

Configures and tests network services like HTTP, HTTPS, SNMP, and SMB for security research and penetration testing environments.

SSH Penetration Testing

Conducts comprehensive SSH security assessments including enumeration, credential attacks, and vulnerability exploitation for hardened network environments.

Testing Patterns & TDD Workflow

Implements standardized Jest testing patterns, factory functions, and TDD workflows for maintainable React and React Native applications.

Security Scanning Tools

Automates and guides security vulnerability assessments, network discovery, and compliance auditing using industry-standard tools.

SQL Injection Testing

Performs comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws.

Testing Patterns & TDD Utilities

Implements robust Jest testing patterns, factory functions, and TDD workflows to ensure high-quality, maintainable codebases.

SaaS Testing Toolkit

Automates the writing, execution, and analysis of unit, integration, and end-to-end tests for modern SaaS applications.