Does it support both Windows and Linux systems?

Absolutely. The skill includes specific target files and traversal payloads tailored for both Linux (e.g., /etc/passwd) and Windows (e.g., win.ini) environments.

What is file path traversal testing?

It is a security testing methodology used to identify vulnerabilities that allow an attacker to read arbitrary files on a server by manipulating file paths in web requests.

How do I prevent directory traversal attacks?

Prevention includes using filesystem APIs that strip path information (like basename), validating input against strict whitelists, and canonicalizing paths before use.

Can this skill help escalate LFI to RCE?

Yes, it provides specific techniques for LFI to RCE escalation, including log poisoning, PHP wrapper exploitation, and proc/self/environ injection.

File Path Traversal Security Testing

Name: File Path Traversal Security Testing
Author: claudiodearaujo

byclaudiodearaujo

보안 및 테스팅

Conducts comprehensive security audits to identify and remediate directory traversal and Local File Inclusion (LFI) vulnerabilities.

소개

This skill equips Claude with a robust framework for identifying, testing, and exploiting file path traversal vulnerabilities in web applications. It provides detailed methodologies for mapping vulnerable parameters, executing advanced bypass techniques—such as URL encoding and null byte injection—and escalating Local File Inclusion (LFI) to Remote Code Execution (RCE). Ideal for security researchers and developers, it ensures thorough vulnerability assessments and provides actionable remediation guidance to secure filesystem APIs against unauthorized access to sensitive configuration files and credentials.

주요 기능

Step-by-step LFI to Remote Code Execution (RCE) escalation paths
Automated testing workflows for tools like Burp Suite, ffuf, and wfuzz
Secure coding recommendations and remediation strategies for developers
Extensive payload library for Linux and Windows filesystem traversal
Advanced bypass techniques for WAFs and input sanitization filters
0 GitHub stars

사용 사례

Identifying unauthorized access points to sensitive system configuration files
Performing penetration testing on web application file handling logic
Validating the effectiveness of input validation and path sanitization filters

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개