Does it support both Windows and Linux servers?

Yes, it includes specific methodologies and sensitive file paths for both Linux (/etc/passwd) and Windows (win.ini) environments.

Can this skill help escalate LFI to RCE?

Yes, it provides advanced techniques such as log poisoning, proc/self/environ injection, and PHP wrapper exploitation to achieve remote code execution.

Does it provide remediation advice?

Absolutely. The skill includes secure coding patterns like path canonicalization, whitelisting, and using built-in functions to strip directory information safely.

What is the primary goal of this skill?

This skill aims to identify and remediate vulnerabilities that allow attackers to access files outside of the intended web root directory.

File Path Traversal Security Testing

Name: File Path Traversal Security Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

보안 및 테스팅

Performs comprehensive security audits to identify, exploit, and mitigate file path traversal and Local File Inclusion (LFI) vulnerabilities.

This skill provides a structured, expert-level methodology for security researchers and developers to test web applications for directory traversal risks. It guides Claude through the entire vulnerability lifecycle: from mapping high-risk parameters and testing basic payloads to executing advanced bypasses for filters and encoding. It covers both Linux and Windows filesystems, provides commands for automated tools like Burp Suite and ffuf, and offers specific remediation code to secure applications against unauthorized file access.

주요 기능

010 GitHub stars

02Automated testing workflows for Burp Suite, ffuf, and wfuzz

03Advanced bypass techniques for WAFs and input filters

04Comprehensive payload library for Linux and Windows systems

05Secure coding templates for PHP, Python, and Node.js

06LFI-to-RCE escalation strategies including log poisoning

사용 사례

01Auditing legacy codebases for insecure filesystem API usage

02Conducting professional penetration tests on web application file handlers

03Generating security reports with actionable remediation steps for developers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill